Hello! I’m Jeff Sakowicz, Principal Program Management Lead for Application Platform Security within the Microsoft Identity team. Our team’s goal is to foster a secure, trustworthy, and thriving app ecosystem. Part of achieving this goal is enabling apps to support a Zero Trust security model.
Our app platform security team will share a series of blogs on how to achieve Zero Trust readiness in the apps you develop and why it matters.
In the past, securing an application meant deploying it inside a secure network boundary and fixing code that could be exploited. If something did go wrong, the impact was often directly to the app itself. Today, users and organizations rely on an interconnected web of apps and services. A compromised or insecure application can have an impact on an entire organization by acting as an entry point into the rest of its infrastructure.
On top of this, the “work from anywhere” hybrid workforce means that applications are rapidly moving into the cloud as employees access resources from their own networks and devices. We can no longer assume that apps will only be used inside of a protected network boundary.
The Zero Trust principles of verify explicitly, use least privileged access, and assume breach provide a security framework in response to these new realities. Adopting an end-to-end Zero Trust strategy, along with basic security hygiene, helps to protect an organization’s digital estate. Developing apps with Zero Trust principles in mind will enable a more secure hybrid workplace, reduce the blast radius of security incidents, enable swift remediation and recovery, and ensure that the apps work seamlessly in environments that implement a Zero Trust strategy.
In this blog series, we will explain how the Microsoft identity platform supports Zero Trust principles and empowers you to create applications with a Zero Trust approach to identity and access management. We’re starting with this post on why Zero Trust matters. Next month, we’ll explain how to design apps to use the principle of least-privileged access using the Microsoft identity platform.
Developers and IT pros must work together to deliver Zero Trust identity security
IT departments are increasing the level of rigor they apply when evaluating apps. They avoid apps that represent a risk or don't function correctly in secure environments. To be adopted, applications must be designed with Zero Trust in mind.
However, developing, configuring, and deploying apps with a Zero Trust approach is a team effort. IT must decide on the policies they will enforce for apps in their environment. Developers are responsible for building and integrating apps in a way that allows IT to further secure, adopt and manage the applications. This partnership allows organizations to:
Scale adoption of an application within the organization.
Minimize the probability of, if not prevent, compromises from happening at all. And, in the world of assuming breach, minimize the impact if a compromise does occur.
Quickly respond to attacks and compromises, recover from them quickly, and reduce damage to their business.
Customers are adopting Zero Trust principles, starting with identity
While each organization's Zero Trust journey is unique, the logical place to start for most is user and application identity. The following are the application policies and controls we see organizations prioritizing as they roll out Zero Trust:
Credential hygiene and rotation policies. Secrets such as certificates or passwords are one of the most important assets to secure because they allow an attacker to move deeper within the system. Remove all secrets from code and configuration, place them in Azure Key Vault and access them via a Managed Identity; IT administrators are implementing Application Authentication Method policies that enforce good application credential hygiene.
Strong and adaptive authentication. IT administrators expect to be able to set polices requiring multi-factor authentication. By using Conditional Access policies, administrators can apply the right access controls when needed to keep your organization secure and stay out of their users’ way when not needed.
Restricting consent to applications requesting low-risk permissions that are publisher verified. While access to data in APIs like Microsoft Graph allows for building rich applications, organizations limit risk by setting policies that allow end users to grant permissions to apps under specific conditions. IT can use the admin consent workflow in Azure AD to thoroughly review requests that can't be approved by users.
Blocking legacy protocols and APIs. This includes blocking older authentication protocols such as “Basic authentication” and requiring modern protocols like Open ID Connect and OAuth2. Organizations are ensuring applications they depend on are meeting these requirements.