SlideShare a Scribd company logo
1 of 20
Download to read offline
How Zero Trust can
help your organization
keep safe
BATBern
11.11.2022
Agenda
Why Zero Trust?
Zero Trust Goal, Principles & Benefits
Zero Trust Components &
Architecture
Implementing Zero Trust
Experience of different customers
Why Zero Trust?
• 80% of breaches involve lost / stolen credentials
• More sophisticated and devastating attacks
Nowadays cyber criminals do not break in - they log in!
Zero Trust Overview
▪ Zero Trust assumes an open environment where the identity and security
posture of each access request must be continuously evaluated and validated;
▪ Access is granted through a Policy Decision Point and Policy Enforcement
Point and is minimized to resources which are validated as needing access;
▪ Context is important (→ data points on user behavior, device compliance,
location, time of day, target application or service, etc.);
▪ Zero Trust is a framework, culture and philosophy, not a technical solution;
▪ Implementing Zero Trust is a journey, not a destination.
Zero Trust Core Principles
Zero Trust Core Principles (opengroup.org)
What Business expects from Zero Trust Projects?
Better security, compliance, agility, efficiency, productivity and attractiveness as employer
• Business Models and partnerships
• Technology trends
• Regulatory, geopolitical, cultural forces
• Disruptive events
• Shift to remote work
Employee → supplier → partners
Zero Trust Components
The Open Group Zero Trust Initiative and The President’s Executive
Order on Improving the Nation’s Cybersecurity – The Open Group Blog
Enable flexible business workflows for the digitized world
Zero Trust Pillars
Identities Data
Network
Endpoints Apps Infrastructure
Governance
Threat Protection
Zero Trust Policy
Evaluation
Enforcement
Threat Protection
Continuous Assessment
Threat Intelligence
Forensics
Response Automation
Identities
Human
Non-human
Endpoints
Corporate
Personal
Public
Private
Network
Apps
SaaS
On-premises
Data
Emails & documents
Structured data
Strong
authentication
Device
compliance
Risk
assessment
Traffic filtering
& segmentation
Request
enhancement
Telemetry/analytics/assessment JIT & Version Control
Runtime
control
Adaptive
Access
Classify,
label,
encrypt
Policy Optimization
Governance
Compliance
Security Posture Assessment
Productivity Optimization
Infrastructure
Serverless
Containers
IaaS
Paas
Internal Sites
Zero Trust
Architecture
Where do Zero Trust Projects usually Start?
▪ Zero Trust is a journey across all security risk areas to be completed over time
▪ Organizations start the implementation in different places. They need to identify the individual
components of each security risk area to prioritize, usually the following ones:
Zero Trust components that are usually implemented first
How should Zero Trust Initiatives be Prioritized?
• Define criteria to ensure a clear and consistent prioritized approach
• Balance security, functionality, and usability
• Understand what is the most important for your organization (alignment with business goals)
Common prioritization criteria
Estimated Security Value (threat modelling, risk appetite of the organization)
Implementation effort
Available resources (staff, skilling, budget)
Number of users affected
Required licensing types and costs
Estimated productivity value and alignment with business mission
End-User impact (low, medium, high)
Legacy systems displacement (usually driven by cost reduction)
Microsoft Zero Trust Maturity Model
maturity model
Organizations who haven’t
started their Zero Trust journey
Organizations who have begun
their Zero Trust journey
Organizations have invested a lot of
efforts in the implementation of
Zero Trust concepts
Zero Trust Maturity Model Capabilities
Identities
• On-premises identity provider is in use
• No SSO is present between cloud and on-premises
apps
• Visibility into identity risk is very limited
• Cloud identity federates with on-premises system
• Conditional access policies gate access and provide
remediation actions
• Analytics improve visibility
• Passwordless authentication is enabled
• User, device, location, and behavior is analyzed in
real time to determine risk and deliver ongoing
protection
Devices
• Devices are domain joined and managed with
solutions like Group Policy Object or Config Manager
• Devices are required to be on network to access data
• Devices are registered with cloud identity provider
• Access only granted to cloud managed & compliant
devices
• DLP policies are enforced for BYO and corporate devices
• Endpoint threat detection is used to monitor device
risk
• Access control is gated on device risk for both
corporate and BYO devices
Apps
• On-premises apps are accessed through physical
networks or VPN
• Some critical cloud apps are accessible to users
• On-premises apps are internet-facing and cloud apps are
configured with SSO
• Cloud Shadow IT risk is assessed; critical apps are
monitored and controlled
• All apps are available using least privilege access
with continuous verification
• Dynamic control is in place for all apps with in-
session monitoring and response
Infrastructure
• Permissions are managed manually across
environments
• Configuration management of VMs and servers on
which workloads are running
• Workloads are monitored and alerted for abnormal
behavior
• Every workload is assigned app identity
• Human access to resources requires Just-In-Time
• Unauthorized deployments are blocked and alert is
triggered
• Granular visibility and access control are available
across all workloads
• User and resource access is segmented for each
workload
Network
• Few network security perimeters and flat open
