News

With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

The work-from-home phenomenon driven by the 2020 pandemic accelerated the use of cloud services by organizations, Microsoft argued, necessitating a change in how organizations handle security.

The author of the statements, Vasu Jakkal, Microsoft's corporate vice president for security, compliance and identity, suggested that "employees' home networks and devices are now part of the corporate network," which has security implications.

Microsoft's security teams currently track more than 40 nation-state attackers and more than 140 threat groups in 20 countries, Jakkal indicated. Phishing and firmware attacks have been increasing. There's "an average of 50 million password attacks every day." Last year, Microsoft blocked 30 billion e-mail threats, she added.

Organizations increasingly moved toward using cloud-based services in response to the pandemic, Microsoft found.

"In a recent survey of our Microsoft Intelligent Security Association (MISA) partners, 90 percent reported that customers have accelerated their move to the cloud due to the pandemic," Jakkal noted.

Most (91 percent) of those MISA partners also reported that there's a shortage of cybersecurity professionals to meet the current threat landscape.

One simple protection that organizations can implement is to turn on multifactor authentication (MFA), a secondary identity verification approach besides using a password. However, even though MFA is included for free with Azure or Microsoft 365 commercial subscriptions, just 18 percent of Microsoft's customers have turned it on, Jakkal noted.

While organizations may have turned on MFA to protect remote access sessions, MFA also "protects the entire network," she asserted.

The remote access trend makes implementing zero trust a "new business imperative" for organizations, Jakkal asserted. With zero trust, organizations "verify explicitly, grant least privileged access, and assume breach," she added.

Jakkal is scheduled to speak at the RSA Conference on May 18 as part of the RSA keynote presentation. She also recently chatted with Microsoft CEO Satya Nadella about zero trust in a video, available at this Microsoft page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured