Apps
Applications provide both a method for individuals to accomplish tasks as well as an avenue for attackers. A zero-trust deployment model for applications includes the following:
- Application visibility: Gaining visibility into how applications are used in your environment is critical to understanding how your users are conforming to your governance policies. Modern application platforms provide APIs that determine how users interact with the applications. MDA interrogates a wide range of application platforms and extracts usage data. MDA can also be used to audit applications for general compliance with your organization’s policies and risk tolerance.
- Managing shadow IT: Discovering shadow IT in your organization is the first step toward guiding your users toward supported solutions. Shadow IT presents multiple avenues for compromise. For example, users not only bypass your governance policies but they may even raise additional risks by downloading applications that have malware or allow data to be intercepted by third parties.
• Managing application access policies: You can use Microsoft Defender for Cloud Apps to determine whether applications are performing risky behaviors (such as downloading or uploading data abnormally) and then apply security policies such as suspending accounts, quarantining files, or applying sensitivity labels for encryption.
Using a cloud access security broker such as Microsoft Defender for Applications can help mitigate risks presented by both managed and unmanaged applications in your organization.
Data
Content authoring, storage, and sharing are the key components of every organization’s collaboration strategy. Data is typically viewed as the organization’s most important managed asset. When applying the principles of zero trust, it’s important to understand how the data is being created, stored, accessed, protected, and transmitted throughout the environment and then enact appropriate controls so that behavior complies with the organizational policy.
Here, administrators need to implement policies to determine the following:
- Where will users be able to store files?
- How and where will users be able to access files?
- How can the files be shared inside and, if enabled, outside the organization?
- How long will documents be retained for?
- How can auditors find out who accessed or deleted a document or find documents that contain specific information?
- How can documents be classified and protected?
You will now explore the following data concepts in depth:
- Document storage
- Sharing
- Auditing
- Retention
- eDiscovery
- Classification and protection
