With working from home becoming the ‘new normal’ for many businesses, many IT administrators are finding that the corporate firewall is no longer as effective as it was before. One thing is clear- a new approach is needed to keep applications and data safe from cyberattacks.
In the pre-COVID-19 world, organisations tended to have most staff working within offices and connecting via a local area network. The minority of remote and mobile workers are usually connected to centralised resources using a virtual private network (VPN) link.
Things have now changed. Organisations must face the fact that they no longer control the network, most of their employees are using for work. Access could be occurring via a home internet connection, a personal wireless router or a tethered mobile phone. Either way, all traffic is now traversing the public internet before entering the corporate infrastructure.
While VPNs have been widely used in the past, they can’t provide the same level of security as is achieved on a LAN behind a firewall. Think of VPNs as a car tunnel where vehicles must be identified before they are allowed to enter. The tunnel is secure in that it keeps unknown cars from entering, though if we are only monitoring cars, a car thief (or in this analogy, a bad actor) could still hijack a car and sneak in posing as the original driver. They might display some abnormal behaviour, such as speeding or swerving between lanes, but it won’t matter as the tunnel is not designed to detect it.
The bottom line is that, just because a car is inside the tunnel, this doesn’t mean it should be trusted by default. It’s important to add further levels of verification that will allow for granular access management based on identity and facts. This is where a Zero Trust strategy comes into play.
The time for Zero Trust is now
The concept of Zero Trust, where everything on a network is presumed a threat until proven otherwise, helps to overcome the security weaknesses that occur in a Work From Home (WFH) world.
These weaknesses stem from the fact that home networks and internet connections don’t have the same level of security as corporate networks. Home networks are often shared and can be compromised by another member of the household who might unknowingly download malicious code. The business also has little control over the health and security of various hardware and software components, such as the router, operating system and devices being used to access its network.
Zero Trust overcomes these weaknesses. Going back to the tunnel analogy, Zero Trust acts as a gatekeeper that gets proof of ID and intended destination from each driver. It then goes further and mounts cameras and sensors inside the tunnel that sound alerts if a driver exhibits abnormal driving behaviour. Together, these elements will ensure only the correct cars get into the tunnel and arrive at their correct destination.
Achieving effective WFH security
When selecting the security and identity tools required to achieve Zero Trust in a WFH world, it’s important to consider a range of factors. These include:
- Full support: Consider whether the tools provide support for your entire corporate IT infrastructure. This needs to include everything from legacy systems to cloud-based platforms and SaaS applications.
- Performance SLAs: Examine what performance levels are being promised by the vendor. If users can’t reliably connect from home, frustration will rise and productivity dip.
- Customer references: Connect with existing customers of the proposed vendor and determine whether they are happy with the levels of service they receive. Understand how quickly any issues they might have had were resolved.
- Free offers: Some vendors offer free services or heavily discounted licences designed to lure in new customers. Understand what the full cost of any deployment will be before signing a contract.
By carefully evaluating technology options and choosing tools and services that best match your organisations requirements, you’ll be well placed to establish a Zero Trust environment that will protect your WFH staff.
Ashley Diffey is the ANZ and Japan Country Manager and Japan, Ping Identity