Zero Trust Gains momentum as organizations seek to protect staff working from home – General – Services

The benefits are increasingly understood, but there are obstacles to implementation.
Photo by FLY: D on Unsplash

As organizations around the world agree to operate in a post-COVID environment, many are rethinking their approach to the challenge of effective IT security.

Traditional strategies tended to rely on a secure perimeter surrounding all digital assets. Anyone outside this perimeter was considered unreliable, while users within it had free access to the resources they needed.

Now, with a large number of employees working from home, this approach is no longer effective. Indeed, the notion of perimeter is no longer really relevant, which means that another method has to be followed.

A new approach

An increasingly popular security strategy involves the concept of zero trust. It considers that organizations should not trust anything, inside or outside the perimeter and verify all identities before allowing access to resources.

Essentially, this means that traffic within an organization’s network is treated the same as traffic originating from the public Internet. Each user and application requesting access to resources must prove their identity before being allowed to continue.

This approach is necessary because the very concept of trust is a human emotion that has not transferred well in a digital environment. It may be okay to trust a coworker because you’ve known them for a long time, but trusting digital traffic is a whole different thing.

Key factors

The interest in and adoption of zero trust is driven by a series of different factors. These include:

  • Mandates: Many organizations actually require their security teams to go this route. It was recognized that traditional approaches are no longer effective and threat levels have become too high.
  • Remote work : Thanks to the pandemic, the number of employees working remotely is likely to remain high for an extended period. For this reason, a new approach to IT security is essential.
  • Data sharing: Organizations are sharing data with external parties more than ever. This means that demands for access to basic resources will continue to grow, putting additional pressure on perimeter defenses.
  • Dependence on entrepreneurs and partners: Rather than having all the capabilities in-house, organizations are increasingly using external resources. As a result, requests for access to central systems are increasing.
  • Adoption of IoT: The deployment of Internet of Things infrastructures is accelerating, putting even more pressure on existing security measures. Zero trust is the most effective way to overcome this challenge.

Ask the right questions

For zero trust to be truly effective, it must assess a number of key variables that together can determine a requester’s identity and authorization level.

In addition to determining who is making the access request, it is also important to determine where the request is made from. The zero trust infrastructure must also be able to determine how the request is made, why access is sought, and what resources are targeted.

By combining several variables, the risk of unauthorized access is considerably reduced. It also recognizes that just because a part has been authorized at some point in the past, that does not mean that the authorization must be continuous.

Additionally, approved access to one resource should not result in approved access to all resources. A staff member may be authorized to access a file server, but when attempting to access financial systems without authorization, that access should be blocked.

Barriers to adoption

Although the benefits of a zero trust strategy are increasingly understood, there are still obstacles to its implementation.

The first is that it can be viewed by some organizations as a very complex beast. Monitoring all traffic in real time and ensuring that key assets are constantly protected is considered a difficult task.

Another is that existing security measures are known to work, so there is little motivation to change. If something isn’t broken, why fix it?

The bottom line, however, is that zero confidence is the future. By working with experienced vendors, an organization can deploy and maintain an infrastructure that will provide the levels of security required in this new world of home work.

Glen Maloney is ANZ Regional Sales Manager at ExtraHop.

Comments are closed.