Suites, bundles, packages… You know the right tools will work wonders for your productivity and business growth—but which ones are the right ones?
The two biggest competitors for your business are Microsoft 365 (known until recently as Office 365) and G Suite. At first glance they might seem similar, and in many ways, they are. However, you should consider their key differences before deciding which one to go for. Media Hosting Services is here to help you make the right investment!
It’s the applications you know, and then some. Word, Excel, PowerPoint, Outlook—the gang’s all here. And they’re available in both web and desktop versions for those of us who still like access to local copies of their documents.
For video calls and messaging, there’s Teams, a sleeper hit of the Great 2020 Work-From-Home Revolution. This tool is very user-friendly and allows up to 250 participants per call.
Also included is SharePoint, the ultimate collaboration application. It provides a secure environment for employees to work on the same document, store and share files.
Google’s brand authority is undisputed. Their communication and data management solution includes popular applications such as Gmail, Calendar, Docs, Sheets and Slides. Chances are you‘re already familiar with some of these!
Video calls are possible via Hangouts. While the maximum number of participants might be lower (only 25), the overall experience is smooth and seamless.
For storage, there is Google Drive. Widely regarded as the benchmark of cloud storage solutions, it offers superior data security.
Keeping your data secure
ISO27001, ISO27018, SSAE 16, FISMA, HIPAA BAA, EU Model Clauses, and Cloud Security Alliance. Yes, Microsoft 365 complies with all of these standards. On top of that, there are server-level encryptions.
The features don‘t stop there, however. An additional layer of security is provided thanks to two-step verification.
Nothing to scoff at, either. In addition to being HIPAA compliant, G Suite also boasts SO 27001, ISO 27018, EY Point, and AICPA/SOC certifications. Two-step verification is also available.
And if all the spam and phishing attempts drive you crazy, we have good news: G Suite features special protection to ensure these annoyances will soon become but a distant memory.
Accessibility and storage
If it ain’t broke, don’t fix it. Sure, Microsoft 365 offers subscription-based access to online apps, but if you like things a bit more conventional, the offline functionalities are still very much available. No internet connection necessary!
For storage, you get 1 TB of space with the Business Essentials plan. That’s plenty, but you can always buy more if needed.
Although known for being entirely cloud-based, some G Suite apps are accessible offline—it just takes some configuration. Administrators can manage and set policies for offline access for various users, but there are a few limitations to consider such as having to use Google Chrome, for example.
While that may sound worrisome, if you do not envisage issues with staying online, chances are it won‘t even matter to you. Basically just less stuff to download and manage on your laptop!
Storage options depend on the plan you choose. With the Basic plan, you get 30 GB including email space. But if you buy more than five user accounts under the Business plan, each user gets unlimited storage. It’s up to you to decide how much space you need and which plan works best.
Ah, yes, the all-important question. With Microsoft 365, there are options to suit all budgets.
Business Essentials, Business, and Business Premium are plans intended for companies with fewer than 300 people. The difference between Business Essentials and Business plans lies mostly in the fact that the Business plan also comes with the desktop versions of the applications.
For large companies, there’s the Enterprise option with various plans available.
There are three plans for you to choose from: Basic, Business and Enterprise.
All include the essential communication tools, but the Basic plan comes with a storage limit. The Enterprise plan, on the other hand, includes handy features such as data loss prevention for Gmail and Google Drive.
Which one’s for you, then?
When it comes to productivity and streamlining, both Microsoft 365 and G Suite are solid options. Can you go wrong? Perhaps not, but you want to make absolutely sure you go right! To summarize:
Microsoft 365 is for you if…
- you have a few hundred employees
- you regularly need to work off a native computer
- you are a more conventional organization that prefers tried-and-tested methods of productivity management
- you have been using Microsoft Office applications for a while
- you have a well-established IT infrastructure
G Suite is for you if…
- you are a startup
- you are a relatively small company
- you are looking to keep costs low
- you want branded email through Google’s Gmail
- you need an easy-to-handle, hassle-free solution
Of course, you’re free to mix and match as you see fit. More and more companies opt to use both suites to streamline their operations. One thing is for sure—to grow your business, you need to suit(e) up!
Microsoft Teams is a unified communications platform offered by Microsoft to help enable those who work for businesses and organizations to easily collaborate and communicate in a variety of ways. Teams allows intelligent communication via chat, email, video meetings, file storage, and app integration from anywhere, so team members can keep in touch no matter where they are.
Having said that, one of the most common forms of communication between co-workers is still the traditional phone. Phone calls are still needed when a more detailed discussion of a subject is required or when a more personal level of communication must take place. And because a lot of business communication happens over the phone, Teams can also integrate with Voice over IP (VoIP) systems, which might just make your work life even easier.
Become an expert VoIP reseller with our UCaaS Insights Series
What will happen to my phones?
Microsoft Teams can now connect office PBX systems, which means that anyone can place and receive internal and external calls with anyone at anytime, anywhere. This is a system that makes telephony easy for your clients, even if they are working from a different office, while on the road or at home.
Benefits of calling with Teams
Several fantastic benefits come with integrating a phone system with Teams. Here is the best of them:
- Streamlined communications and collaboration in one window
- Less expensive
- Works for remote team members and those working from home
- Offers flexibility to choose the feature set you need (Teams, Microsoft Business Voice, UCaaS)
This is all done from within the Teams app, whether it is on a laptop, desktop computer, phone, or tablet, and can be used with any Teams-compatible headset conference room collaboration bar or desk phone.
How to set up calling services in Teams
Telephony in Microsoft Teams is available as an add-on to Microsoft 365 plans. When you go into Teams, you can access the telephony service by doing one of the following:
- Use direct routing to leverage the telephony engine you want and connect it to the Microsoft environment
- Enabling phone systems and calling plans with Microsoft
This being said, when it comes to making the best use of calling in Teams, you may face some unique challenges. With this in mind, there are some important things to take into consideration when integrating business phones with Teams.
Five things to consider when integrating a phone system with Teams
In general, our team of experts can make calling integration with Teams fairly straightforward for you. However, there are some specific considerations worth noting regarding where employees are working, the equipment they are using, and how phone numbers work.
1. VoIP with your current phone system
One thing to think about when it comes to VoIP via your PBX system is what happens when team members don’t have access to their desktop phones.
It’s possible to link your existing PBX system to Microsoft Teams with the help of Media Hosting Services Teams connector, which will provide the necessary middleware and hardware to bridge the two systems.
2. Which phones should I use
With calling integration with Teams, in most cases, you can use your existing phones. This means no additional costs in terms of replacing your equipment. If you have SIP phones, integration is easy to accommodate. There are two ways to accomplish this:
- Adding Teams-certified hardware (phones, collaboration bars, headsets, etc.)
- Using your existing hardware (BYOD) with the help of Media Hosting Services team
3. Working remotely
There are times when you will rely heavily on enabled remote communications. The COVID-19 pandemic of 2020 is a prime example of this type of situation. With so many people working from home, the deployment of communications and collaboration tools becomes a critical aspect of operations. It can also come with a few challenges, particularly when it comes to connectivity. For this reason, you should take the following into account:
- The quality of the network connection matters: Ideally, it should be a high-speed, low latency connection with little to no packet loss. Perform a soft deployment, and test calls to verify how everything sounds.
- Make sure you can remotely connect back to the phone system.
- Make sure you can remotely connect back to the phone system.
4. Faxing and local conference calls
Faxing documents is still an important way to stay connected and share information. Fortunately, with our UCaaS solution, we offer fax-to-email and email-to-fax services as part of your plan.
Perhaps even more important is the use of conference calls for when you need to hold important team meetings. This is possible, too, provided you have the conferencing add-on with your licensing (which is included in all Microsoft 365 Business Voice plans). This will provide you with a regional number (available in most countries) that your team members can use to connect to the call.
5. Finding the easiest way to get VoIP up and running
Whichever way you choose to integrate a phone system with Teams, it is made easier by having someone do it with you. With our UCaaS solution, Media Hosting Services comunications and collaboration. This leaves you time to focus on what matters most—your business growth. Give us a call to learn more about our solutions.
As a long-time cloud provider, Sherweb realizes the concerns you may have had with trusting a third-party hosting provider like us with your data migration.
While many others also claim to be the best at servicing their clients, we truly live up to that promise at Sherweb.
We believe our partners made the right choice when they decided to work with us. With the constantly changing business environment we live in, our passion for serving you grows even stronger.
Not only do we offer the best overall value with our technical knowledge, but our customer-centric approach, proven infrastructure, and flexible plans are also a part of a culture where customers come first.
See your feedback in action with our partner portal integrations
Transforming our business model from transactional to consultative has helped us understand our partners’ needs and stand at our partners’ side for a truly symbiotic relationship that ensures a successful business journey for all our stakeholders.
This means your voice matters to us.
And that’s where UserVoice comes in.
With UserVoice, we interact with our partners and measure their feedback for our services. Not only can our partners make suggestions for new features and vote on others, but UserVoice also enables us to prioritize your concerns and develop our services further.
With UserVoice, we aim to engage our partners and service them better.
UserVoice initiatives that enhance the Sherweb partner experience
The features you see below are some of the result of our partners’ initiatives to enhance the Sherweb experience. These ideas came through UserVoice; since then, these ideas are helping all our partners serve their clients better.
Sherweb uses PSA (Professional Services Automation) software to manage our personnel and equipment for your projects. From ticketing, billing estimates and invoices, to marketing and reporting – PSA integrates and syncs the available data to ensure a stellar customer experience for your clientele.
Our integration lets our partners simplify billing through centralized platforms. Streamline your financial processes by syncing with Sherweb prices and offers.
To help our partners keep abreast of new developments, we use PSA to access the most up-to-date information – anytime, anywhere. Through our centralized system, we process your sensitive data most securely.
Cybersecurity is one of the most highlighted topics in the MSP arena. At Sherweb, safeguarding our partners’ data assets remain our foremost responsibility. As we continue to find ways to improve your experience, we implement MFA (Multi-Factor Authentication) to secure your confidential data.
MFA is an added security measure we use to authenticate access to your sensitive data. In addition to passwords, MFA requires your personal information, such as your phone or any other MFA device – which generates a token so you can gain access to your resources.
Sherweb uses Open API (Application Programming Interface) to allow our partners to integrate their platforms to our portal with ease almost instantly.
Consequently, we aim to simplify future integrations into the Sherweb portal with other products – so you never have to worry about complicated solutions, and can focus on helping your business weather the COVID-19 pandemic.
Moreover, the UserVoice API enables us to produce custom integrations for some partners that require specialized integration processes. With open API, Sherweb opens the door to our end-user portal, so that our partners’ clients can complete their own specific tasks.
How UserVoice feedback works
With UserVoice, Sherweb captures, tracks, and organizes the feedback we receive from our partners to build a service that scales with your needs.
UserVoice works like a mood board, where our partners can up-vote and prioritize ideas to reflect our partners’ needs better. Our partners can submit feedback via the Sherweb Feedback Page, or they can submit ideas through the partner portal.
We regularly update our partners on the progress of their ideas and the changing status of their subscriptions. This ensures greater transparency and awareness of project status.
With the aggregate data we collect through UserVoice, Sherweb can also reach out to our partners to better understand their needs and feature requests – and how Sherweb can fulfill them with the utmost precision. Rest assured, we hear your concerns during this time and are working to implement the functionality you need.
Collect feedback across your customer base from end-users directly and through your sales, support, and internal teams who talk with customers every day.
Sherweb uses NPS (Net Promoter Score) to survey our partners’ needs regularly so we can keep improving our service. By identifying problem areas, Sherweb can quickly correct them and identify services our customers like – so we can continue fulfilling your needs.
NPS is a metric based on customer feedback to ensure our service is up to the highest standards. How are the scores measured? NPS scores are measured from single question surveys, reporting a number from -100 to +100.
A higher score indicates that our partners are satisfied with our services and thus is more desirable. Respondents rate our offerings on a scale of 0 to 10 in these three categories:
A score of either nine or ten lets us know that our partners affirm that our services meet their quality standards and are satisfied with our work.
When our partners respond with a score of seven or eight, we surmise that you are content with our services, but there’s still more we can do to better your experience.
When Sherweb sees partners responding with scores between zero to six, we realize something is wrong and that you’re unhappy with us. Not only do we do our best to remedy the situation, but we also assess where we may have gone wrong and work to improve the Sherweb experience for you.
With the COVID-19 situation impacting businesses, Sherweb understands the confusion your clients are experiencing – and the pressure it can put on your business.
The Sherweb team always has your best interest in mind as we look for better and smarter ways to support our partners – and it all starts when you come forward and tell us what troubles your business.
As we strive to incorporate new initiatives to improve your Sherweb experience, we rely on you to guide us on how we can serve you better.
Contact Media Hosting experts today for more information on how we service our partners so that they can fulfill their client’s needs.
Due to the current pandemic crisis, remote work has increased by leaps and bounds. Time Magazine calls it “the world’s largest work-from-home experiment.”
For many of us, it has become the new normal, and we’re all learning as we go.
Even before the public health crisis struck, remote work was increasing in the U.S. Over the last five years, the number of people working remotely has grown by 44%. At the beginning of this year, 3.4% of the population was working from home. Since the start of the pandemic, nearly two-thirds of Americans work remotely.
After two months of confinement, we’re starting to notice different remote work trends shaping up.
In this article, we’ll take a close look at the positive, negative, and remarkable aspects of the current mass remote work environment and how it will shape the future of work.
The first thing the world noticed is that many businesses can succeed when employees don’t come into the office every day.
Here are the positive aspects of working remotely that have been documented:
#1. Better for the environment
Pollution over major metropolitan areas, including Los Angeles, Seattle, New York, Chicago, and Atlanta, has dropped since the lockdown. Not using our cars to commute to work reduces our carbon footprints and their adverse effects on climate change.
#2. Reduces costs
Research from Harvard Business School shows that companies could spend less on office spaces, as the U.S. Patent and Trademark Office estimated that, thanks to many of its employees working remotely, it saved more than $38 million in 2015 by not using as much office space.
#3. Accelerates cloud adoption
Microsoft’s total revenues increased by 15% over the first quarter ending March 31, with Dynamics products and cloud services revenue increasing by 17%. Since the pandemic, they’ve got 12 million new users on Teams, its group-collaboration platform. Microsoft expects COVID-19 to accelerate digital adoption and investments in cloud computing, AI, and cybersecurity, as well as more capital spending later this year.
#4. More time with our families
While almost all parents can’t wait for the day schools and nurseries reopen, at least we can appreciate more time spent with our families.
#5. No more commuting
The American commute increases depression, divorce, obesity, and fossil-fuel emissions. Research shows that people who drive to work spend 54 hours per year stuck in traffic. Working remotely—whether at a coffee shop, in a co-working space, or on a couch—is a win for work-life balance and the biosphere.
The mass switch from traditional office work to remote work brings along several challenges. But with problems, there also are solutions and actions managers can take to ease the transition.
#1. You may not get your answers in a flash
One thing about working remotely is you can’t just turn around to ask your colleague a question. But you can chat with them on Teams (or whatever collaboration tool you use).
#2. Solitude is a bummer
Humans are hard-wired for connection. Many people work in an office because they crave social interaction. Isolated work makes people feel lonely and disconnected. Make sure employees know what’s happening on their teams, and keep feelings of isolation at bay by communicating frequently and having touchpoints so there are no unaddressed frustrations. Dedicate time to sharing stories and getting vulnerable with each other.
#3. Sarcasm can be misunderstood
Humor works great in person. However, office teasing, bad jokes, and sarcasm are difficult to detect in texts and emails because there are no facial cues or vocal tones involved. Use emojis when you need to highlight something that was meant sarcastically.
#4. Harsh times for working parents
Most working parents are not having a blast at the moment with working, homeschooling, and taking care of their kids at the same time. Companies can make things easier by allowing parents to have more control over their schedules. Also, to help with the transition, Microsoft shared the Work From Home with Children guide they created for their employees.
#5. Creativity suffers
For many, remote work blocks the creative sparks we get when interacting live with people. Teammates working together in the same room tend to solve problems more quickly than remote collaborators. Organizing regular company retreats, allowing employees to schedule “virtual coffee breaks” with their peers, and having the option to work on flexible schedules can help.
#1. Increased productivity
A recent survey by YouGov, USA Today, and LinkedIn on professionals aged 18–74 shows that the pandemic has had a positive effect on 54% of workers’ productivity. The reasons given by the respondents were the time saved from commuting (71%), fewer distractions from co-workers (61%), and fewer meetings (39%).
#2. Fully remote teams are more engaged than teams separated in multiple offices
Disengagement is a risk when managing teams across multiple locations. Team members divided into multiple offices are not close to the manager, which can lead to unconscious bias creeping in, as well as information imbalances. One such example is what Darren Dahl calls the “out-of-site-out-of-mind syndrome”: when things get busy at your primary location, it can be hard to give your employees based at other locations the time they deserve.
One benefit of working in a fully remote team is that everybody becomes equal, which has democratized remote meetings. This is an important aspect we should all learn from once we go back to the office.
#3. A new economic reality
There’s no news that we’ve been heading into an economic downturn. Jared Spataro, CVP of Microsoft 365, thinks the healthiest thing we can do is to “take a step back and think about how we can emerge from this stronger than we went into it; recognize we will have to cut costs in some places and rethink our business.” This is an opportunity to move your resources around and make sure you’re prepared for the new reality.
Imagining life after lockdown
Will the future of work after COVID-19 be a mix of breakfast in bed, pajamas, and Microsoft Teams?
According to Gallup, “three in five U.S. workers who have been doing their jobs from home during the coronavirus pandemic would prefer to continue to work remotely as much as possible, once public health restrictions are lifted.”
Some will want to keep working from home, while others will rush into the offices without looking back.
When the time for us to go back to the office comes, it won’t all happen in one day. It’s going to be a gradual shift, moving through different phases.
Long story short, we need to acknowledge there will be a before and after the crisis that will affect the way we work in the future. It’s our job to make sure we keep The Good and The Surprising to make the future of work better.
Microsoft recently announced that it will be adding its Azure Active Directory Premium P1 license to Microsoft 365 Business subscriptions. This is great news for small and medium-sized business (SMB) customers. The Azure AD P1 license—we’ll just call it P1 to keep things simple—brings a powerful set of enterprise security, identity, and access control tools into what will now certainly be Microsoft’s flagship cloud offering for SMBs. And it does so at no added cost.
Microsoft is adding the P1 license to new subscriptions now and will be rolling it out to existing subscribers over the coming weeks. This is particularly great news for clients grappling with long-term remote work planning.
The features in P1 are designed to facilitate secure access to work applications from anywhere. Microsoft Business 365 plus Azure AD P1 will let you transform your clients’ modern workplace into a work-from-anywhere workplace.
Learn how to resell Microsoft 365 and help your client’s digital transformation with our guide
Expanding the toolset for SMB clients
Microsoft will also be renaming the 365 Business plan to Business Premium when the P1 license is added. This is part of a wider renaming of all their small and medium-sized business-focused offerings. The Business Premium plan is still intended for small and medium-sized businesses with 300 users or less.
Some of the free Azure AD features were previously available in Microsoft 365 plans, the most important being Multi-factor Authentication (MFA), self-service password resets, and conditional access policies. Adding the entire P1 license is part of Microsoft’s efforts to help SMBs establish more secure remote work conditions for the current COVID-19 crisis and beyond.
What does Azure AD P1 add to 365 Business?
P1 licenses will give Sherweb Partners and their clients access to advanced group, identity, and access control policies for more granular control over how users and their devices access cloud resources. P1 also offers a few key enterprise-level features we wanted to highlight:
Cloud App Discovery
It was hard to keep track of BYOD devices and consumer cloud app usage even before remote work became the new normal. Now, contending with these security risks is something practically every business faces. This just amplifies the challenge of protecting your client’s cloud infrastructure against data breaches and the unwanted effects of shadow IT.
