As hybrid cloud models have become the norm, it’s harder now to maintain consistent access security across environments. Many legacy security tools are no longer effective without a traditional network perimeter, while threats and attackers have grown more sophisticated. Legacy authentication protocols also pose a risk, becoming a popular attack vector. A major shift is needed to keep up.
Organizations globally are adopting zero trust principles to secure today’s modern, distributed environments. Should yours? This blog post will discuss how and why you should consider implementing zero trust with F5 and Microsoft Entra ID (formerly Azure Active Directory).
Zero trust has gained significant traction in the past several years. While 61% of organizations say they’ve implemented strategic zero trust initiatives so far, nearly all plan to sometime soon.1
Unlike traditional security concepts that assume everything inside the network is trustworthy, zero trust operates on the principle of "never trust, always verify." This approach assumes that threats exist both outside and inside the network, demanding continuous verification of every user, device, and application attempting to access resources.
Remote work has been a key driver of zero trust adoption due to the need for more granular secure access to both modern apps and traditional ones that are often mission-critical. Even with return-to-office initiatives, 79% of U.S. workers in remote-capable jobs are either hybrid or fully remote as of May 2024.2 This reality significantly expands an organization’s attack surface and makes it more difficult to authenticate access requests.
One major advantage of zero trust app access is the ability to evaluate requests on an app-by-app basis using context, not just credentials.
F5 BIG-IP Access Policy Manager (APM) serves as an identity-aware proxy, providing a central point of control for verifying each access request individually based on user identity and context. This ensures that users can access only specific, authorized applications and resources rather than the entire network, eliminating horizontal movement by users and thereby limiting the attack surface.
Context can also help identify login attempts using stolen credentials or brute force attacks for an extra layer of protection. BIG-IP APM can also consider third-party behavioral analysis in access decisions for additional context.
Managing access to a mix of cloud and on-premises applications can be challenging. Microsoft Entra ID provides single sign-on (SSO) and multi-factor authentication (MFA) capabilities for thousands of SaaS applications and supports Microsoft Entra Conditional Access, a zero trust policy engine. Together, BIG-IP APM and Microsoft Entra ID extend SSO and MFA capabilities to every app in the portfolio—across hybrid cloud environments—for modern, legacy, and custom applications.
Not every app is readily compatible with traditional SSO solutions; legacy apps may use older authentication methods. Repeated logins to non-SSO-enabled apps frustrate users and often drive them to not pay attention, potentially falling prey to an attacker. It also requires users to create passwords for each app, which can lead to password reuse, providing an opening for attackers to steal one set of user credentials and gain access to a wider array of apps.
To prevent this issue, F5 BIG-IP APM can act as a translator to enable SSO access to virtually any app.
Whether your apps are hosted on Azure, on-premises, or through another cloud provider, F5 serves as the centralized front end for access to provide a consistent user experience. Centralized management across environments also requires less ongoing efforts from your security team.
While secure access is the focal point of a zero trust security model, application security also should be part of your strategy. Following zero trust principles, your apps are assumed to be on untrusted networks that are vulnerable to web application and API attacks. Therefore, you need to secure each application and API endpoint, not just the network.
F5 offers a web application firewall (WAF) to secure all applications and app deployments, and comprehensive API security that works with Microsoft Azure to protect against threats in the OWASP Web App Top 10 and the API Top 10.
F5 comprehensive security solutions offer seamless integration with Azure and the rest of your hybrid or multicloud environment to enforce rigorous security policies, streamline access management, and protect sensitive data across all applications, regardless of their location.
Visit f5.com/azure to learn more.
1. Okta, The State of Zero Trust Security 2023, Oct. 2023
2. Gallup, Hybrid Work, May 2024