As an
alternative to deployment guidance that provides detailed configuration steps
for each of the technology pillars being protected by Zero Trust principles,
Rapid Modernization Plan (RaMP) guidance is based on initiatives and gives you
a set of deployment paths to more quickly implement key layers of protection.
RAMP
GUIDANCE TAKES A PROJECT MANAGEMENT AND CHECKLIST APPROACH:
1.
By providing a suggested mapping of key
stakeholders, implementers, and their accountabilities, you can more quickly
organize an internal project and define the tasks and owners to drive them to
conclusion.
2.
By providing a checklist of deployment
objectives and implementation steps, you can see the bigger picture of
infrastructure requirements and track your progress.
3.
RaMP initiatives for Zero Trust
4.
Zero Trust is a major transformation of a
security program, so it's critical to start with the most impactful items that
get you the most security and productivity increases with the least amount of
time and resources.
5.
The Zero Trust Rapid Modernization Plan (RaMP)
is included in the Microsoft Cybersecurity Reference Architecture (MCRA) and
provides best practices that help you prioritize your security modernization.
This RaMP identifies the most effective controls for the most relevant and
common attacks that require the least amount of investment of time, effort, and
resources.
6. The
Zero Trust RaMP aligns to the recommended security modernization initiatives,
including the following:
7. Secure
Identities and Access - These quick wins focus on using cloud-based security
capabilities like Microsoft Entra ID, Intune, Microsoft Defender for Endpoints,
and Microsoft Entra application proxy to rapidly modernize access control to
increase productivity and security assurances.
8. Data
Security and Governance, Risk, Compliance (GRC) - These quick wins focus on
ensuring the organization can rapidly recover from a ransomware/extortion
attack without paying attackers and protecting the most valuable business
critical data.
9. Modern
Security Operations - These quick wins focus on streamlining responses to
common attacks, getting end to end visibility across the enterprise, and
automating manual tasks that slow down analysts and cause exhaustion/burnout.
10.
Infrastructure and Development Security
- These quick wins focus on security hygiene, reducing legacy risk, integrating
security into DevOps and development processes, and applying the
microsegmentation concepts to identity and network access control.
11.
Operational Technology (OT) and Internet
of Things (IoT) security - These quick wins focus on quickly discovering,
protecting, and monitoring these systems for attacks.