The traditional network perimeter has become increasingly porous in recent years thanks to the cloud and mobile workstyles. Now what was left of the perimeter has essentially evaporated overnight with millions of employees suddenly working from home. Users are accessing corporate IT resources from everywhere, forcing organizations to rethink their security strategies.
Experts say that the zero trust model provides the best approach for addressing this new paradigm. Zero trust assumes that every attempt to connect to the network is suspect, whether it originates from inside or outside the network. The authorization of every user and the security posture of every device must be verified before granting access.
Changing Security Concerns
The drivers for the zero trust model began long before the dramatic rise in work-from-home initiatives. The old “castle and moat” approach, which defends the perimeter and assumes everything inside is safe, was already showing its limitations. A hacker who is able to get past the corporate firewall can often move freely through the network, gaining access to systems and data with relative ease. Some of the worst data breaches on record were the result of the failure of the perimeter security approach.
Furthermore, there’s no longer a “castle” to defend. Virtually every organization has some applications on premises and some in the cloud, and users access those resources with a wide range of corporate and personally owned devices. The emphasis must shift from protecting the perimeter to understanding who the user is and strictly controlling access.
A Different Mindset
The zero trust model was developed by Forrester Research in 2010 but has been slow to gain traction in the enterprise. In a recent survey by market and consulting firm TeleGeography, only 8 percent of enterprise WAN managers said they have implemented zero trust. Almost one-third (31 percent) are considering it and 19 percent are in the process of deploying it, but 20 percent said they were unfamiliar with the concept.
That’s likely to change as remote work becomes the norm. Economists say the recovery from the COVID-19 pandemic may be W-shaped, meaning that there may be cycles of opening up the economy followed by a need to resume work-from-home orders. Organizations need to be prepared for employees to regularly shift between working in the office and from home.
Beyond that, employees have gotten a taste of the benefits of a work-from-home strategy — no long commutes, more flexibility and greater productivity. Employers also have a lot to gain, including lower operational overhead, a more satisfied workforce and a larger talent pool. The success of the current work-from-home experiment will have a long-term impact on corporate culture.
Most organizations already have elements of zero trust in place, including identity and access management, multifactor authentication and micro-segmentation. However, the zero trust model isn’t about a particular technology — it’s about a mindset that no one can be trusted until they prove otherwise.
In light of that, organizations should not throw technology at the problem. A better approach is to embrace zero trust strategically, then implement technology solutions that achieve the desired business and technology objectives.
This won’t happen overnight, so organizations should begin preparing now to transform the security infrastructure to address the realities of the borderless enterprise. Zero trust provides a foundational model for protecting critical systems and data no matter how or where they’re accessed.