Cracking the code to secure productivity

Cracking the Code to Secure Productivity in Two Steps How a Zero Trust foundation empowers productive work experiences

Contents Introduction 3 Chapter 1 Step one Establish a Zero Trust security foundation 6 Chapter 2 8 Benefits of implementing a Zero Trust security model Chapter 3 Step two Streamline endpoint management 9 Chapter 4 Microsoft 365 E3: Combining Zero Trust security and unified endpoint management for a powerfully productive workforce 10 Chapter 5 Elevating productivity: Microsoft Copilot for Microsoft 365 11

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 3 This e-book examines the common security Introduction barriers in the modern era and discusses how implementing Zero Trust security helps Don’t stretch with the organizations break past them. We’ll also growing threat landscape— discuss the positive ripple effect created by grow ahead of it having a Zero Trust security model and how it impacts team productivity and AI-readiness. Today’s threat landscape is growing fast, Top security challenges with sophisticated threats like identity Cyber adversaries are getting more attacks, ransomware, and endpoint attacks putting data and IT infrastructure at risk. sophisticated and organized, with malicious actors using advanced tools and tactics The reality of modern work has put increased to find and exploit weaknesses. When pressure on IT teams, who often find themselves stretched thin trying to cover cybercriminals are successful, the victim’s reputational and financial damages can be a growing number of vulnerabilities. severe—especially if the breach involves With 67% of IT professionals reporting being sensitive or personal data. Externally, the loss of trust from customers, partners, and overwhelmed trying to manage remote work, investors can cause decreased market share, getting ahead of threats is crucial to avoiding 1 customer churn, and lowered valuation. costly breaches and downtime. Stretching IT Internally, cyberattacks disrupt operations, teams thin makes it easier for attackers to be successful, which can have serious financial causing downtime, reduced productivity, The growing financial damage and lost revenue. and reputational consequences. caused by cybercrime The key to thriving in this expanding threat landscape isn’t to demand even more of $23.84T IT teams—rather, it’s to establish a strong baseline of security in the form of a Zero Trust The estimated cost of cybercrime security model. This foundation of security worldwide is expected to reach relieves the pressure on IT teams and helps 2 decrease the risk and severity of attacks— $23.84 trillion by 2027. but that’s just where the benefits begin.

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 4 Key security concerns of the modern work era In the face of these dire consequences, IT teams find themselves running up against several key challenges. Verifying identity Attackers use different techniques like phishing, malware, and domain spoofing to capture user credentials. These credentials (passwords, user IDs, emails, etc.) are then used to gain access to company resources, steal data, or compromise accounts. 1,287 Protecting a modern workforce Password attacks occur Many businesses’ work models have undergone rapid changes in recent years, with 12.7% every second.3 5 of full-time employees now working from home and 28.2% using a hybrid model. These employees don’t always take the right precautions to defend against threats, which provides cybercriminals with more exploitable vulnerabilities. Meanwhile, working with outdated 31M hardware and unmanaged devices that aren’t compliant increases IT complexity, leaving Phishing attacks rose to 31 million organizations more vulnerable to attacks. 4 per month in the past year. % % % 80– 90 71 86 Of successful ransomware Of workers are more likely Of security leaders say compromises originate to be infected on an outdated PC hardware 6 7 through unmanaged devices. unmanaged device. leaves organizations more vulnerable.8

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 5 Protecting information Cybercriminals will try to gain a competitive advantage by disrupting an organization’s operations or stealing intellectual property like trade secrets, patents, trademarks, and copyrights. IP theft might be motivated by financial gain, economic espionage, or industrial sabotage. The more “table stakes” security issues an organization must deal with—software and firmware patches, hardware upgrades, and internal and external security vulnerabilities—the less time and effort they have to prepare for attacks targeting their most precious data. 70% Of organizations have been compromised by unsanctioned software, apps, and services.9 Organizations must adopt a proactive and resilient approach to cybersecurity to 62% navigate this complex and evolving threat landscape. Today, that means shifting Of staff don’t spend enough time on from a traditional, reactive framework strategic work like security strategy or to a proactive, Zero Trust framework. 10 preparing for sophisticated attacks.

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 6 Step one Establish a Zero Trust security foundation Zero Trust is a security model that operates Principles of Zero Trust Implement least-privilege access under the motto, “Never trust, always verify.” This principle ensures that users get access Instead of assuming everything behind your It recognizes that trust is a vulnerability that to the resources they need to complete their corporate firewall is trustworthy, Zero Trust can be used to find exploitable points of entry tasks—and nothing more. This approach limits security assumes that any entity (internal and requires that you put up guardrails that the exposure of sensitive data and resources or external) trying to access organizational ensure cybercriminals aren’t unintentionally to unauthorized or compromised users and allowed through your defenses. resources is a potential threat. This assumption devices and restricts the extent of damage makes it necessary to apply three principles: an attacker can inflict within the network. verify explicitly, implement least-privileged Methods like just-in-time and just-enough access, and assume breach. access (JIT/JEA) policies, adaptive policies based on risk assessment, and data protection Verify explicitly strategies help to enforce this principle. Never trust The first principle is designed to make sure the person trying to access your network is Never implicitly trust any entity, Assume breach who they say they are. Every access request This principle aims to minimize the damage whether internal or external. to a resource is authenticated and authorized a breach can do. Assuming breach involves based on several factors, including the user’s segmenting access to resources, ensuring Always verify identity, their device, their location, the data encryption in transit and at rest, and service or workload they’re accessing, data Require continuous verification of using analytics for visibility, threat detection, classification, and any identified anomalies or identity, device, data, and network. and defense enhancement. This strategy risks. This ensures that valid users and devices is crucial to shrinking the blast radius of an can access to company resources, while attack and preventing attackers from moving suspicious entities are blocked or questioned. laterally within the network if they happen to gain access.

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 7 Best practices for implementing Zero Trust principles: Protecting identities and endpoints Building a secure foundation requires a modern productivity solution like Microsoft 365 E3. It includes built-in Zero Trust, AI, and automation capabilities to quickly verify identities, grant access to authorized users, and monitor for threats across multiple platforms. To establish Zero Trust security, look for comprehensive solutions with this critical foundation for protecting identities and endpoints to enable the best—and most secure—productivity for your workforce. Protect identities Protect endpoints Employ multifactor authentication: Require users to confirm Block legacy authentication: Prevent apps or devices from using their identity through a second source (like a phone or token) old protocols that don’t support modern security features so before being granted access. malicious actors can’t gain access to resources using stolen or reused credentials. Enable passwordless authentication: Have users verify their identity without entering a password by requesting another form Perform real-time risk assessments: Continuously verify of evidence, like a fingerprint or a unique code. and evaluate the risk level of every access request using AI, automation, and analytics to ensure anomalies are detected Implement Single Sign-On (SSO): Remove the need to manage and mitigated in real time. multiple credentials for the same person so workers encounter fewer sign-in prompts when using different applications. Continuously assess and optimize your security posture: Keep ahead of sophisticated threats by consistently assessing Enrich your Identity and Access Management (IAM) solution your identity and security posture to see how well your with more data: Feed more data into your IAM solution to gain environment aligns with current best practices. more visibility into who’s accessing corporate resources.

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 8 Benefits of implementing a Zero Trust security model How applying the “never trust, always verify” model keeps you safer from cyberthreats Respondents to a Foundry Zero Trust survey reported that implementing Achieve a stronger security posture Simplified security management a Zero Trust model resulted in benefits impacting productivity, risk reduction, By minimizing the attack surface and blocking Zero Trust simplifies security management 11 and compliance. unapproved access, Zero Trust reduces the by offering a comprehensive solution that number of exploitable vulnerabilities caused covers identity, apps, devices, infrastructure, by everyday operations. Plus, if a malicious and data under consistent security and Key benefits reported by survey respondents: actor manages to gain access, Zero Trust governance policies. Plus, by adding AI and security helps detect their presence and automation to tasks like threat monitoring Protecting customer data proactively limit the damage they can do. and risk assessment, Zero Trust helps simplify management even further, taking the pressure Continuous access Enhance your ability to adapt a modern off IT teams so they have time to focus on and authentication work productivity model strategic initiatives and innovation. Managing access to cloud apps Zero Trust caters well to hybrid work models, and devices offering secure access regardless of where or how employees work. This helps prevent Facilitating the move to remote work productivity from grinding to a halt because Solving the security skills shortage workers can’t access resources when they work in a new location or switch devices. Reducing the complexity of integration Reducing time to breach detection Delivering both security and an excellent end-user experience

