Friday, November 22, 2019

Zero Trust Architecture and Office 365

If you are not thinking about leveraging Zero Trust principles when connecting to the Office 365 cloud, you should be.

The industry and customer shift from traditional on-premises application delivery to the cloud as well as the rapidly growing consumption of SaaS services has inverted network and security paradigms, shifting the focal point to the identity, device, application and data, and away from relying solely on traditional network perimeters, which are becoming less effective in reasoning and securing rich and complex application scenarios. Extending legacy network perimeter architectures into the cloud is becoming impractical, requiring customers to transform network and security architectures for the needs of the cloud.  Such transformation is captured in the Zero Trust Architecture models that are being adopted by the private industry (Implementing a Zero Trust security model at Microsoft) and DoD (The Road to Zero Trust (Security)).

Office 365 incorporates Zero Trust principles in its internal service design and operations as well as allows customers to natively achieve Zero Trust outcomes in consuming the service by taking advantage of built-in features which apply continuous validations across identity, device, service, and data layers.  This allows customers to achieve the same or better security outcomes with Office 365 natively, compared to security outcomes that are achievable with legacy network perimeter controls.  Implementing Zero Trust principles allow customers to modernize and in many cases simplify their network perimeter dependencies, particular for Office 365 application experiences and use a more differentiated and scaled-out connectivity approach. This shortens the network distance between the user and Office 365, reduces processing overhead at the enterprise network perimeter, thus improving user experience.

Highly recommend reading the following.
The Road to Zero Trust (Security)
Implementing a Zero Trust security model at Microsoft

No comments: