Microsoft suggests companies adopt a “Zero Trust” mindset. This arises after completing the investigation of SolarWinds.
The Redmonds are closing the book on their internal investigation of the now infamous attack on phishing SolarWinds that has affected hundreds of American companies. At first it had been identified that the nation-state attack first made its way through the use of Microsoft’s Outlook. However, the company defended the use of its products by assuring its customers that none of its services were being used to directly attack others.
Microsoft’s internal investigation not only has he reaffirmed this, but also allows the company to boast that “there was no evidence of access to our customer data production services either.”
Microsoft suggests companies adopt a “Zero Trust” mindset
Following this, Microsoft cautions that in the future, its customers and others will need to adhere to some fundamental changes to its approach to security.
First, they must “adopt a zero trust mindset“. Microsoft describes it as “Any activity, even by trusted users, could be an attempt to breach the systems“. Second, embrace the cloud. Perhaps initially counterintuitive given the way the attack on SolarWinds spread. However, Microsoft believes that by embracing the cloud, companies can “overlap” on security. They will do this by taking advantage of real-time advancements in threat protection from cloud service providers like themselves.
Microsoft’s not-so-subtle add-on for Azure has its merits by fitting into the latest security approach suggested by the company. This refers to “Strengthen the community of defenders”. Adopting the cloud also helps companies collectively purchase security solutions more quickly. Microsoft would like more companies to join in on that idea.
Ultimately, the focus on security comes down to the core competence of enterprises with the latest threat analysis. Obviously, Microsoft would love for companies to double down on their security by making use of Azure and Microsoft 365 Defender. However, this is an insecure world at the moment and it appears that at this point, the company would simply settle for its customers to be more proactive in the face of potential online threats.