The Cloud App Discovery tool analyzes your client’s cloud traffic logs. Any activity in their environment coming from a list of over 16,000 different cloud apps is flagged and scored for risk level. You can access reports that measure and rank app usage by traffic volume, number of users, individual user, or number of outbound web requests by app.
This helps you identify and prioritize what data is at risk, what shadow IT systems might have access to your client’s data, and the relative risk those shadow systems pose to your client’s data integrity.
Businesses that rely on critical on-premise applications have been particularly challenged by the sudden increase in remote workers. Many clients and Sherweb Partners have figured out reverse proxy or VPN solutions that are good enough, but the Azure Application Proxy now available with P1 licenses can be a superior choice. It’s a lightweight software agent that gives access to specific on-premise apps without exposing larger segments of a client’s network.
Remote users use their standard Azure single sign-on (SSO) account to access the Application Proxy. This will grant them access to both authorized on-premise apps and their cloud apps, like Teams, SharePoint, other Office 365 apps, and Remote Desktop.
Using the Proxy for remote access also mitigates the need to open inbound connections on the client’s firewall. And it’s often more cost effective than a VPN or other proxy setups, as it doesn’t require any local infrastructure or network changes.
Any Partner who’s used dynamic groups to manage an enterprise client knows what a time saver they can be. Dynamic AD groups allow you to automatically add and remove users from security groups based on user or device properties (though an Office 365 group can only be a user group).
For example, you can define a “Guest” dynamic group that automatically collects all guest accounts spread around the tenant so you can centrally manage them. Also, any time a user or device attribute changes, Azure AD runs all dynamic group rules and automatically updates membership accordingly.
Password fatigue is real. Perhaps you’ve seen an uptick in password-related support requests since people have shifted to working from home. There’s a whole range of personal laptops and mobile devices now trying to authenticate against client resources. Thankfully, the P1 license lets you enable password-less authentication for your client’s cloud apps.
Password-less authentication replaces passwords by performing multi-factor authentication against something users have with them, against information they know, or against biometrics. Azure AD currently supports three different password-less authentication options:
An opportunity to deliver more value
Most notable for resellers is that the addition of P1 to Business Premium subscriptions lets you offer more enterprise-grade features to your customers at a lower cost than Office 365 E3 licenses.
Beyond the features listed above, the addition of the P1 license lets you offer your SMB clients many other enterprise-grade features on a Business plan, like:
- Customized branding for your clients’ sign-on pages
- Password protection, including access to global and custom banned password lists
- Advanced self-service password reset tools
- MDM auto-enrollment for increased device security
- Many other identity and access control tools
Bring enterprise tools to your SMB clients
The addition of Azure AD Premium P1 to Business Premium is definitely welcome news for Sherweb Partners looking to offer more value-added services to their clients. It’s great to see Microsoft make these enterprise-grade security tools available to even more organizations.
In particular, we think password-less authentication is a great security feature to implement. It can greatly simplify user authentication while improving security at the same time. And Azure’s Application Proxy is another great tool to support Partners pushing the Zero Trust security model.
Don’t forget, Sherweb is available whenever you need a hand with Azure AD setup and implementation.
Cyber security has undergone constant changes, but I believe the greatest changes have come in the last few years. The rapid, widespread adoption of new cloud and IoT technologies have created many new attack surfaces. Security practices are only now catching up to these threats.
At the front of a new wave of security thinking is the Zero Trust Security (ZTS) model. I think that applying the principles of this model to secure networks is the best way for MSPs to serve their customers going forward.
Attacks are on the rise
IBM’s 2019 Cost of a Data Breach report clearly shows that attackers have the edge right now. In 2019 for the first time, a majority of all data breaches—51 percent—resulted from malicious or criminal attacks. This is a 3 percent increase from 2018 and an overall 21 percent increase since IBM first tracked this statistic in 2014. They note that nearly three-quarters of attacks succeeded by exploiting privileged credentials or identities.