network
• Minimal threat protection and static traffic filtering
• Internal traffic is not encrypted
• Many ingress/egress cloud micro-perimeters with some
micro-segmentation
• Cloud native filtering and protection for known threats
• User to app internal traffic is Encrypted
• Fully distributed ingress/egress cloud micro-
perimeters and deeper micro-segmentation
• ML-based threat protection and filtering with
context-based signals
• All traffic is encrypted
Data
• Access is governed by perimeter control, not data
sensitivity
• Sensitivity labels are applied manually, with
inconsistent data Classification
• Data is classified and labeled via regex/keyword methods
• Access decisions are governed by encryption
• Classification is augmented by smart machine
learning models
• Access decisions are governed by a cloud security
policy engine
• DLP policies secure sharing with encryption and
tracking
Traditional Advanced Optimal
Delivering with Objectives and Key Results (OKRs)
Three Essential Aspects
1. OKRs make up a framework for defining clear objectives,
providing clarity on the intent and direction at all levels
in the organization.
2. They are reinforced with measurable key results. Key
results are outcomes by which success is measured.
3. They drive an outcome mindset culture, enabling a clear
shift from an output mindset to an outcome mindset.
EPICs and OKRs must be aligned
EPICs can spin up one or more initiatives to implement the OKR
Reference: Explore Continuous Planning - Training | Microsoft Learn
Organizational and Team OKRs
Technical Solution Delivery
Technical Leadership
Business Leadership
CISO
CIO
CEO CFO COO
Zero Trust Strategy
Digital Transformation
Zero Trust Implementation
CTO
Identity and Access
Management Team
Endpoint Management
Team
Application Team
Data Protection team
Infrastructure Team
Networking Team
Roadmap Example of a Zero Trust Implementation
Identities
Devices
Apps
Infrastructure
Network
Data
Jan Feb Mar Apr May Jun Jul
2022
55% Strong Identity Enforcement
75% Optimize Cloud Based Identity Management
46% Unify management across devices and applications
88% Threat and vulnerability management
39% Behavioral based real-time and endpointprotection, detection and response
61% Restrict user consent to applications
38% Real-time threat protection and detection of anomalies in IaaS and SaaS
25% Segment networks and implement context driven access control
45% Protection of data on-premises
38% Protection of data in the cloud
Optimize device identities and health
56%
27% Secure Administrative Access
Prevent lateral movement
13%
Aug Sep Oct Nov Dec
Optimize Single Sign On experiencewhile reducing risk
43%
Extend access policy enforcement into session control using MCAS with Conditional Access
61%
Discover Shadow IT and protect apps from risks and threats across multi-cloud environments
61%
Rapidly find and fix vulnerabilitiesof IaaS and PaaS services
67%
Protect users when browsing the Internet through web filtering
41%
Protect Organizational Domain Name Services
88%
Enhance security and productivity for remote work
72%
Discovery and classification of data in the cloud and on-premises
53%
Protect communication with any party
60%
Monitor,investigate and remediatedata risks
53%
Start of Zero Trust engagement(Phase 1) Expected end
of Phase 1
Zero Trust
engagement
Last Update
Apr 30
Experience on Implementing Zero Trust @UBS
Return of experience from an Enterprise Architect @ UBS
Zero Trust is a cloud adoption project. Increasing the flexibility and scalability of their technology infrastructure is critical to UBS’s strategy. Therefore, UBS
has defined a cloud-first strategy. This goal is supported by a strategic partnership with Microsoft and the implementation of Zero Trust. Through this
transformational initiative, UBS plans to modernize their global technology estate and have more than 50% of its applications, including critical workloads,
running on Microsoft Azure.
Their Zero Trust architecture based on NIST Zero Trust Architecture and SASE. It has been clear to them for many years that network perimeter no longer
exists and that identity is the new perimeter. Conditional access to apps and sensitive data (customer data) is determined by PDP/PEP.
Due to regulatory requirements, they had to centralize Identity & Access Management 20 years ago already. In the meantime, they have implemented
internet-based identity with Azure AD.
In 2021, their CTO ordered a review on their Zero Trust architecture. They wanted to define where they were on their ZT journey. Different initiatives (like
network modernization) have been initiated. The review was made independently from any technology.
Zero Trust implementation is a journey and a continuous process. They constantly need to adapt to technology changes, new risks and organizational
needs.
Challenges:
- Costs for the consolidation were underestimated
- Standardization regarding modern authentication with conditional access was a “cultural” shift
- Adoption of business users (MFA and AAD is more intrusive for them)
- Ensure implementation of ZT principles throughout the whole organization (minimal Enterprise requirements defined, but not checked if ZT applied)
Zero Trust remains to 95% an IT project and topic (technology, network, Hosting Services, agile transformation).
Drivers & Benefits of Implementing Zero Trust
Our survey on Zero Trust adoption shows that:
Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
Challenges & Blockers while Implementing Zero Trust
Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
© Copyright Microsoft Corporation. All rights reserved.
Thank you for your attention.
Questions?

