{"id":25451,"date":"2024-11-12T13:00:44","date_gmt":"2024-11-12T21:00:44","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/11\/12\/news-19181\/"},"modified":"2024-11-12T13:00:44","modified_gmt":"2024-11-12T21:00:44","slug":"news-19181","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/11\/12\/news-19181\/","title":{"rendered":"DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration"},"content":{"rendered":"<p><strong>Credit to Author: Steve Faehl| Date: Mon, 11 Nov 2024 17:00:00 +0000<\/strong><\/p>\n<p>In 2022, the United States Department of Defense (DoD) released its formal <a href=\"https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/Library\/DoD-ZTStrategy.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust (ZT) Strategy<\/a> with the goal of achieving enterprise-wide Target Level ZT implementation by September 30, 2027. A pioneer among these departments is the United States Navy, which recently launched Flank Speed\u2014a large-scale zero trust deployment that aims to protect more than 560,000 identities and devices while improving the overall user experience.\u00a0\u00a0<\/p>\n<p>As part of the department\u2019s ongoing assessments of zero trust implementation, Flank Speed just underwent its <a href=\"https:\/\/www.doncio.navy.mil\/CHIPS\/ArticleDetails.aspx?ID=18004\" target=\"_blank\" rel=\"noreferrer noopener\">second round of security assessments<\/a> sponsored by the DoD Zero Trust Portfolio Management Office (PfMO)\u2014with tremendous results. Just two years after the initial DoD guidance was issued, the United States Navy demonstrated that their integrated approach to security could achieve the department\u2019s ZT goals, years ahead of schedule. The model developed by the Navy in collaboration with Microsoft can be replicated to help both civilian and defense agencies to similarly accelerate their own zero trust goals.&nbsp;<\/p>\n<div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n<div class=\"card d-block mx-ng mx-md-0\">\n<div class=\"row no-gutters\">\n<div class=\"col-md-4\"> \t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"600\" height=\"600\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/MSFT_M365_Apr_SecurityGIF12_Blog_GIF_240410_FINAL-3.gif\" class=\"card-img img-object-cover\" alt=\"\" \/>\t\t\t\t<\/div>\n<div class=\"d-flex col-md\">\n<div class=\"card-body align-self-center p-4 p-md-5\">\n<h2>DoD Zero Trust Report<\/h2>\n<div class=\"mb-3\">\n<p>The United States Navy is proving that Zero Trust goes beyond compliance standards and has become a proven security methodology with real world results.\u00a0\u00a0<\/p>\n<\/p><\/div>\n<div class=\"link-group\"> \t\t\t\t\t\t\t<a href=\"https:\/\/www.doncio.navy.mil\/CHIPS\/ArticleDetails.aspx?ID=18004\" class=\"btn btn-link text-decoration-none p-0\" target=\"_blank\"> \t\t\t\t\t\t\t\t<span>Discover more<\/span> \t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>During the exhaustive test, the comprehensive, integrated suite of Microsoft Security tools enabled Navy personnel to meet Target Level zero trust implementation, achieving 100% success in the 91 Target Level activities tested. Further testing of 61 Advanced Level zero trust activities determined the Navy had achieved success in nearly all (60 of 61) advanced Target Level activities.<\/p>\n<p>The DoD expanded beyond traditional penetration testing to thoroughly evaluate all 152 zero trust activities. Prior to the month-long test, military personnel were trained on the effective operation of the comprehensive zero trust solution over the course of six months. This training allowed Navy personnel to detect and mitigate all attack vectors presented to them by the near-peer adversary assessment team.&nbsp;&nbsp;<\/p>\n<blockquote class=\"wp-block-quote blockquote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;Flank Speed&#8217;s unprecedented ability to achieve the very highest level of DoD ZT outcomes demonstrate to us that the department and the federal government that ZT cyber defenses work very effectively to protect and defend our data and systems against the very latest cyber-attacks from our adversaries.