Zero Trust Environment Implementation Using Cloud Security Controls

By February 17, 2022 No Comments

Zero Trust Environment Implementation Using Cloud Security Controls 1


Because of the pandemic, traditional perimeter-based network defence is no longer effective. Customers want enterprises to retain security controls similar to those found in a controlled/organizational environment when working from home, and becoming accustomed to a “Zero Trust” environment would be an ideal way to meet all legislative, compliance, and regulatory security obligations.


The security perimeter has been redefined by cloud apps and the mobile workforce.

  1. The new perimeter is no longer defined by the organization’s physical location(s)—it instead extends to any access point that hosts, stores, or accesses corporate resources and services.
  2. Interactions with corporate resources and services are increasingly circumventing on-premises perimeter-based security paradigms based on network firewalls and VPNs.
  3. Organizations that rely primarily on on-premises firewalls and VPNs lack the visibility, solution integration, and agility required to provide timely end-to-end security coverage.

Takeaway – Today, enterprises require a new security paradigm that more effectively responds to the modern environment’s complexity, embraces the mobile workforce, and protects people, devices, apps, and data wherever they are located. This is the foundation of Zero Trust.

1.1       What is Zero trust

A zero trust “ZT” environment is a cybersecurity architecture based on zero trust principles that is intended to prevent data breaches and limit internal lateral movement. ZT is a set of guiding principles for workflow, system design, and operations that may be utilised to improve the security posture of any classification or sensitivity level information.

1.2       Traditional perimeter security controls

A conventional security architecture might include a firewall/UTM, a network intrusion detection and prevention system, centralised anti-virus and anti-spam, perimeter and host-based data loss prevention, a domain controller (Active Directory), SIEM, and patch management tools.

Zero Trust Environment Implementation Using Cloud Security Controls 1

Figure 1 – Traditional network architecture

3.  Approach REQUIRED FOR ZT implementation over cloud

To use ZT architecture and protect organisational assets and investments, a technology and product neutral strategy should be considered. For ZT implementation using cloud controls, a four-step strategy is advised. Assess, Audit, Apply, and Assure (A4) is discussed more below:

3.1         Assess

A comprehensive security assessment is required to identify endpoint, server, online, mobile, and other vulnerabilities.

3.2       Audit

A detailed strategic plan must be delivered during this phase to meet compliance, regulatory, and statutory requirements.

3.3       Apply

The ultimate solution requires detailed blueprints and architecture designs that integrate all technology and system components.

3.4       Assure

At this stage, monitoring identity management, endpoint, application, workload, and network access logs is required.


4.       Cloud solutions that can meet ZT requirements

Even though we are considering Microsoft Azure options, identical solutions are available from all cloud service providers.

4.1       Authentication

Multifactor authentication (MFA, 2FA, or 3FA) is required to achieve Zero Trust. Microsoft Azure AD supports MFA and SSO.

4.2       Access control

Traditional Active Directory group policies implement perimeter network access limitations. Cloud-based mobile device management (MDM) solutions like Microsoft Intune can help.


Azure Active Directory offers conditional access restrictions based on user/group, IP, device, or application. It also detects risks in real-time.

4.3       Micro segmentation (Application and Network Firewalls)

Micro-perimeters operate as system borders, prohibiting unwanted lateral movement. The company can segment by user group, location, or logical application group. Azure’s ASG and NSG services enable micro segmentation.

4.4       Monitoring

Azure’s Security Center (Azure Defender) helps us locate and monitor suspicious activities. It also inspects, evaluates, and logs all traffic  and data.

4.5       Policy enforcement

Organizations have varying compliance standards. Azure’s security benchmarks, blueprints, and policies help organisations quickly implement/enforce security rules and controls.

4.6       Key Management

Azure Key Vault is a Microsoft cloud service for securely storing and accessing secrets such as passwords and SSH/API keys.

4.7       End point protection

Mobile device management solutions, such as Intune, can be used to govern how devices, such as phones, tablets, and laptops, are utilised. Specific policies can also be configured to control programmes.

4.8       Security Operation Center

Cloud based SIEM systems, such as Sentinel, can assist security teams in collecting and analysing massive amounts of data at scale in order to detect new network threats.


Because the Zero Trust security model works best when it is implemented across the whole digital environment, most businesses will need to take a phased approach that focuses on specific areas for change based on their Zero Trust maturity, available resources, and objectives.

Each investment must be thoroughly considered and aligned with current business demands.

Do watch this space for more blogs on Zero Trust Environment.

Leave a Reply