More Related Content

What's hot

Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Alan McSweeney
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 Rob Akershoek
 
Azure Security Center- Zero to Hero
Azure Security Center-  Zero to HeroAzure Security Center-  Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...Splunk
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentationjpelletier123
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 

What's hot (20)

Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
 
Azure Security Center- Zero to Hero
Azure Security Center-  Zero to HeroAzure Security Center-  Zero to Hero
Azure Security Center- Zero to Hero
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 -  Security Architecture Ver1 0TOGAF 9 -  Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 

Similar to BATbern48_How Zero Trust can help your organisation keep safe.pdf

Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdfCISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdfSidneyGiovanniSimas1
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfSymptai Consulting Limited
 
HITRUST CSF in the Cloud
HITRUST CSF in the CloudHITRUST CSF in the Cloud
HITRUST CSF in the CloudOnRamp
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world   cybersecurity for sb esSecuring your digital world   cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architectureangelohammond
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp  - Google Security for Everyone ElseBeyondCorp  - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 

Similar to BATbern48_How Zero Trust can help your organisation keep safe.pdf (20)

Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdfCISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
CISO_Mind_Map_and_Vulnerability_Management_Maturity_Model_1643375178.pdf
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdf
 
HITRUST CSF in the Cloud
HITRUST CSF in the CloudHITRUST CSF in the Cloud
HITRUST CSF in the Cloud
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world   cybersecurity for sb esSecuring your digital world   cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
MS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference ArchitectureMS. Cybersecurity Reference Architecture
MS. Cybersecurity Reference Architecture
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
BeyondCorp - Google Security for Everyone Else
BeyondCorp  - Google Security for Everyone ElseBeyondCorp  - Google Security for Everyone Else
BeyondCorp - Google Security for Everyone Else
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 

