For a more comprehensive guide on rolling out Zero Trust, the deployment plans provide in-depth guidance.
Unlike the checklist format of the RaMP, deployment solutions weave together resources across products and services.
Work is broken into units of work that can be configured together, helping you create a good foundation that you can build up from.
Visibility, automation, and orchestration with Zero Trust
With
each of the other technical pillars of Zero Trust generating their own relevant
alerts, we need an integrated capability to manage the resulting influx of data
to better defend against threats and validate trust in a transaction.
If an investigation results in actionable learnings, you can take remediation steps. For example, if an investigation uncovers gaps in a zero trust deployment, policies can be modified to address these gaps and prevent future unwanted incidents. Whenever possible it is desirable to automate remediation steps, because it reduces the time it takes for a SOC analyst to address the threat and move onto the next incident.
Visibility, automation, and orchestration Zero Trust deployment objectives
When
implementing an end-to-end Zero Trust framework for visibility, automation, and
orchestration, we recommend you focus first on these initial deployment
objectives:
I.
Establish visibility.
II. Enable automation.
After these are completed, focus on these additional deployment objectives:
Before
an identity attempts to access a resource, organizations must:
Verify
the identity with strong authentication.
Ensure
access is compliant and typical for that identity.
Follows
least privilege access principles.
Once
the identity has been verified, we can control that identity's access to
resources based on organization policies, on-going risk analysis, and other
tools.
Identity
Zero Trust deployment objectives
When
implementing an end-to-end Zero Trust framework for identity, we recommend you
focus first on these initial deployment objectives:
I.
Cloud identity federates with on-premises identity systems.
II.
Conditional Access policies gate access and provide remediation activities.
III.
Analytics improve visibility.
After
these are completed, focus on these additional deployment objectives:
IV.
Identities and access privileges are managed with identity governance.
V.
User, device, location, and behavior is analyzed in real time to determine risk
and deliver ongoing protection.
VI.
Integrate threat signals from other security solutions to improve detection,
protection, and response.
Applications
To
get the full benefit of cloud apps and services, organizations must find the
right balance of providing access while maintaining control to protect critical
data accessed via applications and APIs.
The
Zero Trust model helps organizations ensure that apps, and the data they
contain, are protected by:
Applying
controls and technologies to discover Shadow IT.
Ensuring
appropriate in-app permissions.
Limiting
access based on real-time analytics.
Monitoring
for abnormal behavior.
Controlling
user actions.
Validating
secure configuration options.
Applications
Zero Trust deployment objectives
Before
most organizations start the Zero Trust journey, their on-premises apps are
accessed through physical networks or VPN, and some critical cloud apps are
accessible to users.
When
implementing a Zero Trust approach to managing and monitoring applications, we
recommend you focus first on these initial deployment objectives:
I.
Gain visibility into the activities and data in your applications by connecting
them via APIs.
II.
Discover and control the use of shadow IT.
III.
Protect sensitive information and activities automatically by implementing
policies.
After
these are completed, focus on these additional deployment objectives:
IV.
Deploy adaptive access and session controls for all apps.
V.
Strengthen protection against cyber threats and rogue apps.
VI.
Assess the security posture of your cloud environments