News
Microsoft Advocates Zero Trust Security for Hybrid Networks
Microsoft this week highlighted the general trend toward implementing "hybrid" networks, which is the combined use of cloud services plus on-premises software.
The work-from-home phenomenon, following the 2020 pandemic, accelerated the use of cloud services by organizations, Microsoft argued in a Wednesday announcement on hybrid networks. To address that change, organizations should adopt a "zero trust" security approach, Microsoft added in a Wednesday announcement on zero trust.
The author of the announcements, Vasu Jakkal, Microsoft's corporate vice president for security, compliance and identity, also suggested that "employees' home networks and devices are now part of the corporate network," which has security implications.
Microsoft's security teams currently track more than 40 nation-state attackers and more than 140 threat groups in 20 countries, Jakkal indicated. Phishing and firmware attacks have been increasing. There's "an average of 50 million password attacks every day." Last year, Microsoft blocked 30 billion e-mail threats, she added.
Organizations increasingly moved toward using cloud-based services in response to the pandemic, Microsoft found.
"In a recent survey of our Microsoft Intelligent Security Association (MISA) partners, 90 percent reported that customers have accelerated their move to the cloud due to the pandemic," Jakkal noted.
Most (91 percent) of those MISA partners also reported that there's a shortage of cybersecurity professionals to meet the current threat landscape.
One simple protection that organizations can implement is to turn on multifactor authentication (MFA), a secondary identity verification approach besides using a password. However, even though MFA is included for free with Azure or Microsoft 365 commercial subscriptions, just 18 percent of Microsoft's customers have turned it on, Jakkal noted.
While organizations may have turned on MFA to protect remote access sessions, MFA also "protects the entire network," she asserted.
The remote access trend makes implementing zero trust a "new business imperative" for organizations, Jakkal asserted. With zero trust, organizations "verify explicitly, grant least privileged access, and assume breach," she added.
Jakkal is scheduled to speak at the RSA Conference on May 18 as part of the RSA keynote presentation. She also recently chatted with Microsoft CEO Satya Nadella about zero trust in a video, available at this Microsoft page.
About the Author
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.