More from BATbern

BATbern52 Moderation Berner Architekten Treffen zu Data Mesh
BATbern52 Moderation Berner Architekten Treffen zu Data MeshBATbern52 Moderation Berner Architekten Treffen zu Data Mesh
BATbern52 Moderation Berner Architekten Treffen zu Data MeshBATbern
 
BATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data MeshBATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data MeshBATbern
 
BATbern52 SBB zu Data Products und Knacknüsse
BATbern52 SBB zu Data Products und KnacknüsseBATbern52 SBB zu Data Products und Knacknüsse
BATbern52 SBB zu Data Products und KnacknüsseBATbern
 
BATbern52 Mobiliar zu Skalierte Datenprodukte mit Data Mesh
BATbern52 Mobiliar zu Skalierte Datenprodukte mit Data MeshBATbern52 Mobiliar zu Skalierte Datenprodukte mit Data Mesh
BATbern52 Mobiliar zu Skalierte Datenprodukte mit Data MeshBATbern
 
BATbern52 InnoQ on Data Mesh 2019 2023 2024++
BATbern52 InnoQ on Data Mesh 2019 2023 2024++BATbern52 InnoQ on Data Mesh 2019 2023 2024++
BATbern52 InnoQ on Data Mesh 2019 2023 2024++BATbern
 
Embracing Serverless: reengineering a real-estate digital marketplace
Embracing Serverless: reengineering a real-estate digital marketplaceEmbracing Serverless: reengineering a real-estate digital marketplace
Embracing Serverless: reengineering a real-estate digital marketplaceBATbern
 
Serverless und Event-Driven Architecture
Serverless und Event-Driven ArchitectureServerless und Event-Driven Architecture
Serverless und Event-Driven ArchitectureBATbern
 
Serverless Dev(Ops) in der Praxis
Serverless Dev(Ops) in der PraxisServerless Dev(Ops) in der Praxis
Serverless Dev(Ops) in der PraxisBATbern
 
Serverless at Lifestage
Serverless at LifestageServerless at Lifestage
Serverless at LifestageBATbern
 
Keynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless ArchitecturesKeynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless ArchitecturesBATbern
 
BATbern51 Serverless?!
BATbern51 Serverless?!BATbern51 Serverless?!
BATbern51 Serverless?!BATbern
 
Ein Rückblick anlässlich des 50. BAT aus Sicht eines treuen Partners
Ein Rückblick anlässlich des 50. BAT aus Sicht eines treuen PartnersEin Rückblick anlässlich des 50. BAT aus Sicht eines treuen Partners
Ein Rückblick anlässlich des 50. BAT aus Sicht eines treuen PartnersBATbern
 
MLOps journey at Swisscom: AI Use Cases, Architecture and Future Vision
MLOps journey at Swisscom: AI Use Cases, Architecture and Future VisionMLOps journey at Swisscom: AI Use Cases, Architecture and Future Vision
MLOps journey at Swisscom: AI Use Cases, Architecture and Future VisionBATbern
 
From Ideation to Production in 7 days: The Scoring Factory at Raiffeisen
From Ideation to Production in 7 days: The Scoring Factory at RaiffeisenFrom Ideation to Production in 7 days: The Scoring Factory at Raiffeisen
From Ideation to Production in 7 days: The Scoring Factory at RaiffeisenBATbern
 
The Future of Coaching in Sport with AI/ML
The Future of Coaching in Sport with AI/MLThe Future of Coaching in Sport with AI/ML
The Future of Coaching in Sport with AI/MLBATbern
 
Klassifizierung von Versicherungsschäden – AI und MLOps bei der Mobiliar
Klassifizierung von Versicherungsschäden – AI und MLOps bei der MobiliarKlassifizierung von Versicherungsschäden – AI und MLOps bei der Mobiliar
Klassifizierung von Versicherungsschäden – AI und MLOps bei der MobiliarBATbern
 
BATbern48_ZeroTrust-Konzept und Realität.pdf
BATbern48_ZeroTrust-Konzept und Realität.pdfBATbern48_ZeroTrust-Konzept und Realität.pdf
BATbern48_ZeroTrust-Konzept und Realität.pdfBATbern
 
Why did the shift-left end up in the cloud for Bank Julius Baer?
Why did the shift-left end up in the cloud for Bank Julius Baer?Why did the shift-left end up in the cloud for Bank Julius Baer?
Why did the shift-left end up in the cloud for Bank Julius Baer?BATbern
 
Creating a Product through DevOps: The Story of APPUiO Cloud
Creating a Product through DevOps: The Story of APPUiO CloudCreating a Product through DevOps: The Story of APPUiO Cloud
Creating a Product through DevOps: The Story of APPUiO CloudBATbern
 
Zeitnahe Reaktion auf Verordnungsänderungen mit Feature Toggles
Zeitnahe Reaktion auf Verordnungsänderungen mit Feature TogglesZeitnahe Reaktion auf Verordnungsänderungen mit Feature Toggles
Zeitnahe Reaktion auf Verordnungsänderungen mit Feature TogglesBATbern
 

More from BATbern (20)

BATbern52 Moderation Berner Architekten Treffen zu Data Mesh
BATbern52 Moderation Berner Architekten Treffen zu Data MeshBATbern52 Moderation Berner Architekten Treffen zu Data Mesh
BATbern52 Moderation Berner Architekten Treffen zu Data Mesh
 
BATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data MeshBATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data Mesh
 
BATbern52 SBB zu Data Products und Knacknüsse
BATbern52 SBB zu Data Products und KnacknüsseBATbern52 SBB zu Data Products und Knacknüsse
BATbern52 SBB zu Data Products und Knacknüsse
 
BATbern52 Mobiliar zu Skalierte Datenprodukte mit Data Mesh
BATbern52 Mobiliar zu Skalierte Datenprodukte mit Data MeshBATbern52 Mobiliar zu Skalierte Datenprodukte mit Data Mesh
BATbern52 Mobiliar zu Skalierte Datenprodukte mit Data Mesh
 
BATbern52 InnoQ on Data Mesh 2019 2023 2024++
BATbern52 InnoQ on Data Mesh 2019 2023 2024++BATbern52 InnoQ on Data Mesh 2019 2023 2024++
BATbern52 InnoQ on Data Mesh 2019 2023 2024++
 
Embracing Serverless: reengineering a real-estate digital marketplace
Embracing Serverless: reengineering a real-estate digital marketplaceEmbracing Serverless: reengineering a real-estate digital marketplace
Embracing Serverless: reengineering a real-estate digital marketplace
 
Serverless und Event-Driven Architecture
Serverless und Event-Driven ArchitectureServerless und Event-Driven Architecture
Serverless und Event-Driven Architecture
 
Serverless Dev(Ops) in der Praxis
Serverless Dev(Ops) in der PraxisServerless Dev(Ops) in der Praxis
Serverless Dev(Ops) in der Praxis
 
Serverless at Lifestage
Serverless at LifestageServerless at Lifestage
Serverless at Lifestage
 
Keynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless ArchitecturesKeynote Gregor Hohpe - Serverless Architectures
Keynote Gregor Hohpe - Serverless Architectures
 
BATbern51 Serverless?!
BATbern51 Serverless?!BATbern51 Serverless?!
BATbern51 Serverless?!
 
Ein Rückblick anlässlich des 50. BAT aus Sicht eines treuen Partners
Ein Rückblick anlässlich des 50. BAT aus Sicht eines treuen PartnersEin Rückblick anlässlich des 50. BAT aus Sicht eines treuen Partners
Ein Rückblick anlässlich des 50. BAT aus Sicht eines treuen Partners
 
MLOps journey at Swisscom: AI Use Cases, Architecture and Future Vision
MLOps journey at Swisscom: AI Use Cases, Architecture and Future VisionMLOps journey at Swisscom: AI Use Cases, Architecture and Future Vision
MLOps journey at Swisscom: AI Use Cases, Architecture and Future Vision
 
From Ideation to Production in 7 days: The Scoring Factory at Raiffeisen
From Ideation to Production in 7 days: The Scoring Factory at RaiffeisenFrom Ideation to Production in 7 days: The Scoring Factory at Raiffeisen
From Ideation to Production in 7 days: The Scoring Factory at Raiffeisen
 
The Future of Coaching in Sport with AI/ML
The Future of Coaching in Sport with AI/MLThe Future of Coaching in Sport with AI/ML
The Future of Coaching in Sport with AI/ML
 
Klassifizierung von Versicherungsschäden – AI und MLOps bei der Mobiliar
Klassifizierung von Versicherungsschäden – AI und MLOps bei der MobiliarKlassifizierung von Versicherungsschäden – AI und MLOps bei der Mobiliar
Klassifizierung von Versicherungsschäden – AI und MLOps bei der Mobiliar
 
BATbern48_ZeroTrust-Konzept und Realität.pdf
BATbern48_ZeroTrust-Konzept und Realität.pdfBATbern48_ZeroTrust-Konzept und Realität.pdf
BATbern48_ZeroTrust-Konzept und Realität.pdf
 
Why did the shift-left end up in the cloud for Bank Julius Baer?
Why did the shift-left end up in the cloud for Bank Julius Baer?Why did the shift-left end up in the cloud for Bank Julius Baer?
Why did the shift-left end up in the cloud for Bank Julius Baer?
 
Creating a Product through DevOps: The Story of APPUiO Cloud
Creating a Product through DevOps: The Story of APPUiO CloudCreating a Product through DevOps: The Story of APPUiO Cloud
Creating a Product through DevOps: The Story of APPUiO Cloud
 
Zeitnahe Reaktion auf Verordnungsänderungen mit Feature Toggles
Zeitnahe Reaktion auf Verordnungsänderungen mit Feature TogglesZeitnahe Reaktion auf Verordnungsänderungen mit Feature Toggles
Zeitnahe Reaktion auf Verordnungsänderungen mit Feature Toggles
 

Recently uploaded

WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Lisi Hocke
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIInflectra
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypseTomasz Kowalczewski
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIAGATSoftware
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 

Recently uploaded (20)

WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST API
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 

BATbern48_How Zero Trust can help your organisation keep safe.pdf

  • 1. How Zero Trust can help your organization keep safe BATBern 11.11.2022
  • 2. Agenda Why Zero Trust? Zero Trust Goal, Principles & Benefits Zero Trust Components & Architecture Implementing Zero Trust Experience of different customers
  • 3. Why Zero Trust? • 80% of breaches involve lost / stolen credentials • More sophisticated and devastating attacks Nowadays cyber criminals do not break in - they log in!
  • 4. Zero Trust Overview ▪ Zero Trust assumes an open environment where the identity and security posture of each access request must be continuously evaluated and validated; ▪ Access is granted through a Policy Decision Point and Policy Enforcement Point and is minimized to resources which are validated as needing access; ▪ Context is important (→ data points on user behavior, device compliance, location, time of day, target application or service, etc.); ▪ Zero Trust is a framework, culture and philosophy, not a technical solution; ▪ Implementing Zero Trust is a journey, not a destination.
  • 5. Zero Trust Core Principles Zero Trust Core Principles (opengroup.org)
  • 6. What Business expects from Zero Trust Projects? Better security, compliance, agility, efficiency, productivity and attractiveness as employer • Business Models and partnerships • Technology trends • Regulatory, geopolitical, cultural forces • Disruptive events • Shift to remote work Employee → supplier → partners
  • 7. Zero Trust Components The Open Group Zero Trust Initiative and The President’s Executive Order on Improving the Nation’s Cybersecurity – The Open Group Blog Enable flexible business workflows for the digitized world
  • 8. Zero Trust Pillars Identities Data Network Endpoints Apps Infrastructure Governance Threat Protection
  • 9. Zero Trust Policy Evaluation Enforcement Threat Protection Continuous Assessment Threat Intelligence Forensics Response Automation Identities Human Non-human Endpoints Corporate Personal Public Private Network Apps SaaS On-premises Data Emails & documents Structured data Strong authentication Device compliance Risk assessment Traffic filtering & segmentation Request enhancement Telemetry/analytics/assessment JIT & Version Control Runtime control Adaptive Access Classify, label, encrypt Policy Optimization Governance Compliance Security Posture Assessment Productivity Optimization Infrastructure Serverless Containers IaaS Paas Internal Sites Zero Trust Architecture
  • 10. Where do Zero Trust Projects usually Start? ▪ Zero Trust is a journey across all security risk areas to be completed over time ▪ Organizations start the implementation in different places. They need to identify the individual components of each security risk area to prioritize, usually the following ones: Zero Trust components that are usually implemented first
  • 11. How should Zero Trust Initiatives be Prioritized? • Define criteria to ensure a clear and consistent prioritized approach • Balance security, functionality, and usability • Understand what is the most important for your organization (alignment with business goals) Common prioritization criteria Estimated Security Value (threat modelling, risk appetite of the organization) Implementation effort Available resources (staff, skilling, budget) Number of users affected Required licensing types and costs Estimated productivity value and alignment with business mission End-User impact (low, medium, high) Legacy systems displacement (usually driven by cost reduction)
  • 12. Microsoft Zero Trust Maturity Model maturity model Organizations who haven’t started their Zero Trust journey Organizations who have begun their Zero Trust journey Organizations have invested a lot of efforts in the implementation of Zero Trust concepts
  • 13. Zero Trust Maturity Model Capabilities Identities • On-premises identity provider is in use • No SSO is present between cloud and on-premises apps • Visibility into identity risk is very limited • Cloud identity federates with on-premises system • Conditional access policies gate access and provide remediation actions • Analytics improve visibility • Passwordless authentication is enabled • User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection Devices • Devices are domain joined and managed with solutions like Group Policy Object or Config Manager • Devices are required to be on network to access data • Devices are registered with cloud identity provider • Access only granted to cloud managed & compliant devices • DLP policies are enforced for BYO and corporate devices • Endpoint threat detection is used to monitor device risk • Access control is gated on device risk for both corporate and BYO devices Apps • On-premises apps are accessed through physical networks or VPN • Some critical cloud apps are accessible to users • On-premises apps are internet-facing and cloud apps are configured with SSO • Cloud Shadow IT risk is assessed; critical apps are monitored and controlled • All apps are available using least privilege access with continuous verification • Dynamic control is in place for all apps with in- session monitoring and response Infrastructure • Permissions are managed manually across environments • Configuration management of VMs and servers on which workloads are running • Workloads are monitored and alerted for abnormal behavior • Every workload is assigned app identity • Human access to resources requires Just-In-Time • Unauthorized deployments are blocked and alert is triggered • Granular visibility and access control are available across all workloads • User and resource access is segmented for each workload Network • Few network security perimeters and flat open network • Minimal