How to build a zero-trust security strategy for your hybrid workforce
If you’re a technology leader at an enterprise, you’re under pressure to develop and deploy a secure IT infrastructure that supports and scales to a hybrid workforce. And you need to do it fast. Otherwise, your organization’s recovery from the economic conditions of the pandemic could stall. As your team continually battles relentless cyber-attacks, you could also see productivity plummet as a result, affecting the company’s revenue.
How can you avoid those problems and lead your organization through this process? First, we’ll address that question by providing perspective and clarifying a few basics.
Why does my organization need a new security strategy for hybrid work in the first place?
Because hybrid work is here to stay. And even as restrictions ease, your team won’t return to pre-pandemic working routines. As a technology leader, you need to anticipate and adapt to serve a new set of IT requirements.
Remote work was on the rise before COVID struck. Mobile and cloud tech enabled more of your staff to divide time between home, the office and other locations. Now, intensified and expanded by distancing protocols, this work style is the new norm. Many organizations have employees operating in company facilities, at remote locations, and often moving between both in the same month, week, or even day.
This irreversible evolution to hybrid working requires a hybrid infrastructure. That’s why hybrid cloud environments, where workload flows freely, fluidly, and securely between on-premises, private, and public platforms, have become standard operating procedure (SOP) for enterprise IT across the business spectrum.
Your data and apps can be anywhere and everywhere today, which industry gurus call the expansion of edge computing. And as this perimeter stretches, hybrid networks are becoming more vulnerable as the number of security threats rises and the attack vectors evolve.
Why can’t my current cybersecurity strategy handle these new requirements?
Because traditional security solutions weren’t designed for today’s hybrid workforce. Cloud apps and mobile devices not only have defined new network boundaries, but they have stretched these borders farther, faster than ever before. Older security tools, policies and practices can’t keep up.
The problem comes down to trust. Traditional security solutions, such as firewalls and VPNs, base trust on location. They function like gates, where trust is based on presenting authentic credentials. The trouble is bad actors can steal legitimate credentials. Or they can use force to break the gate.
80% of hacking breaches involve brute force or the use of lost or stolen credentials
-- 2020 Verizon Data Breach Investigations Report
With location-based trust, once cybercrooks pass the gate into the network, they can move about at will. They could access valuable information your enterprise holds – your company’s financial data, your customers’ transaction data, your employees’ personal data, etc.
Why won’t just updating traditional security tech and revising current security policies work?
Because rapid, radical change demands rapid, radical response. The shift to hybrid work is happening fast, and it’s happening everywhere your organization operates. Here are the first steps you can take to fix a broken hybrid security strategy:
- Reassess your business requirements considering the new hybrid reality and revisit IT policies and procedures comprehensively.
- Don’t wait to sunset solutions that will no longer work and lay groundwork for those that will work in the foreseeable future.
- Start drafting a project plan for this initiative right away. Your plan should include communication and collaboration across your organization and, in some cases, outside its confines.
Rapid, radical change also requires investments of time, focus, and funding. Early on you’ll need to develop a budget for tech that supports secure hybrid infrastructure. Which means you’ll need to know the costs and cost centers not only for the IT department, but for the entire organization. Collaborative communication with your peers, especially financial executives, comes in handy here. Plus, you’ll need trusted vendors and solutions providers that believe in transparent pricing. While implementing a secure hybrid work strategy is necessary, it shouldn’t bankrupt your company.
What is the best hybrid work security strategy today?
Some IT folks pronounce SASE “sassy,” and it’s an architecture, not a product. SASE enables you to combine networking and security functions into a single, seamless cloud-based architecture. This way you can provide secure access to all your organization’s data and apps from anywhere your users may be working.
A zero-trust framework mixes policies and processes to establish trust for every network access request – regardless of where that request originates. Your security systems don’t just check credentials at the gate, they authenticate every user (and every device they use) whenever and wherever they request access.
We’ve also found you can accelerate your transition to a new hybrid work security strategy by working with industry leaders, like our partner Cisco, who provides SASE technologies. They call their offering Cisco Zero Trust.
What is Cisco Zero Trust?
For its Zero Trust Architecture (ZTA), Cisco combines its best-in-class secure networking technology with their multi-factor authentication solution, Duo, that ensures only trusted users and trusted devices can access every application.
What are the security advantages of Cisco Zero Trust?
Cisco’s zero-trust framework secures access at three levels:
- Workforce – users and devices
- Workload – application and workflow
- Workplace – network
This secure access approach enables a series of benefits:
- It minimizes gaps in network visibility, reducing your attack surface.
- It gives you clarity into users, devices, components, and more across your entire environment
- It provides you with detailed logs, reports, and alerts that improve threat detection and response
- It allows you to automate threat containment based on any changes in the "trust level"
- It helps you to enforce policy-based controls consistently
How can I learn more about where I’m at in the process?
To get insights into your risk posture, where gaps may exist, how to mitigate those risks, and ultimately reduce your risk exposure, we’d recommend your organization consider a Security Risk Assessment.
How can I start my journey towards a better hybrid work security strategy?
Start your journey with a zero-trust framework that protects your workforce with multifactor authentication.
Duo, Cisco’s multifactor authentication solution, makes security painless by assuring trust at three levels:
- Trusted Users
- Trusted Devices
- Every Application
Get more information about our Duo free trial from Cisco.