Main focus of the presentation was on Microsoft’s ‘Prevent Breach’ and ‘Assume Breach’ philosophies, both preparing for cloud security. ‘Prevent Breach’ we’re all familiar with as its goal is to keep the bad guys out. It is being realized by e.g. code reviews, security testing and techniques alike. ‘Assume Breach’, however, focusses on the preparation of your environment, people, processes and technologies to detect actual attacks and penetrations. By identifying and addressing gaps in all of these you will be able to better detect, respond and recover from attacks and penetrations.
To secure their cloud journey Microsoft adapted the Zero Trust model. Depending on the information you want to access, a specific level of trust is required before access can be granted. By evaluating the user identity requesting access, the device used to do so and the information that is to be accessed, the organizational policy decides if access can be granted and which security policy is to be enforced.
To top things off a demo illustrated some of the use cases mentioned.