Of all the changes brought about by the global pandemic, one of the most profound has been how connectivity has been redefined.
Previously, contact with colleagues involved getting together in a conference room or an informal conversation in the hallway; now, many interactions are performed virtually.
The way people connect to applications and data has also changed. For example, instead of logging into an on-premise IT infrastructure via a Local Area Network (LAN), users can now remotely access resources stored anywhere from an enterprise data center to the cloud.
These changes have presented major challenges for IT teams. They must ensure that resources are readily available but also secure.
Security in a world of remote working
Not realizing strong security in this new environment can have harmful consequences. A breach can damage a company’s reputation and lead to significant financial losses. Attacks can lock personnel out of key systems, shutting down business operations and causing frustrating customer disruptions.
Despite being a critical factor for organizations of all sizes and a top priority for IT leaders, over 70% of companies admit spending less than 2% of their revenue on cybersecurity. Even with more people than ever working remotely, more than half of businesses today spend less than $1,000 on cybersecurity per employee.
A significant lack of internal cybersecurity skills is also a major problem, especially for smaller organizations. More than 76% of companies are understaffed in cybersecurity, and when the average IT team member stays for just three years or less, maintaining the necessary skills is a challenge.
Industry research also shows that the average midsize business uses four or more tools to manage vulnerabilities, with 79% of IT decision-makers admitting that it takes more than 48 hours to close a vulnerability after it has been identified.
Multiple security tools that don’t integrate with others don’t share context and analytics to identify indicators of compromise. Each security product requires its own management, training, support, and operations process, often handled by separate teams.
The business benefits of zero trust
Traditional VPNs assume that anything connecting through a network gateway can be trusted. While this approach provides a secure connection and adds a layer of security to less secure protocols and services, it also opens an organization to attacks that exploit remote users and devices. It only takes one compromised password or endpoint device, and that same VPN connection suddenly becomes an entry point for cybercriminals.
Zero Trust’s strategy, first discussed in 2010, eliminates this risk by adopting a “never trust, always verify” approach when granting access to users, devices, and applications. Zero-Trust Network Access establishes user access policies based on the employee’s role and the security status of their endpoint based on three key principles:
Always know who and what connects:
Cybercriminals use various techniques to steal usernames and passwords. Phishing, spearphishing, and social engineering are common, and stolen credentials are for sale on the dark web. Passwords are no longer good enough. If it’s worth protecting, multi-factor authentication is required.
Restrict access to mission-critical systems based on well-defined permissions:
With Zero Trust, security teams can centrally manage access to all common IT systems and restrict access to only specific users, devices, and applications. Access decisions are made in real time based on the company’s policies and the access request’s context.
With employees sitting at home, chances are they will also use company laptops for personal web surfing and email checking. Staying atop threats requires sustained, advanced security beyond traditional endpoint antivirus software.
The role of SD-WANs
Before the pandemic, IT teams designed their networks to handle the increased use of cloud-based applications and platforms. Software-defined wide-area networks (SD-WANs) helped increase employee productivity through fast and direct links to resources.
As cloud applications grow and organizations embrace a zero-trust strategy, companies struggle to design networks that accommodate remote workers. Many cloud-first architectures are designed so that everything has to pass through the network perimeter and then leave it.
Regardless of location, users still need to interact with the corporate network, often back to the outside world. Often using inefficient technology, this poses significant challenges in service availability, performance, and user productivity.
The combination of zero trust and SD-WANs can help address this situation. Usage and infrastructure can be secured while improving performance and productivity.