While the Zero Trust security model has been around for a number of years, pressure to incorporate these security strategies has increased. Growing cyber threats mean it’s likely not a matter of ‘if’ an organization is breached, but ‘when’. According to Forrester, three-quarters of organizations reported one or more incidents in the past 12 months.[1] Cyber insurance companies are requiring policyholders to implement strategies like multifactor authentication (MFA). Even the US government is mandating that all federal agencies adopt Zero Trust architecture by 2024.
98% of attacks can be stopped with basic hygiene measures in place[2]—things like data encryption, multifactor authentication, and credential protection. But real cyber resilience is built upon the combination of these strategies into an adaptive, holistic approach that spans hardware to cloud. It’s impossible to know where an attacker will strike—through an endpoint, a cloud misconfiguration, or even a vulnerable device peripheral. Zero Trust helps IT teams proactively protect every level of technology to keep organizations resilient enough to recover quickly and reduce the impact of potential breaches.
IT professionals need easy ways to fully implement Zero Trust strategies that modernize their defenses and build cyber resilience. Below are three quick wins IT professionals can achieve using devices with built-in Zero Trust, so they can secure additional budget for other security initiatives.
Tactic #1: Modernize your defenses in a perimeter-less world
Modern organizations empower employees with flexible work arrangements to boost productivity and engagement. Many employees now regularly work outside of the office’s traditional security perimeter. That makes devices the new front line of defense against cyber threats. And the consequences for not building security in at the device level can be severe. The global average cost of a data breach in 2022 was $4.24M.[3]
That means device choice matters when adopting a Zero Trust model for cyber resilience. Having devices that are built with Zero Trust controls from the start takes one thing off the plate of an IT professional and helps them meet organizational security goals, all while ensuring employees can work wherever and however, they want.
Microsoft Surface devices have Zero Trust security built in from chip to cloud. IT professionals can count on layered Zero Trust protections to minimize vulnerabilities across hardware, firmware, OS, and the cloud and create a modern defense for the modern workplace.
Tactic #2: Make security less intrusive with seamless passwordless authentication and encryption
At the hardware level, there’s a fine line between defending critical data without hampering user experience. If users have to slog through multiple steps of verification or deal with downtime from security updates, they’re going to be frustrated and less productive. There’s also the risk that employees will write down their complex passwords to make it easier to sign in—and potentially expose those credentials to attackers. Passwordless authentication and data encryption from Surface devices help IT professionals proactively defend against threats while providing a great user experience.
Take Windows Hello’s facial recognition identity verification. Attackers often use stolen credentials as a way into an organization. Biometric credentials, on the other hand, are a much more secure method of verifying identity. With Windows Hello for Business deployed, the likelihood of human error in a security incident is reduced, helping security teams find a solution more quickly. In fact, Surface devices are reported to reduce employee time lost to security incidents by 29%.[4] And passwordless authentication makes for a better user experience. No need to remember complex passwords or search for MFA tokens. Instead, most Surface devices sign the user in when they approach and lock when they leave. Simple as that.
Security backed by a Trusted Platform Module (TPM) enables protection of data, credentials, and applications from the moment the user signs in. On the Surface Pro 9 5G, there is also an extra layer of security with the Microsoft Pluton security processor built directly on the System on a Chip (SoC) to further reduce the attack surface. Even if an attacker does get a hold of a device, Pluton restricts access to sensitive data from everyone but authorized users. That’s least-privilege access at work.
Tactic #3: Meet mandates while simplifying IT management
But it’s not just about the hardware. An assume breach mindset requires a layered defense approach, from the firmware up to the cloud. And those layers need to be built in a way that streamlines and automates IT admin tasks. Surface devices help IT admins enact Zero Trust strategies without adding management complexity, meaning they can speed their evolution to a Zero Trust architecture across the enterprise. IDC research found that Surface devices of respondent organizations enabled a 17% reduction in IT deployment costs and 26% faster deployment to employees compared to other PC devices.[4]
Organizations can limit user access and protect against firmware-level threats with Surface’s Device Firmware Configuration Interface (DFCI). Zero-touch provisioning lets IT admins remotely control UEFI security settings and disable hardware elements like the camera through Microsoft Intune*, reducing the attack surface and allowing for the application of Zero Trust controls to devices across the dispersed workforce.
Beyond that, OS and cloud-based solutions enabled on Surface help protect identities and remotely detect and respond to malicious actions. From virtualization-based security to automatic updates through secure and encrypted channels, enable stronger protection and greater resilience against advanced threats.
Build resilience with Zero Trust strategies from Surface
With Zero Trust security built in at the device level, IT professionals can comply with mandates to implement these strategies across their organization quicker and easier. From the components to the cloud, Surface devices deliver Zero Trust strategies that build cyber resilience. Learn more about how Zero Trust capabilities within Surface devices can help you not only ensure that baseline security requirements are met but also helps you proactively protect your organization from evolving threats while improving employee engagement.
[1] "Top Cybersecurity Threats In 2023," Forrester Research, Inc., 17 April 2023
[2] “Microsoft Digital Defense Report 2022,” Microsoft 2022
[3] “Microsoft Digital Defense Report 2022,” Microsoft 2022
[4] "Evaluating the Business Case of Microsoft Surface,” IDC, September 2022
Source:
3 Zero Trust strategies for cyber resilience with Surface devices
While the Zero Trust security model has been around for a number of years, pressure to incorporate these security strategies has increased. Growing cyber..
techcommunity.microsoft.com