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 9 Step two Streamline endpoint management After your organization has established a What can you achieve Zero Trust security foundation, you’ll be able with streamlined endpoint to adopt a simplified framework that allows IT management? admins to streamline endpoint management. Enhance employee experiences and Endpoints encompass a range of devices productivity. Provide support for a wide used in everyday work operations, including range of apps, peripherals, devices, and desktop computers, laptops, tablets, mobile phones, IoT devices, and cloud solutions. self-service options so employees can work efÏciently from anywhere. The number of endpoints has been increasing by the year, with the average enterprise now Improve control of endpoint performance, 12 having about 135,000 devices. Managing and health, and security. Keep devices updated securing all of those diverse endpoints is a with the latest operating system and large (and expensive) task, with about 30% of security policies based on identity, location, IT help desk costs devoted to solving endpoint compliance, and risk factors. issues. Using a cloud-based productivity suite like Microsoft 365 E3 helps simplify endpoint Reduce IT complexity. Drive IT efÏciency management and reduce IT costs, even as the by leveraging the cloud to simplify device number of endpoint devices keeps growing. and application deployment, configuration, and updates. The result is comprehensive Once you’ve completed the two management and security for endpoints steps of establishing a Zero Trust across various operating systems, device foundation and streamlining endpoint types, and ownership models. management, the next objective comes into focus—unobstructed productivity and collaboration.

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 10 Microsoft 365 E3: Combining Zero Trust security and unified endpoint management for a powerfully productive workforce In the past, organizations have had to strike a careful balance between security and productivity. If IT puts up too many Microsoft 365 E3 capabilities security defenses, employees may find their Identity and access management from a central location productivity impacted as they struggle Enable strong and adaptive access policies that allow users to get the resources to access the necessary information and they need without meeting friction points. resources. On the other hand, if too few defenses are put in place, a single successful Information protection and governance cyberattack could grind the entire operation Keep data encrypted whether it’s at rest, in transit, or in use, and easily discover to a halt. sensitive information. Microsoft 365 E3 is a cloud-based productivity Automated threat protection solution that offers foundational Zero Trust Automate updates to keep the software current, deploy patches quickly to security, enterprise-grade device and app reduce exploitable vulnerabilities, and proactively block threats from disrupting management, and robust collaboration tools. business continuity. With built-in AI capabilities, it understands the context of your data and knowledge to empower secure productivity across your organization so employees are focused, connected, and secure at every level.

i 1 2 3 4 5 Cracking the Code to Secure Productivity in Two Steps 11 Elevating productivity: Microsoft Copilot for Microsoft 365 Using AI involves a lot of data gathered from different sources. Microsoft Copilot for Microsoft 365 is an AI-powered productivity tool Implementing Zero Trust security and seamless endpoint management that helps clear hours of mundane work by automating common tasks are crucial steps to ensuring all that data is secure and easy to manage. like creating documents, scheduling meetings, and managing projects. Once that’s accomplished, you’ll be able to elevate productivity even With those freed-up hours, employees have more time and energy for further using tools like Microsoft Copilot. tasks that require focused creativity and innovative problem-solving. Using AI to make Total Economic Impact space for creativity In a commissioned study conducted by Forrester Consulting, Microsoft 365 E3 was shown to strengthen security, 14 70% enhance productivity, and simplify IT management. Of people would Strong security Productivity Simplified IT delegate as much work as possible % HR % to AI to lessen 35 60 25 13 Reduction in likelihood Average of 60 hours saved Reduced time spent deploying and their workloads. of a data breach. per year with Microsoft 365 E3. managing new software by 25%. Empower your enterprise with secure productivity from Microsoft 365. Learn more

1 IT Trends Report: Remote Work Drives Priorities in 2021. JumpCloud, 2021. 2 Chart: Cybercrime Expected To Skyrocket in Coming Years. Statista. 2022. 3 Microsoft Security Copilot: How does it help you protect your data? Intelequia. Apr 2023. 4 Microsoft Entra: 5 identity priorities for 2023. Microsoft Security. Jan 2023. 5 Remote Work Statistics & Trends In (2023). Forbes Advisor. 2023. 6 Microsoft Digital Defense Report. 2023. 7 Anatomy of a modern attack surface. Microsoft Security Insider. May 2023. 8 Microsoft Security Signals Boost SDM Research Learnings. Hypothesis Group. Sep 2021. 9 The State of Attack Surface Management 2022. Randori. 2022. 10 Microsoft Digital Defense Report. 2022. 11 Zero Trust Adoption Survey. Foundry. March 2022. 12 Managing Risks and Costs at the Edge. Ponemon Institute. 2022. 13 Work trend Index Annual Report: Will AI Fix Work? Microsoft. May 2023. 14 The Total Economic Impact Of Microsoft 365 E3. A commissioned study conducted by Forrester Consulting, 2022. ©2024 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal reference purposes.