Hello! I’m Jeff Sakowicz, Principal Program Management Lead for Application Platform Security within the Microsoft Identity team. Our team’s goal is to foster a secure, trustworthy, and thriving app ecosystem. Part of achieving this goal is enabling apps to support a Zero Trust security model.
Our app platform security team will share a series of blogs on how to achieve Zero Trust readiness in the apps you develop and why it matters.
In the past, securing an application meant deploying it inside a secure network boundary and fixing code that could be exploited. If something did go wrong, the impact was often directly to the app itself. Today, users and organizations rely on an interconnected web of apps and services. A compromised or insecure application can have an impact on an entire organization by acting as an entry point into the rest of its infrastructure.
On top of this, the “work from anywhere” hybrid workforce means that applications are rapidly moving into the cloud as employees access resources from their own networks and devices. We can no longer assume that apps will only be used inside of a protected network boundary.
The Zero Trust principles of verify explicitly, use least privileged access, and assume breach provide a security framework in response to these new realities. Adopting an end-to-end Zero Trust strategy, along with basic security hygiene, helps to protect an organization’s digital estate. Developing apps with Zero Trust principles in mind will enable a more secure hybrid workplace, reduce the blast radius of security incidents, enable swift remediation and recovery, and ensure that the apps work seamlessly in environments that implement a Zero Trust strategy.
In this blog series, we will explain how the Microsoft identity platform supports Zero Trust principles and empowers you to create applications with a Zero Trust approach to identity and access management. We’re starting with this post on why Zero Trust matters. Next month, we’ll explain how to design apps to use the principle of least-privileged access using the Microsoft identity platform.
IT departments are increasing the level of rigor they apply when evaluating apps. They avoid apps that represent a risk or don't function correctly in secure environments. To be adopted, applications must be designed with Zero Trust in mind.
However, developing, configuring, and deploying apps with a Zero Trust approach is a team effort. IT must decide on the policies they will enforce for apps in their environment. Developers are responsible for building and integrating apps in a way that allows IT to further secure, adopt and manage the applications. This partnership allows organizations to:
While each organization's Zero Trust journey is unique, the logical place to start for most is user and application identity. The following are the application policies and controls we see organizations prioritizing as they roll out Zero Trust:
To learn more, check out the new guidance for developers we’ve published to the Zero Trust Guidance Center. It includes new development and integration resources for developing Zero Trust-ready apps.
For more details, read the full whitepaper for developers that can be downloaded here: Zero Trust for the Microsoft Identity developer
Learn more about Microsoft identity:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.