Not only are more breaches than ever caused by directed attacks, but the attacks are going undetected for longer. Breach lifecycles—the time between when a breach occurs and when it is contained—jumped noticeably between 2018 and 2019. Average breach identification time in 2019 was 206 days, and the average time to contain a breach was 73 days. That is 279 days in total.
The 2018 average was 266 days, which means we saw a 4.9 percent increase in the average breach lifecycle in just one year. Clearly, traditional network security practices aren’t working, and attackers know it.
Why is this happening?
Network security has stuck to some principles from the early days of the Internet for too long. From the beginning, openness was encouraged in network design. This was a good way to enable collaboration and sharing, but it also enabled bad actors.
In the past, security has been strongest at network perimeters. Once users or processes were on a network, the default was trust. In the world of 2020, when remote users, overlapping multi-cloud environments, and the Internet of Things deepen the reach of networks, there are now functionally no more network perimeters—only assets that we need to protect individually. We need a new approach.
What is Zero Trust security?
ZTS shifts the focus away from where you are (on the network or at the perimeter) to who you are (your identity or individual device). This makes network-based interactions much easier to monitor and manage. As the name “Zero Trust” implies, every interaction with those resources must be challenged and authenticated.
A combination of technology and policy is needed to deploy a ZTS model effectively. Multi-factor authentication is one of the primary tools used to ensure legitimate access. Access management tools, encryption, network monitoring, file system permissions, and network micro-segmentation are also key tools.
As for policy, under ZTS user provisioning, access requests should be governed by the principle of least privilege. This can help prevent compromises from occurring and minimize the amount of damage done when they occur.
What are the challenges of deploying ZTS?
Because a very particular set of modern security tools are used, applying ZTS to legacy infrastructure can be challenging. Trying to retrofit existing systems and practices can sometimes be overly disruptive to customers for limited security gains.
In those cases, I believe the best approach is to make ZTS part of a security strategy looking forward. For example, businesses can incorporate ZTS principles as legacy systems are retired in favor of cloud resources. This is an area where partners familiar with ZTS can step in to deliver real value for customers.
How to implement Zero Trust security
The exact process will be different depending on each customer’s network resources, but there is a general strategy to follow.
1. Audit their network to evaluate attack targets
You can’t protect it if you don’t know it is there. Start by performing a top-to-bottom assessment of every application, device, and endpoint that might be a target for attack. This will help you understand what is most valuable to the business and help you drive a more strategic conversation around security.
2. Use Multi-Factor Authentication on the most sensitive assets
Any resources that control roles and identities need the highest level of security under a ZTS model. Directory services, domain controllers on local networks, and related management systems all should be secured with multi-step authentication.
3. Authenticate Privileged Accounts and Associated Applications
If an attacker can compromise a privileged account, then they become indistinguishable from a trusted user. That means in addition to improving account authentication on privileged accounts, you also need to restrict the applications of accounts that can access your customers’ networks.
4. Monitor Privileged Activity
You shouldn’t treat account authentication as “the new perimeter,” though. Work from the assumption that privileged accounts will be compromised eventually, which means all activity still needs to be monitored. Monitor the health of all endpoint devices that privileged accounts can access to ensure that applications are updated.
Changes in account or application behavior can be a sign of a compromise. This means having good network visibility helps prevent both attackers and internal bad actors from expanding the scope of their attack.
on top of all this, make sure you do constant reviews of all profiles, policies and permissions.
Are you looking for easy security management for Microsoft 365? Learn how Office Protect makes security management simple
You can move customers toward better network security
After an assessment, you’ll realize that no network is 100% secure. This is why deploying a Zero Trust Security model is now the best way to ensure that your customers’ multi and hybrid cloud networks stay secure. Since this model ensures that every individual asset is secured through authentication and authorization controls, we can rest assured that we are doing a better job of securing what modern cybercriminals are targeting, rather than the main targets of yesteryear.
Take a look at our security solutions to see what you can use to apply Zero Trust Security for your customers.