If you’ve been asking your team to Work From Home (WFH) in response to the coronavirus pandemic, you may be struggling to provide a secure, full-function WFH environment. If so, you’re not alone. The good news is that recently-developed Zero Trust strategies and tools can help address these challenges.
Launching Zero Trust: Security as the New Perimeter
As we work with clients to help them securely navigate this difficult time, we’re seeing that many are experiencing similar challenges as they work to quickly scale up their remote workforce.
Virtual Private Network (VPN) Issues
Since the early 2000s, VPNs have been the conventional way to allow remote workers to securely access a company’s private network. However, many companies are finding that their growing WFH workforce is overwhelming their VPN infrastructure, causing bottlenecks and slow response times for users. While increasing VPN capacity seems like a logical solution, it’s not that simple. In fact, it’s likely to be an expensive, complex, and time-consuming exercise.
Another common problem is that WFH users accessing their company’s private network via VPN are granted overly broad access rights and privileges because internal network segmentation is not fully supported for VPN users. For example, a user that should only be given access to Marketing systems might be allowed to access Accounting systems as well, which increases security risks.
Companies that have migrated applications to cloud or SaaS environments may be less exposed to these problems as users are often able to securely access applications without going through a VPN. However, many of these companies are surprised by how many of their WFH users still need to access on-premise legacy systems via VPN.
WFH workers often need to use authentication tools such as Multi-Factor Authentication (MFA) or certificates, which are not required when they are at the office. Many companies are straining to provision remote users with these tools, train them, and provide technical support to respond to questions and problems.
Companies must ensure that WFH workers are using secure home WiFi networks. They also need to make sure that all WFH endpoints and devices (e.g., phones, laptops, tablets) used to access private network resources are provisioned with the appropriate security tools and can be monitored.
Addressing WFH Challenges
Some organizations are viewing WFH as a temporary arrangement and see the WFH challenges as equally temporary. Others feel that having a secure and effective WFH environment is an essential element of their business strategy. For these companies, the problems highlighted by recent increases in WFH activity have been a wake-up call and an indication that improvements are needed.
One potential response is to accelerate migration to cloud and SaaS applications, which can address many of the WFH challenges. However, this represents a significant effort, requiring business process changes and technology integrations. We also recommend adopting Single Sign-On (SSO) and MFA solutions to ensure cloud and SaaS applications are properly protected. None of this can be done overnight, and this approach still doesn’t directly address legacy systems that will remain on premise.
The concept of Zero Trust is emerging as the preferred remedy for addressing WFH and other remote work security challenges. The fundamental goal is to avoid reliance on trusted networks and zones, or in other words, to treat every system as an untrusted host. This is generally accomplished by using new, centralized mechanisms to verify the identity of all users, whether they are working from the office, from home, or anywhere in the world. Zero Trust relies on comprehensive methods for validating user identities using risk-based authentication techniques, which can directly address WFH challenges.
User authentication begins with endpoint validation. Endpoints are confirmed through local agents or client-based certificates. This prevents unauthorized and unknown systems from connecting to a company’s valuable application and data resources.
Dynamic authentication is at the heart of securing these new protocols and ensuring risk-based authentication is maintained. By allowing connection mechanisms to re-authenticate at any time and perform step-up authentication, companies can automatically respond to sessions that exhibit non-standard user behaviors, without requiring intervention from the SOC or help desk teams.
The overarching benefit of Zero Trust is the improved security that comes from using centralized tools to verify identity, access rights, and privileges of all users, regardless of the devices or networks they are using to access your company’s resources.
Zero Trust also allows for a substantial reduction in traditional VPN connections, which will only be required for any legacy systems that don’t yet support Zero Trust capabilities. Reducing VPN infrastructure can help to reduce costs, improve user response times, and enable better control over access rights and privileges, all of which address WFH challenges.
Using centralized tools to verify user identities, access rights, and privileges can significantly reduce staff time required to onboard new employees, change or remove rights and privileges as staff roles change, and delete user ids when people leave.
With its centralized approach to managing all connection methods, Zero Trust enables more efficient and consistent connection monitoring, which saves time for your staff. It also makes it easier to identify connection anomalies, which can accelerate your response to external threats.
User access auditing is also simplified and streamlined as all connections are controlled through a single point.
Network management is simplified because firewall rules no longer need to be actively updated to match changes in requirements or user deployments. This frees up staff time to focus on other high priority security initiatives.
These are just some of the benefits your company can achieve by moving to a Zero Trust environment. While this approach can be a big help in addressing WFH issues, it can also offer substantial benefits across all of your company’s work environments.
Tevora Can Help
If you’d like help understanding Zero Trust in more detail and how it can help address your WFH challenges, our expert team of security specialists is here to help. Just give us a call at (833) 292-1609 or email us at firstname.lastname@example.org.
About the Author
Ben Dimick is a Director, Security Consulting Services at Tevora.