Is the Tier Model enough? Or do I need also the Delegation Model?

Why we need the Tier Model and the Delegation Model.

Any security improvement is welcome, but no single security measurement will help us to protect all our environment. For example, a firewall facing internet indeed will help protecting our network, but will not help us too much on Trojans or worms. This is an antivirus work.

The Tier Model does help us on implementing a set of tiers or buffer zones. And with a set of rules and guides, we can restrict and isolate some of our assets. But here we are missing reducing the overall permissions and rights a user might have. Even if this user is within a given restricted tier. Here is where the twin brother comes to play: the Delegation Model can help reduce the those mentioned permissions and rights.

MS - Security Privileged Access Roadmap
MS – Security Privileged Access Roadmap

Even more, by implementing both models is not sufficient. We have to be prepared to monitor security, and to properly react on any given event. This demonstrates the need to have several tools (monitoring, analysis, alerting, etc.) working embedded into the models.

 

 

 

Social network sharing