South Africa-based Microsoft solution partner and IT services firm NBConsult has assisted Microsoft to roll out a Zero Trust Adoption Framework to support businesses in their migration from a traditional security approach to one of zero trust.
The framework is intended as a ‘go-to’ resource to help businesses implement a zero trust security model, which both NBConsult and Microsoft believe enables the new normal of working anywhere, with anyone, at any time.
They add that this is a significant transformation that requires buy-in, adoption and change management across the entire organisation.
Satya Nadella, executive chairman and CEO of Microsoft, said: “Our goal is to help every organisation strengthen its security capabilities through a Zero Trust architecture built on our comprehensive solutions that span identity, security, compliance, and device management across all clouds and platforms."
NBConsult contributed to and provided material feedback on this adoption, according to Microsoft.
Nicolas Blank, founder and CEO of NBConsult, said: “At the core of zero trust are three key principles: verify explicitly; use least privilege access; and assume breach. Instead of believing everything behind the corporate firewall is safe, the zero trust model assumes breach and verifies each request as though it originated from an uncontrolled network.
“As a team, we wrestled with how we deliver Zero Trust thinking in an inclusive manner across the entire organisation, to engage participation from senior leadership to security analyst, and across again to the normal human ultimately affected by a security breach,” says Blank.
He describes the framework as “a significant milestone in security thinking” by no longer considering security as a standalone discipline and ushering in a risk-inclusive business scenario-based approach.
Alistair Pugin, NBConsult chief technical officer, added: “The Microsoft Zero Trust Adoption Framework includes actionable steps in each scenario to answer the question of 'what do I do first' without needing to 'boil the ocean', at the same time incrementally raising friction against malicious intent and ruining attacker ROI. Alongside this adoption framework, we have developed an implementation protocol, which we are rolling out at various organisations.”
Share