Understanding Identity's Importance in Zero Trust

𝗛𝗮𝗽𝗽𝘆 𝗡𝗲𝘄 𝗬𝗲𝗮𝗿 to all Cyber Warriors, Developers, Partners, and Customers fighting adversaries 24x7x365! As we step into 2025, I’m excited about opportunities to innovate, learn from each other and strengthen our defenses. On 𝗗𝗮𝘆 𝟵, let’s focus on Identity and Access Management (IAM), the cornerstone of Zero Trust Architecture (ZTA). ZTA enforces “𝗻𝗲𝘃𝗲𝗿 𝘁𝗿𝘂𝘀𝘁, 𝗮𝗹𝘄𝗮𝘆𝘀 𝘃𝗲𝗿𝗶𝗳𝘆,” ensuring access requests are continuously validated. A recent survey revealed that 𝟴𝟬% 𝗼𝗳 𝗰𝘆𝗯𝗲𝗿𝗮𝘁𝘁𝗮𝗰𝗸𝘀 𝗹𝗲𝘃𝗲𝗿𝗮𝗴𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆-𝗯𝗮𝘀𝗲𝗱 𝗺𝗲𝘁𝗵𝗼𝗱𝘀, highlighting the importance of robust IAM practices. Weak IAM policies enable ransomware, cloud security breaches, lateral movements, and insider threats due to excessive privileges. As Sun Microsystems (my former employer) declared, “The Network is the Computer. In today’s cloud-first world, where traditional perimeters fade, 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗶𝘀 𝘁𝗵𝗲 𝗻𝗲𝘄 𝗽𝗲𝗿𝗶𝗺𝗲𝘁𝗲𝗿. Best Practices for Identity as the New Perimeter 1. Enforce Least Privilege Access • Grant users the minimum access needed for their roles leveraging role-based (RBAC) or attribute-based access control (ABAC) • Leverage GenAI to reduce business friction to help RBAC scale with fine-grained access needs. 2. Leverage Single Sign-On (SSO) • Simplify access through centralized SSO, using standards like SAML and OIDC with MFA. • Integrate acquired companies seamlessly using federated identity. • Combine SSO with adaptive authentication to validate device trust and geolocation. 3. Implement Multi-Factor Authentication (MFA) • Require MFA for all users, especially privileged accounts. • Adopt phishing-resistant options like FIDO2 security keys or biometric authentication. • Integrate MFA with conditional access policies for enhanced control. 4. Secure Privileged Access and Automate Management • Use Just-in-Time (JIT) provisioning for temporary elevated privileges. • Automate identity lifecycle tasks like provisioning, deprovisioning, and access certifications. 5. Reduce Friction Without Sacrificing Security • Implement adaptive authentication to balance security and user experience. • Simplify onboarding with SSO and pre-configured roles for employees and external partners. • Streamline approval workflows to enhance user experience and scalability. 6. Seamless Integration for Acquired Companies • Use federated identity to securely link systems across boundaries. • Establish templates and repeatable workflows to align with enterprise-wide policies. Building a strong IAM foundation ensures not only better security but also business agility. By focusing on strong IAM practices, organizations can be resilient in today’s interconnected world. 𝗦𝗲𝗰𝘂𝗿𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆, 𝘀𝗲𝗰𝘂𝗿𝗲 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀. #VISA, #Cybersecurity, #12DaysofCybersecrityChristmas #IAM #PaymentSecurity #HappyNewYear!

So you just deploy Zero Trust right? You just fold it into the existing security program right? Not so much! Zero Trust is a strategy and it is truly a company wide effort to achieve. One of the toughest parts of a ZT strategy for security executives is the Identity Pillar because often times that's what is in the primary user path and therefore requires change management across the entire business. Here is what you can do to achieve the "Optimal" level of Zero Trust from an identity perspective: ⭐ Deploy FIDO based phishing resistant MFA across all your identity sources. This includes endpoint access. ⭐ Ensure that you are doing thorough identity proofing for things like password/MFA resets that aren't based on KBA or other phishable factors. Here is a demo of what that looks like - https://lnkd.in/eUPNrAUk ⭐ Deploy a risk engine capability that can correlate risk from your other security tools such as EDR (Crowdstrike, MS Defender, SentinelOne, etc..) and can monitor access across all your identity sources and take action in real time. Accuracy is critical here. For more on how to achieve "Optimal" for the Identity Pillar of Zero Trust, check out this literature based off of the guidance provided by CISA - https://lnkd.in/gMGbKzaT

🔐 Identity is the perimeter. Logging is the evidence. Every agency has logs. But most can’t answer the critical question: 👉 Are the right identity-related events being collected, parsed, and actually usable — for detection, investigation, or compliance? We built a workbook + PowerApp that gives you that answer in real time. 🎯 What It Delivers: ✅ Validates if your Microsoft logs (Entra, Defender, Windows) are emitted, parsed, and validated ✅ Mapped over 50+ critical Windows Security Events to help identify privilege abuse, persistence, and system tampering ✅ Visualizes key identity operations like account creation, privilege escalation, role assignments, and service principal changes ✅ Tracks what happened, who did it, from where, and whether it was expected ✅ Enables real-world DFIR, Threat Hunting, and Audit Readiness — from a single pane ✅ Aligns to event logging requirements in frameworks like M-21-31, but built for daily operational use, not just checkbox compliance 🔎 Why Identity? Identity is the front door. Adversaries don’t break in — they log in. This solution helps SOC analysts, identity architects, and auditors answer questions like: Who created this account? Was it a delegated admin, app, or sync process? Did it come from a trusted IP? Another tenant? Can we prove it in logs — right now? 🚀 Why Now? Frameworks like M-21-31 are pushing organizations to prove their telemetry coverage — not just enable it. This workbook does that and more: Turn raw logs into defensible evidence. Turn compliance mandates into operational advantage. 🧠 Built for Zero Trust. ⚡ Powered by Microsoft Sentinel, Defender, Entra, and over 50+ mapped Windows Events 🔗 Please review the "Why Use Example" (https://lnkd.in/e5MWAVHC) , you will fix hyperlinks to the solution and how to use. Cheers. Posting folks for a much wider response. #Identity #EventLogging #WindowsEvents #M2131 #ZeroTrust #MicrosoftSentinel #EntraID #CyberDefense #ThreatHunting #AuditReady #PowerApps #CyberResilience Merill Fernando, Thomas Naunheim, Matthew Zorich, Eric M., Steve Turner, William Francillette Rod Trent, David Caddick, Laurie Rhodes, Joe Stocker, Jeffrey Appel