As hybrid cloud models have become the norm, it’s harder now to maintain consistent access security across environments. Many legacy security tools are no longer effective without a traditional network perimeter, while threats and attackers have grown more sophisticated. Legacy authentication protocols also pose a risk, becoming a popular attack vector. A major shift is needed to keep up.
Organizations globally are adopting zero trust principles to secure today’s modern, distributed environments. Should yours? This blog post will discuss how and why you should consider implementing zero trust with F5 and Microsoft Entra ID (formerly Azure Active Directory).
Heightened demand for zero trust security
Zero trust has gained significant traction in the past several years. While 61% of organizations say they’ve implemented strategic zero trust initiatives so far, nearly all plan to sometime soon.1
Unlike traditional security concepts that assume everything inside the network is trustworthy, zero trust operates on the principle of "never trust, always verify." This approach assumes that threats exist both outside and inside the network, demanding continuous verification of every user, device, and application attempting to access resources.
How to safeguard remote access
Remote work has been a key driver of zero trust adoption due to the need for more granular secure access to both modern apps and traditional ones that are often mission-critical. Even with return-to-office initiatives, 79% of U.S. workers in remote-capable jobs are either hybrid or fully remote as of May 2024.2 This reality significantly expands an organization’s attack surface and makes it more difficult to authenticate access requests.
One major advantage of zero trust app access is the ability to evaluate requests on an app-by-app basis using context, not just credentials.
F5 BIG-IP Access Policy Manager (APM) serves as an identity-aware proxy, providing a central point of control for verifying each access request individually based on user identity and context. This ensures that users can access only specific, authorized applications and resources rather than the entire network, eliminating horizontal movement by users and thereby limiting the attack surface.
“Zero trust operates on the principle of "never trust, always verify.””
Context can also help identify login attempts using stolen credentials or brute force attacks for an extra layer of protection. BIG-IP APM can also consider third-party behavioral analysis in access decisions for additional context.
Simplify secure access with Microsoft Entra ID integration
Managing access to a mix of cloud and on-premises applications can be challenging. Microsoft Entra ID provides single sign-on (SSO) and multi-factor authentication (MFA) capabilities for thousands of SaaS applications and supports Microsoft Entra Conditional Access, a zero trust policy engine. Together, BIG-IP APM and Microsoft Entra ID extend SSO and MFA capabilities to every app in the portfolio—across hybrid cloud environments—for modern, legacy, and custom applications.
Not every app is readily compatible with traditional SSO solutions; legacy apps may use older authentication methods. Repeated logins to non-SSO-enabled apps frustrate users and often drive them to not pay attention, potentially falling prey to an attacker. It also requires users to create passwords for each app, which can lead to password reuse, providing an opening for attackers to steal one set of user credentials and gain access to a wider array of apps.
To prevent this issue, F5 BIG-IP APM can act as a translator to enable SSO access to virtually any app.
Whether your apps are hosted on Azure, on-premises, or through another cloud provider, F5 serves as the centralized front end for access to provide a consistent user experience. Centralized management across environments also requires less ongoing efforts from your security team.
Protect applications against exploits
While secure access is the focal point of a zero trust security model, application security also should be part of your strategy. Following zero trust principles, your apps are assumed to be on untrusted networks that are vulnerable to web application and API attacks. Therefore, you need to secure each application and API endpoint, not just the network.
F5 offers a web application firewall (WAF) to secure all applications and app deployments, and comprehensive API security that works with Microsoft Azure to protect against threats in the OWASP Web App Top 10 and the API Top 10.
Bring F5 zero trust security to Azure
F5 comprehensive security solutions offer seamless integration with Azure and the rest of your hybrid or multicloud environment to enforce rigorous security policies, streamline access management, and protect sensitive data across all applications, regardless of their location.
Visit f5.com/azure to learn more.
Sources
1. Okta, The State of Zero Trust Security 2023, Oct. 2023
2. Gallup, Hybrid Work, May 2024
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...