Security Experts:

Microsoft Launches Free Zero Trust Assessment Tool

Microsoft last week announced the availability of a tool designed to help organizations see where they are in their journey to implement a zero trust security model.

Nupur Goyal, senior product marketing manager at Microsoft, told SecurityWeek that the tool is free and available to anyone.

“Our assessment tool will help orgs assess readiness across identities, devices, apps, infrastructure, network and data, and then provide go-dos and deployment guidance to help them reach key milestones,” Goyal said.

Due to the COVID-19 coronavirus outbreak, an increasing number of organizations have asked their employees to work remotely, which makes it more important than ever to prevent unauthorized access to corporate systems.

The capabilities provided by on-premises identity and security solutions can be limited, and one way to address the challenges associated with secure remote access is to implement a zero trust security model.

The zero trust model, whose guiding principle is “never trust, always verify,” assumes that every request originates from an uncontrolled network. Every access request is strongly authenticated and checked for anomalies before access is granted.

When the zero trust model is adopted, organizations must ensure that all resources are accessed securely regardless of where the request is coming from, apply a least privilege strategy and strictly enforce access control, and inspect and log all traffic, even if it originates from the local network.

Microsoft says every company looking to implement the zero trust model is at a different stage in their journey, and the assessment tool released by the tech giant can help them determine exactly where they are.

The assessment also provides organizations with recommendations on how to move forward to the next stage.

Microsoft says it plans on publishing deployment guides for each of the six foundational elements of zero trust — these are identities, devices, applications, data, infrastructure and networks — in the upcoming period.

Related: Enterprises Showing Increasing Backing of Zero Trust Authentication

Related: Cyber Security's New Center Point: Zero Trust

Related: Patching Not Enough; Organizations Must Adopt Zero-Trust Practices: Report

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.