Back

Zero Trust Security to Protect Remote Workforces During COVID-19

What is Zero Trust Security ZTSZero Trust Security was still considered a buzz word when we first wrote about over a year agonewsplannin...

3 min read
Published on Apr 9, 2020
zero-trust-security-to-protect-remote-workforces-during-covid-19

What is Zero Trust Security? (ZTS)

Zero Trust Security was still considered a buzz word when we first wrote about over a year ago, but has since seen NIST release an official Zero Trust framework, 800-207, and has also become one of the most accepted frameworks for defending distributed work forces. One of the key ideas behind ZTS is that there IS no perimeter. With users able to work from any place and on any device, we can no longer rely on keeping everyone safe behind a firewall. Even with the best firewalls, there are too many weaknesses presented by individuals and their varied devices to lean on that to assume you are safe.

This is particularly important right now, given that an estimated 90% of Americans are under some form of stay at home order, which is driving the number of remote workers through the roof. It is also fueling a meteoric rise in cyber attacks and threats including Phishing attacks claiming to have COVID-19 related information or tools, ransomware attacks on hospitals, and Zoom just being Zoom, an immature company doing their best to meet the demand, but now recognizing the problems and technical debt they assumed by rolling their own security and skipping critical security functions in the rush to market.

Zero Trust adapts to the complexity of this modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located. Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. The Zero Trust approach is based on three guiding principles: Verify explicitly, use least privileged access, and assume breach.

The Three Guiding Principles of Zero Trust Security

Zero Trust Security is guided across three principles:

  • Verify Explicitly
  • Use Least Privileged Access
  • Assume Breach

The Six Pillars of Zero Trust

The three principles of Zero Trust are applied to defend six pillars that represent a data estate.

  • Identity
  • Devices
  • Applications
  • Infrastructure
  • Network
  • Data

Zero Trust Security With Microsoft 365

This demonstration provides a quick look at how a number of integrated tools across Microsoft’s security stack can be applied to enable a Zero Trust methodology in your organization. For more in-depth explorations and demos, please check out these other blogs: What is Zero Trust Security Zero Trust with Microsoft 365 Understanding Active Directory Microsoft Defender Advanced Threat Protection Demo Automate Security with Cloud App Security and Power Automate Intune for Mobile Device Management Managing Microsoft Secure Score Setting up Single Sign On (SSO) in Azure Active Directory Azure Information Protection Demo Protecting your Data Even Outside of Office 365 Azure Azure Security Center Demo Combating Shadow IT with EMS and Cloud App Security Need help defending your remote workers and assuring your devices, data, and identities are secure? Agile IT is a Gold Microsoft Security Partner, and have solutions to help your organization remain secure.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 21, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation