Microsoft and the US National Security Agency (NSA) have advised public and private sector organizations to follow a zero-trust approach to cybersecurity.
The zero trust approach, which operates under the assumption that the network has already been breached and that every device and app needs authorization, is said to be the most efficient way to tackle advanced cybersecurity threats.
As reported by Bleeping Computer, testifying in front of the US Senate after the SolarWinds breach, Microsoft President Brad Smith described zero trust as the best cybersecurity model.
“Basic cyber hygiene and security best practices were not in place with the regularity and discipline we would expect of federal customers with the agencies’ security profiles. In most cases, multi-factor authentication, least privileged access, and the other requirements to establish a ‘zero trust’ environment were not in place,“ he said.
“Our experience and data strongly suggest that had these steps been in place, the attacker would have had only limited success in compromising valuable data even after gaining access to agency environments.”
In a bid to support companies in implementing zero trust, Microsoft has recently released an assessment tool that helps organizations assess the maturity of their posture.
The NSA, on the other hand, published a paper on embracing the zero trust model, in which it states that “systems designed using zero trust principals should be better positioned to address existing threats.”