Zero Trust Security: An Ideal Cybersecurity Solution in the "Work from Home" Culture?

The outbreak of COVID-19 and the consequent need for social distancing have made “work from home” (WFH) a norm across the globe. Although currently being viewed as a short-term measure, this concept may soon become a culture. The future may see employees not being constrained within a brick and mortar structure. Access to information on cloud from anywhere ensures business continuity, and WFH or “Work from Anywhere” will soon be the new mantra. However, in such a scenario, robust and reliable cybersecurity solutions would be required to combat the increasing exposure to cyberattacks.

Due to the COVID-19 pandemic, lockdowns have been enforced across nations. To enable continuity of businesses, companies have had to request employees to work from home (WFH) and allow them to access applications and sensitive data from their homes. As these changes had to be implemented at a very short notice, many organizations were not adequately equipped with technologies to execute WFH. Employees have had to access corporate data using unmanaged mobile devices and unsecured wireless networks. While cloud solutions for data accessibility and storage have made business continuity possible, vulnerability to cyberattacks has increased and data security has been compromised. The recent spurt in hacking cases proves this fact.

Recent hacking cases:
According to a report by McAfee in May 2020, usage of cloud services surged 50% in the past few months in various industries such as manufacturing and financial services. However, it also stated that cyber-attacks became rampant during this period.

• Recently, WHO employees faced a five-fold increase in cyberattacks along with email scams. About 450 email addresses and passwords were leaked online, some of which belonged to the core team working on the novel coronavirus response. Because of these issues, WHO is now migrating to a more efficient and authenticated security system.
• With the education sector setting up remote learning modes, usage of collaboration tools such as Microsoft Teams, Zoom, Cisco WebEx, and Slack has increased tremendously in the past few months. Downloads and usage of the Zoom Meeting App surged; however, cybersecurity agencies raised alerts about the app’s high susceptibility to cyberattacks and suggested measures for enhancing its security. A new improved version has now been introduced.
• Data sourced from SentinelOne, an AI-based endpoint security platform, revealed a sharp increase in attempted attacks, which peaked to 145 threats per 1,000 endpoints between mid-February and mid-March 2020 compared with 30−37 at the start of that period.

Earlier, users were connecting to an enterprise’s internal network through a VPN to gain remote access to the organization’s internal data, assets, and applications. However, currently, with the remote working environment gaining popularity and users gaining access through multiple devices (such as smartphones, desktops, laptops, and tablets), network security is threatened. Adding these devices to the WAN reduces the risk from remote access but does not help in overcoming challenges related to policy synchronization, isolation limitations, operational issues, and poor user experiences. Therefore, an extra layer of robust security is required.

Shift to zero trust architecture
The records of data breaches show that hacking instances have surged exponentially. With the increasing popularity of the remote working environment and mass adoption of cloud-enabled technologies, companies are required to invest in robust technical infrastructure. Several companies initiated the use of secure devices and networks, and complete protection of endpoints.

This is an essential transformation, as the WFH option is now a necessity. Companies need to focus on deploying cloud-based solutions that provide access at the application layer, thus safeguarding against external hackers without hampering employee privacy. Implementation of user device verification and adaptive authentication, monitoring of unmanaged or unregistered devices accessing organization’s data, and provision of secure remote access to employees would help companies to combat the dynamic cybersecurity challenges.

Zero Trust Architecture is a well-established security model that helps meet this challenge. Although the model is a decade old, it is now ready to go mainstream.

The following reports indicate a momentum in the shift to Zero Trust Architecture:

• According to Gartner’s recent report, by 2022, 80% of new digital business applications will be accessed through Zero Trust Network Access (ZTNA).
• A survey conducted by Okta on the initiatives of 500 security leaders in North America, Europe, and the Middle East (EMEA), and Australia and New Zealand (ANZ) revealed that 40% of the respondents have deployed projects that are aligned with a modern, zero trust approach for security.
• Google launched its product BeyondCorp earlier than planned, as its remote global workforce increased drastically, leading to a spike in demand for remote worker security.
• Cisco recorded over 3300 new registrations of organizations worldwide for its multi-factor authentication solution, Duo Security. The company’s solutions are enabling over 5,00,000 knowledge workers across industries to work from home securely.

The following are companies that were launched during the past decade and gained popularity owing to their superior product quality:

The importance of zero trust security in current times
As WFH becomes a regular practice, the need for robust security frameworks will increase globally. Today, users, devices, and application workloads are not limited within a physical structure. The right users need to have access to the right applications and data, which could be in different locations. The security features are required to extend their protection accordingly.

The need of the hour is to give employees the freedom to work from any location on any device and have favorable experiences. In this scenario, it is unacceptable to make employees suffer due to badly designed web services, unresponsive browsers, and incredibly slow connections.

Traditional VPN solutions can grant too much access and expose remote workers and company data to cyberattacks. Internet of Things (IoT), operational technology (OT), and network-enabled smart devices can increase the potential compromise of networks and enterprises.

Zero trust is the ideal solution to control such instances, as it is not dependent on a location and can be proliferated across the entire organizational environment. As a result, security architects are being forced to re-examine the concept of identity, and many are turning to the zero trust security model to provide better architecture for protection of sensitive resources.