&#8221;<\/em><\/p>\n<p>\u2014Mr. Randy Resnick, Senior Executive Service, Chief ZT Officer for the DoD&nbsp;<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"components-of-success\">Components of success&nbsp;<\/h2>\n<p>Flank Speed is a large-scale deployment born out of the need to securely facilitate remote workers at the onset of the COVID-19 pandemic and built on the Navy\u2019s unclassified combined Azure and Microsoft 365 Impact Level 5(IL5) cloud. To achieve a secure operating environment, the Navy aligned its security approach around the DoD\u2019s seven zero trust pillars\u2014each of which represents its own protection area:&nbsp;&nbsp;<\/p>\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<ul class=\"wp-block-list\">\n<li>Users&nbsp;<\/li>\n<li>Devices<\/li>\n<li>Applications and workloads<\/li>\n<li>Data<\/li>\n<li>Networks<\/li>\n<li>Automation and orchestration<\/li>\n<li>Visibility and analytics<\/li>\n<\/ul><\/div>\n<p>As outlined in the diagram below, the Microsoft 365 E5 package combines best-in-class productivity solutions with comprehensive security technologies that can address all seven pillars of the DoD Zero Trust Strategy. &nbsp;<\/p>\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-large&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-136340 webp-format&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1637,&quot;targetHeight&quot;:854,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Diagram showcasing the seven pillars of the DoD Zero Trust Strategy. &quot;,&quot;alt&quot;:&quot;Diagram showcasing the seven pillars of the DoD Zero Trust Strategy. &quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2-1024x534.webp\" alt=\"Diagram showcasing the seven pillars of the DoD Zero Trust Strategy. \" class=\"wp-image-136340 webp-format\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2-1024x534.webp 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2-300x157.webp 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2-768x401.webp 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2-1536x801.webp 1536w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2.webp 1637w\" data-orig-src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2024\/11\/Picture1-2-1024x534.webp\"><button \t\t\tclass=\"lightbox-trigger\" \t\t\ttype=\"button\" \t\t\taria-haspopup=\"dialog\" \t\t\taria-label=\"Enlarge image: Diagram showcasing the seven pillars of the DoD Zero Trust Strategy. \" \t\t\tdata-wp-init=\"callbacks.initTriggerButton\" \t\t\tdata-wp-on-async--click=\"actions.showLightbox\" \t\t\tdata-wp-style--right=\"context.imageButtonRight\" \t\t\tdata-wp-style--top=\"context.imageButtonTop\" \t\t> \t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\"> \t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/> \t\t\t<\/svg> \t\t<\/button><\/figure>\n<p>This comprehensive and extensible zero trust platform supports a range of environments including hybrid cloud, multicloud, and multiplatform needs. It brings pre-integrated extended detection and response (XDR) services, coupled with cloud-based device management and cloud-based identity and access management to meet the security priorities necessary for all defense and civilian organizations. The specific technologies and implementation strategies that support each pillar are outlined in <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/04\/16\/new-microsoft-guidance-for-the-dod-zero-trust-strategy\/\" target=\"_blank\" rel=\"noreferrer noopener\">this blog post<\/a>. Microsoft has also published a higher-level Security Adoption Framework (<a href=\"https:\/\/aka.ms\/saf\" target=\"_blank\" rel=\"noreferrer noopener\">SAF<\/a>) that provides guidance to organizations as they navigate the ever-changing security landscape.&nbsp;<\/p>\n<h2 class=\"wp-block-heading\" id=\"a-partner-agencies-can-trust\">A partner agencies can trust&nbsp;<\/h2>\n<p>Implementation of a zero trust solution from scratch can be a daunting task. A successful deployment requires the integration of properly configured technologies across numerous product categories. No single product can effectively achieve zero trust goals alone, but selecting a set of integrated capabilities whether first or third party can provide significant acceleration. In order to be effective in the long term, a zero trust implementation must also be flexible enough to adapt quickly to new adversary tactics. Following the <a href=\"https:\/\/www.microsoft.com\/en-us\/industry\/microsoft-in-business\/security\/2021\/06\/17\/the-cybersecurity-executive-order-whats-next-for-federal-agencies\/\" target=\"_blank\" rel=\"noreferrer noopener\">White House Executive Order<\/a> to improve the nation\u2019s cybersecurity and protect federal government networks, Microsoft offered technical expertise that helped architect and deploy technologies aligned to the DoD ZT strategy, including continuous monitoring, big data analysis, and comply-to-connect components.&nbsp;<\/p>\n<p>The success of Flank Speed is a critical demonstration of this collaborative approach to implementation. That a complex and critical environment such as that belonging to the Navy fully met not only its Target Level zero trust activities, but nearly all of the Advanced Level criteria more than three years before the DoD\u2019s 2027 deadline with a repeatable solution, is a testament that zero trust can be implemented effectively at scale across the government. &nbsp;<\/p>\n<p>Importantly, though Flank Speed itself is cloud-native, it has been deployed to extend its usability and security capabilities to both cloud-only and existing on-premises workloads and devices, both ashore and afloat. This gave the Navy a rapid path to increased security that was independent of any effort to modernize or sunset existing legacy assets. Along with the proven security achievements, this capacity to extend zero trust security to existing infrastructure could have wide-ranging benefits for organizations pursuing similar cybersecurity goals of a homogeneous security baseline across heterogeneous environments.&nbsp;<\/p>\n<h2 class=\"wp-block-heading\" id=\"a-commitment-to-security-and-innovation\">A commitment to security and innovation&nbsp;<\/h2>\n<p>Microsoft\u2019s support in helping the United States Department of Defense and its branches achieve zero trust implementation also helps inform Microsoft\u2019s own <a href=\"https:\/\/www.microsoft.com\/trust-center\/security\/secure-future-initiative\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Future Initiative<\/a>, which aims to continuously apply the company\u2019s cumulative security learnings in an effort to improve its own methods and practices, and to ensure that security is kept paramount in everything Microsoft creates and provides to its customers. Independent learnings gleaned as part of the Secure Future Initiative, in return, help Microsoft refine its approach in support of government organizations and a vast ecosystem of security partners. In this way Microsoft can work to ensure that zero trust environments supported by Microsoft 365 and Azure stay up to date, even as cyber threat actors change and mature their tactics and tools. This continuous collaboration advances the broader effort to secure and support the United States national security and the security posture of democratic organizations the world over.&nbsp;&nbsp;<\/p>\n<p>Microsoft commends the United States Navy for their milestone achievement. The United States Navy and the United States Department of Defense are proving that zero trust goes beyond compliance standards and has become a proven security methodology with real world results.&nbsp;&nbsp;<\/p>\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button btn-primary\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.doncio.navy.mil\/CHIPS\/ArticleDetails.aspx?ID=18004\" target=\"_blank\" rel=\"noreferrer noopener\">Read the full DoD Zero Trust assessment announcement<\/a><\/div>\n<\/p><\/div>\n<h2 class=\"wp-block-heading\" id=\"next-steps\">Next steps<\/h2>\n<p>To learn more about how to accelerate your Zero Trust implementation with best practices, the latest trends, and a framework informed by real-world deployments, visit our <a href=\"https:\/\/www.microsoft.com\/security\/business\/zero-trust?msockid=0e3ec26c31826b4e3979d06330ae6afd\" target=\"_blank\" rel=\"noreferrer noopener\">latest guidance<\/a>.&nbsp;<\/p>\n<p>&nbsp;To learn more about Microsoft Security solutions, visit our\u202f<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noreferrer noopener\">website.<\/a>\u202fBookmark the\u202f<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security blog<\/a>\u202fto keep up with our expert coverage on security matters. Also, follow us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Security<\/a>) and X (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>)\u202ffor the latest news and updates on cybersecurity.&nbsp;<\/p>\n<\/p>\n<p>The post <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/11\/11\/dod-zero-trust-strategy-proves-security-benchmark-years-ahead-of-schedule-with-microsoft-collaboration\/\">DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration<\/a> appeared first on <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/11\/11\/dod-zero-trust-strategy-proves-security-benchmark-years-ahead-of-schedule-with-microsoft-collaboration\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Steve Faehl| Date: Mon, 11 Nov 2024 17:00:00 +0000<\/strong><\/p>\n<p>The Navy implementation scored a 100 percent success rate, meeting DoD requirements on all 91 Target-Level activities tested.\u200b<\/p>\n<p>The post <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/11\/11\/dod-zero-trust-strategy-proves-security-benchmark-years-ahead-of-schedule-with-microsoft-collaboration\/\">DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration<\/a> appeared first on <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\">Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-25451","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25451"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25451\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}