Remote and hybrid work models have expanded the corporate world in every home and consumer device, and as the global pandemic recedes, this is a trend that is here in the long run. In fact, it is difficult to overestimate the pace and degree of digital transformation that the corporate environment has undergone in the last two years. With the onset of 2022, the daily work experience of employees looks very different from the way it looked before the pandemic.
Why the “network” became irrelevant
Now that the hybrid environment has evolved, employees can be anywhere; in the office, at home, on the train or in a cafe. From a security point of view, locking the perimeter of the business and providing access to the network are no longer important; to some extent, networking has become almost inappropriate, instead the focus is now on application protection. At the same time, organizations need to harness the power of applications, they need to be highly productive with quick and easy access to the applications they need to do their jobs. This is not only essential, but also fundamental to becoming a modern digital business. To enable this environment, businesses need reliable edge-to-core network access and security based on the Zero Trust model to provide stable, efficient, and secure access to key business applications wherever employees are located. .
As companies have accelerated their digital transformation initiatives, the number of possible attack vectors has increased as digital systems need to have multiple access points for customers, partners and employees, and this has created a significantly expanded attack area. As a result, cybercrime is escalating and a record number of data breaches are occurring each year with increasing complexity and severity.
Works on the basis of zero trust
The harsh reality is that this new hybrid workforce carries a growing level of risk. As work is done at home, in the office, and almost everywhere, and cyberattacks are on the rise, security must be the same, no matter who, what, when, where, or how business applications are accessed. Now that security control organizations have literally left the building, it makes it crucial for any connection to operate on a zero-trust basis. Cybersecurity leaders have historically called this “default failure”, which is still the case. elegant.
What we mean by zero trust is that organizations effectively remove implicit trust from their IT systems, and this has been replaced or embodied by the “never trust, always check” maxim. In practice, this means trusting only those who have the right access rights. Zero Trust recognizes that internal and external threats are widespread and that de facto elimination of the traditional network perimeter requires a different approach to security. Each device, user, network, and application stream must be scanned to remove excessive access privileges and any other potential threat vectors.
However, working with remote labor is not a new concept. There are many visionary organizations that have been considering this problem for a long time, but complex solutions have not always been available. In the past, businesses relied on virtual private networks (VPNs) to help, albeit minimally, solve consumer confidence issues, but now is the time to rethink corporate security models in light of available modern security solutions that can to be performed easily and cost-effectively.
Return to the background of security
After all, every high-level security model really breaks down into a problem of trust: who and what can I trust? – the employee, the devices and applications to which the employee is trying to connect. In the middle is the network, but today, more often than not, the network is the Internet. Think about this. Employees sit in cafes and log in to public browsers to access their email.
So now what organizations are looking for is a secure solution for their applications, devices and users.
Each trusted or “trusted” end-user computing device has security software installed on it by the corporate IT department. This software ensures that the device and the user who is on the device are validated so that the device becomes a proxy for chatting with applications on the corporate network. So now the challenge lies in providing the application itself.
Today’s cloud infrastructure connects the user directly to the application, so there is no need for the user to connect via a corporate server or network. The client is always treated as an outsider, even when sitting in a corporate office. Servers don’t even see the client’s real IP address (because they don’t need it), and even data center firewalls are far less valuable, as the Zero Trust model and expertly implemented policies and controls are now exponentially better.
Death to the VPN!
In this new design, VPN dies thanks to Zero Trust Network Access (ZTNA) and networks are simplified with lower operating costs, thanks to SD-WAN.
So, the old VPN client is really dying? Yes it is! The reason is that now we only deal with what we believe in: the user, his device and the destination. Note that the “network” is not part of this. Why? Because we no longer trust users or their devices on the corporate network than on social networks. So even when connected to a LAN port on a desk, they have the same seamless security position and always have access to apps (not a network, but apps) that they would have if there was public WiFi.
Just as film is no longer used for photography, VPNs are no longer the future of application access. Now everyone sees that the real need is not for users to have access to networks, but simply to have access to applications as if they were all accessible in the cloud. This is the future of zero trust for all of us.
Most companies realize that it is time to improve remote access strategies and eliminate the only reliance on perimeter-based protection, and instead connect employees in terms of zero trust. However, most organizations will find that their zero-confidence journey is not an overnight achievement – especially if they have inherited systems or ways of thinking that do not go well with this model. However, many companies are moving all or part of their workloads to cloudy and thus green environments. These are the perfect places to start this journey, and larger organizations, with sophisticated IT environments and legacy systems, can see the road to the Zero Trust as a multi-phase, multi-year initiative.
This is where organizations can work with partners such as Xalient to help deploy security controls and Zero Trust models in the cloud using our Xalient Zero Trust Framework. This framework provides a solid security framework to support digital transformation initiatives by helping organizations take their first steps towards becoming a zero-trust enterprise. It achieves this by addressing common areas of compromise between a user or device and the application or data source being accessed or used. And it does it wherever users, devices, data and applications are.
In today’s hybrid environment, applying a zero-confidence approach allows organizations to start truly reducing risk factors while ensuring that the enterprise is reliable for the future.st century business. As cyber threats are only set to escalate, this peace of mind is essential.
Please follow and like us:
Hybrid and remote working have become a mega-trend. What are the security implications for today’s enterprise? By Kevin Peterson, Senior Cybersecurity Strategist, Xalient