Citizen confidence in government institutions and public servants depends on trust. Citizens need to trust that the individuals and agencies representing them will act in good faith to protect their interests. Whether it’s the safety of food, medications, infrastructure, information, or national security, the sustainability of the social contract between the government and its constituents requires persistent attention to retain the public’s trust.
For governments to function, the flow of data on a massive scale is required—including sensitive information about critical infrastructure, public safety, and security. The higher the stakes in data sensitivity, the more attractive the information is to malefactors for reasons that range from financial gain to political influence. It should come as no surprise that the security of government information systems is subject to constant attempted attacks.
Until recently, the prevailing paradigm for system security was to protect the perimeter—that is, protect the network’s entry and exit points, typically through firewalls or virtual private networks (VPNs). This model is built on implicit trust that access is legitimate by default for anyone inside the perimeter. The basis for this implicit trust in traditional network security is becoming obsolete in the wake of changes such as the expansion of the mobile workforce, the rapid growth in digital data, the proliferation of shadow IT, and the rise of cyberattacks. Today, more and more organizations are pivoting to a Zero Trust model for security where all users and devices—both inside and outside the network—are deemed untrustworthy by default and the same security checks are applied to all users, devices, applications, and data.
Security considerations for government institutions
Consider the information needed by social workers employed by a child protection agency to do their job promoting the safety and development of at-risk children, some of the most vulnerable citizens in society. To screen a child for investigation requires judgment based on quality information. To take a child into protective custody requires even more exacting discernment. Before a court makes a final decision to remove a child from their family, multiple professionals from various agencies need to conclude there’s reasonable cause to believe that the health, safety, or welfare of the child is at risk. In order to make these important decisions, the stakeholders need appropriate access to the relevant information across functions and agencies. And they need to coordinate with each other.
A social worker may be a civil servant or a contractor using an agency-supplied device or a personal phone. They may be inspecting environments where children live or go to school, or they may be taking information from healthcare providers or law enforcement. The range of information they interact with is diverse and extensive, and its transmission across relevant agencies is made more complex by compliance standards pertaining to data protection and privacy.
Some questions governments ask themselves to support the free and trusted flow of information to empower social workers include:
- What data do social workers need to do their jobs?
- Should access to relevant sensitive information apply at all times, or would it be appropriate to impose time limits?
- What information is safe to store on personal devices—for example, photos that are relevant to the case?
- What to do if the identity or the device of a social worker becomes infected through malware?
This can potentially wreak havoc on data privacy or the safety of the vulnerable population they are trying to serve and could open the agency up to civil liability if not properly protected.
Given these questions and the complexity of cybersecurity concerns and data privacy, it’s hard to justify an approach that is premised on implicit trust and unfettered access to sensitive data. In addition to trust considerations, public sector organizations also need to enable productivity and collaboration. Striking the right balance between productivity and security need not be all or nothing.
The Zero Trust model
The Zero Trust security model adheres to three pillars:
- Explicit verification of every access request.
- Use of least privileged access with just-in-time adaptive risk-based access policies.
- Assume breach mentality to minimize potential damage to, or loss of data from, additional parts of the organization.
In our example, all information requests would be treated as though they originate from an uncontrolled (external or compromised) network. But this need not impede the social worker’s productivity. With the right governance, social workers can and should have access to the relevant information. Governing parameters might include restricting access to information about non-clients. Another parameter may be to set access expiration dates, or determine which devices are eligible for access. If a device or an agency worker’s identity becomes compromised, their access can be mediated by identity management or data governance rules that enable productivity while being mindful of security.
For an agency to retain its commitment to the constituents it serves and uphold data privacy standards, implicit trust within a data estate no longer makes sense. An end-to-end Zero Trust approach aims to build security into the entire digital estate, across your identities (usernames and passwords), devices, network, infrastructure, applications, and data.
Microsoft 365 helps governments on the Zero Trust journey
With Microsoft 365, governments can take immediate steps towards a Zero Trust security model. The first step in building a secure environment is explicit verification of identity. Phishing is one of the most common types of cyberattacks. It can lead to a user’s credentials being compromised and opens the doors for attackers to steal valuable information. Sensitive data may be what cybercriminals want, but an identity breach is often the preferred tactic to get to the data. Protecting identity and managing access is therefore a pivotal first step in a cybersecurity strategy. This is because identity can act as the new control plane that connects all the organization’s data dispersed across multiple applications, on-premises and in the cloud, and accessed by multiple devices and users.
Getting identity management right is a defensive imperative and it can enable an organization to save time and resources. Azure Active Directory (Azure AD) is a powerful identity management solution that helps modernize access management and provide end-to-end visibility across the entire digital estate by connecting all applications and services to a single control plane. This is key to implementing a Zero Trust model because setting policies to define the right user experience at each access request ensures users are allowed the least privileged access necessary to perform their role. With Azure AD, organizations can also deploy a variety of passwordless authentication solutions from Windows Hello to FIDO 2.0 keys, further strengthening their access security.
Another pillar of the Zero Trust model is the principle that policies define how devices are used in the workplace; this is important as employees increasingly use their own devices at work. Under Zero Trust, the “health” of the device is a gating variable for access policies. With Microsoft Intune, mobile application management and mobile device management (MDM), part of the new Microsoft Endpoint Manager platform, organizations can verify and make the health of the device a precondition to access data. MDM enables comprehensive remote management of mobile devices, including remote data wipe if needed.
The final pillar of Zero Trust addresses the need to govern access by network to prevent lateral movement in the event of a breach. Microsoft 365 offers many services to help monitor and detect threats and protect sensitive data:
- Microsoft Cloud App Security detects unusual behavior across Microsoft and third-party cloud apps. It can identify high risk usage and remediate automatically to limit risk to an organization.
- Office 365 Advanced Threat Protection (ATP) provides continuous, real-time detonation capabilities to find and block threats, including malicious email links and attachments.
- Microsoft Defender ATP protects endpoints in real-time by detecting and responding to threats.
- Azure ATP detects risky and suspicious user activities and generates alerts.
- Azure Information Protection provides controls to help secure email, documents, and sensitive data no matter where it’s stored or whom it’s shared with.
What makes Microsoft unique is the native integration of all these services allowing for holistic security management across each of the Zero Trust pillars, resulting in an orchestrated response to protect agencies’ digital estates end-to-end. This also serves to simplify the Zero Trust journey by eliminating the complexity of trying to make multiple different cybersecurity solutions work together that were not designed to integrate with one another.
Microsoft services are enhanced by the powerful insights captured by the Microsoft Intelligent Security Graph—the centerpiece of Microsoft’s differentiation in cybersecurity—which reasons over more than 8 trillion security signals from 1.2 billion end points and hundreds of millions of identity, email, and document transactions. Microsoft employs unique human and artificial intelligence (AI) to make sense of these vast and complex cybersecurity signals to connect the dots to find the signal in the noise.
Cyberattacks are becoming more frequent, better organized, and increasingly sophisticated. Governments recognize the seriousness of these concerns and are searching for solutions to update their security posture in the new cybersecurity era with limited budgets and insufficient skills.
Microsoft 365 provides best-in-class productivity apps while protecting identities, devices, applications, networks, and data. With Microsoft 365 security services, governments can take confident steps in the direction of a modern, Zero Trust security environment.