threat protection and static traffic filtering • Internal traffic is not encrypted • Many ingress/egress cloud micro-perimeters with some micro-segmentation • Cloud native filtering and protection for known threats • User to app internal traffic is Encrypted • Fully distributed ingress/egress cloud micro- perimeters and deeper micro-segmentation • ML-based threat protection and filtering with context-based signals • All traffic is encrypted Data • Access is governed by perimeter control, not data sensitivity • Sensitivity labels are applied manually, with inconsistent data Classification • Data is classified and labeled via regex/keyword methods • Access decisions are governed by encryption • Classification is augmented by smart machine learning models • Access decisions are governed by a cloud security policy engine • DLP policies secure sharing with encryption and tracking Traditional Advanced Optimal
  • 14. Delivering with Objectives and Key Results (OKRs) Three Essential Aspects 1. OKRs make up a framework for defining clear objectives, providing clarity on the intent and direction at all levels in the organization. 2. They are reinforced with measurable key results. Key results are outcomes by which success is measured. 3. They drive an outcome mindset culture, enabling a clear shift from an output mindset to an outcome mindset. EPICs and OKRs must be aligned EPICs can spin up one or more initiatives to implement the OKR Reference: Explore Continuous Planning - Training | Microsoft Learn
  • 15. Organizational and Team OKRs Technical Solution Delivery Technical Leadership Business Leadership CISO CIO CEO CFO COO Zero Trust Strategy Digital Transformation Zero Trust Implementation CTO Identity and Access Management Team Endpoint Management Team Application Team Data Protection team Infrastructure Team Networking Team
  • 16. Roadmap Example of a Zero Trust Implementation Identities Devices Apps Infrastructure Network Data Jan Feb Mar Apr May Jun Jul 2022 55% Strong Identity Enforcement 75% Optimize Cloud Based Identity Management 46% Unify management across devices and applications 88% Threat and vulnerability management 39% Behavioral based real-time and endpointprotection, detection and response 61% Restrict user consent to applications 38% Real-time threat protection and detection of anomalies in IaaS and SaaS 25% Segment networks and implement context driven access control 45% Protection of data on-premises 38% Protection of data in the cloud Optimize device identities and health 56% 27% Secure Administrative Access Prevent lateral movement 13% Aug Sep Oct Nov Dec Optimize Single Sign On experiencewhile reducing risk 43% Extend access policy enforcement into session control using MCAS with Conditional Access 61% Discover Shadow IT and protect apps from risks and threats across multi-cloud environments 61% Rapidly find and fix vulnerabilitiesof IaaS and PaaS services 67% Protect users when browsing the Internet through web filtering 41% Protect Organizational Domain Name Services 88% Enhance security and productivity for remote work 72% Discovery and classification of data in the cloud and on-premises 53% Protect communication with any party 60% Monitor,investigate and remediatedata risks 53% Start of Zero Trust engagement(Phase 1) Expected end of Phase 1 Zero Trust engagement Last Update Apr 30
  • 17. Experience on Implementing Zero Trust @UBS Return of experience from an Enterprise Architect @ UBS Zero Trust is a cloud adoption project. Increasing the flexibility and scalability of their technology infrastructure is critical to UBS’s strategy. Therefore, UBS has defined a cloud-first strategy. This goal is supported by a strategic partnership with Microsoft and the implementation of Zero Trust. Through this transformational initiative, UBS plans to modernize their global technology estate and have more than 50% of its applications, including critical workloads, running on Microsoft Azure. Their Zero Trust architecture based on NIST Zero Trust Architecture and SASE. It has been clear to them for many years that network perimeter no longer exists and that identity is the new perimeter. Conditional access to apps and sensitive data (customer data) is determined by PDP/PEP. Due to regulatory requirements, they had to centralize Identity & Access Management 20 years ago already. In the meantime, they have implemented internet-based identity with Azure AD. In 2021, their CTO ordered a review on their Zero Trust architecture. They wanted to define where they were on their ZT journey. Different initiatives (like network modernization) have been initiated. The review was made independently from any technology. Zero Trust implementation is a journey and a continuous process. They constantly need to adapt to technology changes, new risks and organizational needs. Challenges: - Costs for the consolidation were underestimated - Standardization regarding modern authentication with conditional access was a “cultural” shift - Adoption of business users (MFA and AAD is more intrusive for them) - Ensure implementation of ZT principles throughout the whole organization (minimal Enterprise requirements defined, but not checked if ZT applied) Zero Trust remains to 95% an IT project and topic (technology, network, Hosting Services, agile transformation).
  • 18. Drivers & Benefits of Implementing Zero Trust Our survey on Zero Trust adoption shows that: Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
  • 19. Challenges & Blockers while Implementing Zero Trust Zero Trust Adoption Report: How does your organization compare? - Microsoft Security Blog
  • 20. © Copyright Microsoft Corporation. All rights reserved. Thank you for your attention. Questions?