Summary - Introduction to Zero Trust and best practice frameworks
In this module, you have learned about the Zero Trust approach to security and how it is required to keep up with threats, changes to cloud platforms, and changes in business models responding to a rapidly evolving world. The Microsoft Zero Trust approach to security is based on three principles: assume breach, verify explicitly, and least privilege. A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end-to-end strategy. This is done by implementing Zero Trust controls and technologies across six foundational elements.
The main takeaways from this module are that Zero Trust is a major transformation of a security program, and it is critical to start with the most impactful items that get you the most security and productivity increases with the least amount of time and resources. The Zero Trust Rapid Modernization Plan (RaMP) is included in the Microsoft Cybersecurity Reference Architecture (MCRA) and provides best practices that help you prioritize your security modernization. The Zero Trust RaMP aligns to the recommended security modernization initiatives, including secure identities and access, data security and governance, risk, compliance (GRC), modern security operations, infrastructure and development security, and operational technology (OT) and Internet of Things (IoT) security.
Learning objectives
In this module, you learned how to:
- Use best practices as a cybersecurity architect.
- Understand the concept of Zero Trust and how it can be used to modernize an organization's cybersecurity.
- Understand when to use different best practice frameworks like MCRA, CAF and WAF.