Peer-Driven Insights

Zero Trust

Active Ambassadors in This Topic

Pradeep Rao

Pradeep Rao

Kyndryl

IT Services, 10k+

India
Vanshul Chawla

Vanshul Chawla

Nielsen

Software, 10k+

IN
C

Clifton Persaud

ISACA-GWDC

Education, 5k - 10k

US
View All Community Ambassadors

Community Posts

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Read More Comments

What are the most critical features to look for in a zero trust network access solution, particularly for a diverse IT environment?

Read More Comments

Are single sign-on and zero trust compatible?

Yes, both can work together77%

No, one contradicts the other21%

Not sure2%

View Results

If you’ve implemented zero trust identity and access management, what tools have been most effective at enforcing strict access controls?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

Hello.  I'd like to get peer insight on Windows Hello for Business, specifically:

1) Are you currently using or actively planning to implement Windows Hello for Business?    If you're using it, do you have it deployed to all users/devices or only a subset of users/devices (e.g. only Executives, only in the IT area, not in manufacturing areas, only Sales, etc).

2) Do you require ADDITIONAL step-up authentication for when users access critical applications and/or sensitive information?  If so – how are you doing this? (e.g., MS Authenticator MFA prompt, other 3rd party Authenticator solution, FIDO2 solution, etc)

3) Did you have any challenges with overall lifecycle management or operational challenges?   (e.g. users forgetting their PIN, laptop replacement/hardware issues, user experience complaints, etc.)

Thanks very much.

Endpoint Protection and Utilization of E5 Features:

- Do you use Microsoft Defender EDR for Endpoint EDR? If not, what product do you use (e.g., CrowdStrike, SentinelOne, CarbonBlack)?

- If you have Microsoft E5 licenses, are you utilizing all features as your primary and only solution for each domain (e.g., Endpoint protection, Information protection, vulnerability management)? Or do you have other solutions in place either alongside or in place of the included capabilities in E3/E5?

Read More Comments

How has your zero trust strategy shifted in the last year, if at all? (And if nothing’s changed, how are you thinking about evolving it in the next year or so?)

Read More Comments

In terms of ZeroTrust and organizations building out their environments in such a way that makes sense and minimizes risks. As a medium to large enterprise, are you satisfied with your progress to date? To riff a bit more on this topic , NIST 800-207 is a good read, it covers both greenfield and continuous improvement ZeroTrust scenarios. Similar to data compliance, I think most of us never experience greenfield.

Yes55%

No27%

Unsure10%

Too early to tell6%

View Results

Does the term "novel attack" resonate with security teams? or does "unknown attack" resonate better? What would you consider novel/unknown attacks? Does your current threat detection solution detect novel/unknown attacks?

Read More Comments

Thoughts on cybersecurity mesh architecture (CSMA)? Is it just a new buzzword or a genuine step up from Zero Trust and SASE?

Read More Comments

What is the most important role of corporate culture in addressing the psychological impact of digital security?

Corporate culture has no influence on digital security.15%

Prioritizing digital security above other aspects in corporate culture.51%

Creating a work environment that supports mental well-being.18%

All of the above.14%

Your own perspective (Comment).1%

View Results

We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

Read More Comments

My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms.  Is this something many companies do?

Read More Comments

I am trying to find a definitive definition of what a logical air gap is. There are various mechanisms of backup access isolation that can be employed but it seems to be a very gray area in terms of an explicit definition. Has anyone come across a definition that might even include a sliding scale of more restrictive logical air gap defenses? For example, I think about several access related configurations that could involve Role based security, MFA, SDN, Firewall, WAN, etc.

If you haven’t adopted a zero trust strategy, what are your reasons for not doing so?

Read More Comments