Skip to main content

Microsoft, NSA advocate zero trust cybersecurity model

(Image credit: Shutterstock / Song_about_summer)

Microsoft and the US National Security Agency (NSA) have advised public and private sector organizations to follow a zero-trust (opens in new tab) approach to cybersecurity.

The zero trust approach, which operates under the assumption that the network has already been breached and that every device and app needs authorization, is said to be the most efficient way to tackle advanced cybersecurity threats.

As reported by Bleeping Computer (opens in new tab), testifying in front of the US Senate after the SolarWinds breach, Microsoft President Brad Smith described zero trust as the best cybersecurity model.

"Basic cyber hygiene and security best practices were not in place with the regularity and discipline we would expect of federal customers with the agencies’ security profiles. In most cases, multi-factor authentication, least privileged access, and the other requirements to establish a 'zero trust' environment were not in place,“ he said.

"Our experience and data strongly suggest that had these steps been in place, the attacker would have had only limited success in compromising valuable data even after gaining access to agency environments."

In a bid to support companies in implementing zero trust, Microsoft has recently released an assessment tool that helps organizations assess the maturity of their posture.

The NSA, on the other hand, published a paper (opens in new tab) on embracing the zero trust model, in which it states that “systems designed using zero trust principals should be better positioned to address existing threats.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.