This can potentially wreak havoc on data privacy or the safety of the vulnerable population they are trying to serve and could open the agency up to civil liability if not properly protected.<\/p>\n
Given these questions and the complexity of cybersecurity concerns and data privacy, it\u2019s hard to justify an approach that is premised on implicit trust and unfettered access to sensitive data. In addition to trust considerations, public sector organizations also need to enable productivity and collaboration. Striking the right balance between productivity and security need not be all or nothing.<\/p>\n
The Zero Trust model<\/h3>\n
The Zero Trust security model adheres to three pillars:<\/p>\n
- \n
- Explicit verification of every access request.<\/li>\n
- Use of least privileged access with just-in-time adaptive risk-based access policies.<\/li>\n
- Assume breach mentality to minimize potential damage to, or loss of data from, additional parts of the organization.<\/li>\n<\/ol>\n
In our example, all information requests would be treated as though they originate from an uncontrolled (external or compromised) network. But this need not impede the social worker\u2019s productivity. With the right governance, social workers can and should have access to the relevant information.<\/em> Governing parameters might include restricting access to information about non-clients. Another parameter may be to set access expiration dates, or determine which devices are eligible for access. If a device or an agency worker\u2019s identity becomes compromised, their access can be mediated by identity management or data governance rules that enable productivity while being mindful of security.<\/p>\n
For an agency to retain its commitment to the constituents it serves and uphold data privacy standards, implicit trust within a data estate no longer makes sense. An end-to-end Zero Trust approach aims to build security into the entire digital estate, across your identities (usernames and passwords), devices, network, infrastructure, applications, and data.<\/p>\n
Microsoft 365 helps governments on the Zero Trust journey<\/h3>\n
With Microsoft 365<\/a>, governments can take immediate steps towards a Zero Trust security model. The first step in building a secure environment is explicit verification of identity. Phishing is one of the most common types of cyberattacks. It can lead to a user\u2019s credentials being compromised and opens the doors for attackers to steal valuable information. Sensitive data may be what cybercriminals want, but an identity breach is often the preferred tactic to get to the data. Protecting identity and managing access is therefore a pivotal first step in a cybersecurity strategy. This is because identity can act as the new control plane that connects all the organization\u2019s data dispersed across multiple applications, on-premises and in the cloud, and accessed by multiple devices and users.<\/p>\n
Getting identity management right is a defensive imperative and it can enable an organization to save time and resources. Azure Active Directory (Azure AD)<\/a> is a powerful identity management solution that helps modernize access management and provide end-to-end visibility across the entire digital estate by connecting all applications and services to a single control plane. This is key to implementing a Zero Trust model because setting policies to define the right user experience at each access request ensures users are allowed the least privileged access necessary to perform their role. With Azure AD, organizations can also deploy a variety of passwordless authentication solutions<\/a> from Windows Hello to FIDO 2.0 keys, further strengthening their access security.<\/p>\n
Another pillar of the Zero Trust model is the principle that policies define how devices are used in the workplace; this is important as employees increasingly use their own devices at work. Under Zero Trust, the \u201chealth\u201d of the device is a gating variable for access policies. With Microsoft Intune<\/a>, mobile application management and mobile device management (MDM), part of the new Microsoft Endpoint Manager platform<\/a>, organizations can verify and make the health of the device a precondition to access data. MDM enables comprehensive remote management of mobile devices, including remote data wipe if needed.<\/p>\n
\n![](\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2020\/01\/government-data-protection-earning-and-retaining-the-publics-trust-with-microsoft-365.png\")
<\/div>\n\n10 tips for enabling Zero Trust security<\/h3>\n
Widespread adoption of public cloud services and the growth of a mobile workforce have rendered perimeter-based security models obsolete.<\/p>\n
Read more<\/a> <\/div>\n
<\/div>\n
<\/p>\n
The final pillar of Zero Trust addresses the need to govern access by network to prevent lateral movement in the event of a breach. Microsoft 365 offers many services to help monitor and detect threats and protect sensitive data:<\/p>\n
- \n
- Microsoft Cloud App Security<\/a> detects unusual behavior across Microsoft and third-party cloud apps. It can identify high risk usage and remediate automatically to limit risk to an organization.<\/li>\n
- Office 365 Advanced Threat Protection (ATP)<\/a> provides continuous, real-time detonation capabilities to find and block threats, including malicious email links and attachments.<\/li>\n
- Microsoft Defender ATP<\/a> protects endpoints in real-time by detecting and responding to threats.<\/li>\n
- Azure ATP<\/a> detects risky and suspicious user activities and generates alerts.<\/li>\n
- Azure Information Protection<\/a> provides controls to help secure email, documents, and sensitive data no matter where it\u2019s stored or whom it\u2019s shared with.<\/li>\n<\/ul>\n
What makes Microsoft unique is the native integration of all these services allowing for holistic security management across each of the Zero Trust pillars, resulting in an orchestrated response to protect agencies\u2019 digital estates end-to-end. This also serves to simplify the Zero Trust journey by eliminating the complexity of trying to make multiple different cybersecurity solutions work together that were not designed to integrate with one another.<\/p>\n
Microsoft services are enhanced by the powerful insights captured by the Microsoft Intelligent Security Graph<\/a>\u2014the centerpiece of Microsoft\u2019s differentiation in cybersecurity\u2014which reasons over more than 8 trillion security signals from 1.2 billion end points and hundreds of millions of identity, email, and document transactions. Microsoft employs unique human and artificial intelligence (AI) to make sense of these vast and complex cybersecurity signals to connect the dots to find the signal in the noise.<\/p>\n
\n![](\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2020\/01\/government-data-protection-earning-and-retaining-the-publics-trust-with-microsoft-365-1.png\")
<\/div>\n\nMicrosoft Intelligent Security Graph<\/h3>\n
Advanced analytics link massive amounts of threat intelligence and security data to provide you unparalleled threat protection and detection.<\/p>\n
Learn more<\/a> <\/div>\n
<\/div>\n
<\/p>\n
Learn more<\/h3>\n
Cyberattacks are becoming more frequent, better organized, and increasingly sophisticated. Governments recognize the seriousness of these concerns and are searching for solutions to update their security posture in the new cybersecurity era with limited budgets and insufficient skills.<\/p>\n
Microsoft 365 provides best-in-class productivity apps while protecting identities, devices, applications, networks, and data. With Microsoft 365 security services, governments can take confident steps in the direction of a modern, Zero Trust security environment.<\/p>\n
Learn more about Zero Trust<\/a> and Microsoft 365 and government<\/a>. Also, see how Microsoft Security<\/a> solutions can support your journey.<\/p>\n
- Office 365 Advanced Threat Protection (ATP)<\/a> provides continuous, real-time detonation capabilities to find and block threats, including malicious email links and attachments.<\/li>\n
- Microsoft Cloud App Security<\/a> detects unusual behavior across Microsoft and third-party cloud apps. It can identify high risk usage and remediate automatically to limit risk to an organization.<\/li>\n