By Mohammed Arif, Business Group Director, Modern Workplace and Security, Microsoft UAE
As the region battled through the challenges of economic continuity, no problem (except for the pandemic itself) loomed larger than cybersecurity. The technology ecosystem was suddenly spread across multiple domains, including corporate premises and third-party clouds. And home-based employees joined these domains using personal devices that had not been assessed for vulnerabilities.
Caught between the necessities of a secure environment and the need to digitally transform at scale, organisations turned to zero-trust strategies: assume breaches, insist on verification of all processes and user sessions, and issue credentials under stricter conditions.
Under zero trust, no identity is considered automatically valid, and no device is assumed to be completely healthy. Security processes use every available data point to authenticate and authorize – user identity, location, device update status, and information on services and workloads. Granting access will also require looking at the classification of data, and any other telemetry that can weed out anomalies and put them under the spotlight.
Zero trust limits user access with just-in-time and just-enough-access (JIT/JEA) and employs risk-based adaptive polices and protection measures to secure data and workloads. In this approach, we assume a breach has already occurred and work to minimise business impact. And we improve defences through enhanced encryption and advanced analytics.
Such is Microsoft’s approach to security. We spend more than US$ 1 billion annually on R&D to deliver the building blocks of zero trust. In 2020, when regional enterprises flocked to the Microsoft Cloud – offered through our dedicated UAE data centres in Abu Dhabi and Dubai – we saw in real time how the benefits of a trusted, secure environment were being leveraged so that businesses could focus on stability, growth, and innovation. Zero trust strategies adapted to the complexities brought about by new-normal environments, thereby making room for the modern, hybrid workplace, and protecting people, endpoints, applications, and data, regardless of their location.
When environments are locked down by zero trust in the Microsoft Cloud, users can be assured of safety, and work more securely on any device. And digital transformation can proceed apace, protected by intelligent security measures that are designed for the complex technology stacks of today. Zero trust concentrates on closing security gaps and minimising the risk of lateral movement by taking a satellite view of the IT ecosystem and bringing together everything that is known about people, applications, and data to mitigate threats before business impact occurs.
During the mass cloud migration of 2020, Microsoft supported the region’s enterprises on their journeys. We saw adaption, collaboration, innovation, and crisis management on a scale never witnessed previously. We are deeply proud of the role the Microsoft Cloud played in each of these stories, and how it supported the new era of zero trust. We are confident zero trust is here to stay and that its presence will mean heightened confidence and reduced risk in a new era of regional innovation.