Usually on Friday mornings, there is one common denominator: It’s time to a Windows update. I don’t know how my computer knows it, but
this has been the trend since this spring.
I can tell an update is coming by the way the fan is blowing off in my
laptop.
But this update sort of scared me. It was the one to Windows 11. To be honest, I am not ready yet to update to
Windows 11, and I don’t know if I ever will be.
So as I hit that update button, I was praying that there would be a
choice not to.
Fortunately there was, and hopefully that will be the last
of it. But there was just one small
update, and that took only a few minutes to install. It’s not that I am now willing to give
Windows 11 a shot, but from what I heard its best to wait. Also, from what I hear is that this new OS is
filled with more security features than ever before. But is this a good thing or a bad thing?
Who knows. Every 2nd
Tuesday of the new month, Microsoft
comes out with what is called “Patch Tuesday”. These are the recommended software
patches and upgrades for Windows. Other
tech and firmware vendors have followed suit in this fashion, and in all of these
cases, it just blows my mind how many vulnerabilities still keep coming out.
But anyways, the newest security features that have been
supposedly installed onto Windows 11 deal with what is known as the Zero Trust Framework. In this methodology, absolutely nobody can be
trusted in either your external or internal environments.
Everybody has to be verified all the time through MFA
procedures. Even the geo-location and the
security settings of the wireless device in question are also checked before
granting access.
On a technical note, some of the Zero Trust features that
have been added include specifically the following:
*More support for the Pluton security processor;
*More support for the
Trusted Platform Modules;
*Implementation of the Trusted Boot,
*Higher levels of Encryption and Cryptography;
*The inclusion of Code Signing Certificates.
*The adoption of the Smart App Control;
*AI and ML to track down any signs of abnormal behavior;
*Checking the integrity of Windows Defender after each hard
reboot;
*Getting rid of passwords by making use of the Windows Hello
for Business functionality;
*Deep levels of protection for protecting against credential
harvesting attempts when an end user visits a website.
A strategic move that Microsoft has made when it comes to
deploying these Zero Trust is that there is nothing that the IT Security team has
to do. Everything is already “bolted on”. The thinking here is that the adoption will
be higher if people were forced to use them, and not voluntarily having to
deploy them. The other line of thinking
here is that all companies, no matter how large or small, will have access to the
Zero Trust Framework technologies, which will also help to level the playing field
to a huge degree.
The following illustration is just a sampling of what is included
in Windows, from the standpoint of Zero Trust:
(SOURCE: https://www.darkreading.com/operations/microsoft-practical-zero-trust-security-windows-11)
My Thoughts On This:
In the end, Zero Trust (as it is also called) is going to the
be next big movement in Cyber, whether you like it or not. Part of the reason for this is that for those
businesses that have deployed it to some degree or another, have actually
reported some success with it. Hey, that
is far better than nothing. But the one
thing that is going to hamper its full adoption is getting the buy in from
employees.
For example, as I have mentioned many times before, people are
creatures of habit. They simply do not
want to change unless they are forced to.
So, there could be a fair amount of grumbling for a long to time to come
of having to go through three or more layers of authentication versus just using
the normal password. This is where both
sides half to meet halfway.
For example, deploying the Zero Trust Framework should not
happen all at once. Rather, it should be
phased in gradually, in different stages.
And at each step of the way, any new processes that are going to be introduced
should be tested first in a sandbox environment before they are released into the
production environment.
Heck, anticipate that it could be quite a number of months,
or even years, until it is fully deployed properly at your place of business.
But slow and steady is the best way to go, because going in
a haphazard fashion will simply not only widen the attack surface, but it could
also create many other backdoors for the Cyberattacker to penetrate into.
But apart from this, another key factor to the successful
deployment is communications. Always let
your employees know what is going on, and give them the chance to ask any
questions or raise any concerns that they may have.
This will not only increase the chances of getting employee
buy in, but they will also feel that they been an important part of the process
as well, which in turn should increase employee morale and levels of
productivity.
I think Microsoft is also trying to come up with a way of
making Zero Trust a two-way street:
Whatever happens On Prem will also by synched up into the Azure Cloud, especially
if the Hybrid deployment is being used.
It is also important to keep in mind that the Zero Trust
Framework Is not a tool, but rather it is a methodology. There is no one size fits all strategy here,
you have to customize it to meet your security demands and requirements. It’s about using existing tools and
technologies, then procuring newer ones!!!
With 80 million password hacks occurring on a daily basis, the
Zero Trust Framework is here to stay, for a very, very long time.
No comments:
Post a Comment