By Ryan Squires Posted February 18, 2019
Zero Trust Security (also called Zero Trust Architecture) is an IT security model regarding network infrastructure that has been gaining some steam in the marketplace these days. There has been a confluence of events that worked together to make that happen, but given Microsoft®’s dominance in various areas of IT, admins are often left wondering how Microsoft and Zero Trust Security work together. With that in mind, read on to find out their relationship and additional ways to bolster your security posture.
How Microsoft and Zero Trust Security Intersect
The relationship between Microsoft and Zero Trust Security is a great one to ponder. Consider this, for Zero Trust Security to really take off, it would seem that Microsoft would need to play a significant role in it—not only because of their ownership of the Windows® operating system—but more pointedly, their dominance in identity management software. We’re of course talking about Active Directory® (AD) and the domain controller.
The problem that confronts the Zero Trust Security model as it pertains to Microsoft is simple. Zero Trust Security assumes that every network, and every user on the network, is untrusted by default. That concept stands in contrast to Microsoft’s concept of the domain and Active Directory Domain Services or Azure® AD DS. Microsoft’s viewpoint and workflow is to create domains that people join, which then subsequently enable you to single sign-on into a variety of Windows-based resources through the magic of Kerberos.
So, unlike Microsoft’s AD DS/Azure AD DS strategy, under the Zero Trust Security model there isn’t really a concept of a domain to join. You access the IT resources you need, regardless of where they are and what they are, based on a few simple caveats. All users and resources must be verified and authenticated, system data must be collected and analyzed, and network access and traffic must be secure and monitored for suspicious activity. These requirements suggest that Microsoft’s Active Directory and Zero Trust Security may not go together completely.
Bye Bye Domain?
Microsoft’s Active Directory has been incredibly successful because of the early days of the Windows-based network. But, many IT admins living in the here and now are struggling to connect their AD instances to new resources they’re coming up against in their environments. That includes macOS® and Linux® systems, Samba file servers and NAS appliances, web applications, cloud infrastructure from the likes of Amazon Web Services® (AWS®) and Google Cloud™, web applications and legacy applications that authenticate via SAML and LDAP respectively, WiFi, and more. Naturally, due to this influx of non-Windows resources, IT organizations are shifting away from the idea of the domain because of all the resources that can’t join it anyway.
Zero Trust Security and the Cloud
The good news is that there is a next generation Active Directory-type solution delivered from the cloud called JumpCloud® Directory-as-a-Service®. JumpCloud really hammers home a key aspect of Zero Trust Security with the inclusion of a number of powerful features including securely and uniquely authenticating users to their systems (Windows, Mac, Linux), cloud and on-prem servers via SSH keys, web and on-prem applications via LDAP and SAML, Samba file server / NAS appliances, and WiFi networks through RADIUS.
In addition, a critical part of the Zero Trust implementation of JumpCloud’s cloud directory is multi-factor authentication (MFA). MFA is very much in the same vein as Zero Trust Security because you cannot trust that everybody with a user’s specific username and credentials is actually that person. So, MFA requires a user to provide both the correct password and a TOTP (time-based, one-time token) linked to that specific account to ensure that the correct user is in fact accessing that IT resource. JumpCloud has a myriad of other security-minded features that can bolster any IT environment including RADIUS, and a whole slew of system management Policies like full disk encryption (FDE), OS updates, and much more.
Learn More About JumpCloud
Microsoft and Zero Trust Security may not be a great fit, but JumpCloud and Zero Trust Security are. If you’re ready to try it out yourself, sign up for a free JumpCloud account today. It enables you to manage up to 10 users for free, forever, and you don’t even need to input a credit card. Once you’ve signed up, feel free to visit our Knowledge Base and/or YouTube channel to learn more.