How to set up zero trust security at your business

Almost a decade ago, cybersecurity industry analyst John Kindervag introduced “zero trust security” to the IT world. The idea was to keep user data safe from cyberattacks no matter what devices or networks were used to access the data. Zero trust security is tailor-made for companies using cloud-based apps at their business. While the zero trust security method is very effective, taking it from concept to practice at your business can be daunting unless you have a cybersecurity industry certification.

Over the past year, Amaxra consultants have deployed secure, cloud-based productivity solutions at businesses large and small using zero trust security. We are offering these helpful tips on how you can get started on securing your digital assets using this powerful method.

Defining zero trust security

Zero trust security is an IT security model that regards all sources of internal and external network traffic as potential attack vectors. Contrast this to the traditional IT security model that builds a strong perimeter to defend trusted assets—an organization’s internal data—against an outside attacker. The typical analogy used is that perimeter defense is like building a (virtual) castle and moat around your company’s network and data.

A zero trust model is different. In this model, the identity of all users and devices must be verified and authenticated before an app or any data can be accessed. This authentication requires every request—whether you’re accessing a shared Excel spreadsheet at your desk in corporate HQ or accessing your Outlook email on your iPhone while waiting for your Starbucks latte—must be analyzed and verified against your corporate identity. Zero trust security also limits and monitors network access and traffic for suspicious activity. To most people, zero trust security comes across as paranoid, but it is the preferred method for securing corporate assets.

Your first step toward implementing zero trust security

The foundation of zero trust security begins with asset intelligence. Without knowledge of the data, devices, users, and apps that are on your corporate network, there is no way to know what needs verifying. So, your company must first set up a standard method for handling user identities on your network. Once that method is established, you can provide every internal employee and external partner with an identity that can be cross-referenced for accessing resources on your network. This process is called identity and access management (IAM).

What most companies don’t like about setting up and managing IAM is the complexity. One Amaxra customer said that it feels like an engineering degree is a baseline requirement for IAM set up. In Microsoft 365, IAM services are built into the administration panel and has a guided set up. Delivered from the secure and globally-available Microsoft Azure cloud infrastructure, Amaxra uses IAM in Microsoft 365 to establish an identity for every user on the customer network. We do this to enable our customers to access cloud-stored corporate data with multiple devices safely. Because IAM assumes every asset and device used on the open internet, every request for access must be verified. But to verify user, you need to have a simple and automated way to authenticate them.

Protecting your employees’ identities to reduce user risk

One of the core elements of zero trust security is enabling strong authentication for users. Amaxra reduces the risk of security breaches by setting up strong authentication for user devices on all of our Microsoft 365 and Office 365 deployments. If your organization has either Office 365 or Microsoft 365, Amaxra suggests you turn on Multi-Factor Authentication (MFA) for all of your users. Not only will MFA put you on the path to zero trust security, it’s also very simple to enable for organizations with either Office 365 or Microsoft 365. It is literally clicking a checkbox next to the user’s name in the administration panel.

Cybersecurity industry professionals agree that enabling MFA, whether it’s sending a confirmation text to your smartphone or requiring a thumbprint biometric scanner on your laptop, protects users from 99.9% of identity attacks. We’ve blogged about how biometric MFA options such as Windows Hello For Business in Microsoft 365 removes the need for users to remember passwords, which is actually more secure than strong passwords!

How to manage users and devices without sacrificing productivity

It should be obvious to every business owner and the IT managers working for them that while security is important, so is a user experience that helps people do their best work. When your organization is on the path to zero trust security, choosing Microsoft 365 enables the IT security component to go virtually unnoticed by your end users while boosting productivity.

Every deployment of Microsoft 365 that Amaxra has performed in the past year was configured to automatically provision employee devices. This ensures that every new device connecting to the corporate network meets zero trust security standards out of the box. Amaxra configures our customers’ Microsoft 365 to apply security policies straight from the cloud. Because zero trust security is based off user identity, we apply policies that protect corporate data even on employee-owned devices.

A good example of this is how a personal smartphone or tablet can access work email and documents from the cloud while any personal data on those devices remain private. Amaxra configures context-aware conditional access policies on Microsoft 365 to prevent unauthorized use of files. And if any device on the corporate network gets compromised by a cyberattack, we automatically isolate it from the network; blocking it from accessing any of your corporate data. In the worst-case scenario of the CEO’s iPhone getting stolen in a hotel room or airport, Amaxra configures Microsoft 365 to remotely wipe the device and protect confidential information. This type of centralized security management is crucial for zero trust security.

Overwhelmed? Amaxra can help

85% of IT decision makers report that increasingly advanced security threats make the stakes of successful data protection greater than ever. Even though Microsoft built in a lot of zero trust security features into their cloud-based solutions, many companies can feel overwhelmed by the licensing and configuration options. Fortunately, Amaxra consultants have real-world experience with deploying Microsoft’s secure, cloud-based productivity solutions such as Microsoft 365, Office 365, and more. Our experts can help secure your data while boosting your employee productivity—and do it in a way that fits for your budget.


Contact me at technology@amaxra.com or call 425 708 8841 if you have any questions or comments on this blog.

about the author

Mike Arntzen

Mike is an experienced Technology expert who is skilled in Enterprise Software and Security and Cloud Implementation. He has a strong engineering background graduated from the Royal Australian Air Force School of Radio, with postgraduate studies in Fibre Optics from Royal Melbourne Institute of Technology. Known at Amaxra as "Mr FixIt" there isn't much Mike can't resolve. He has recently implemented Amaxra's switch to Skype for Business within the Amaxra office.

Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email technology@amaxra.com or chat with us on this website to find out more.

Special Offers

How can we help you?

get in touch