Once upon a time, in a land far, far away, we built a castle with solid walls and a single entrance if we wanted to protect an asset. We may well have enhanced the entrance with a drawbridge, a portcullis and killing boxes. However, once an individual was allowed inside our castle, they were trusted and could move freely. We originally built IT systems like this, and for on-premises Active Directory, we created walls through a combination of our building, network and domain/forest boundaries. As with the castle, once inside the perimeter, trust was assumed.
Today we need to reach out to partner organisations, cloud providers and allow our users to work from home. Our containing perimeter is gone, and we need to adopt a new stance: never trust, always verify (Zero Trust).
A Zero Trust strategy should provide us with stepping stones to work towards an ideal security posture. Microsoft has identified three critical principles for Zero Trust.
o A user's privileges within the ecosystem must never be greater than those required to perform a particular task.
o Continuously verify resource access based on user identity, environment, device health, and risk.
o Add defences to minimise the chances of a breach. Use analytics to get operational insights, detect threats and improve protection.
Microsoft Azure AD provides many technologies to help implement Zero Trust systems, but where do you start?
Step one is to make Azure AD your core identity platform for authenticating users to all your applications. Once you have consolidated your IAM with Azure AD, you can implement additional features and services and gradually step towards your Zero Trust goals.
Come to this one-day masterclass, and John Craddock will explain the issues, steps and technologies required to implement a Zero Trust strategy for your Azure AD / M365 environments. He will lead you on a journey that encompasses, hybrid-authentication, B2B, MFA, passwordless authentication, Role-Based Access Control, application management, conditional access, privilege identity management, endpoint management, identity protection, analytics and more. With demos along the way, it is defiantly a day for your diary!