Zero Trust In (remote) Access

Uploaded on 2023-01-10 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The increasing number of cyberattacks on remote infrastructures has shown that remote access requires a new approach to security: "Zero Trust". In this approach, the security system does not trust anyone who does not verify themselves - neither users nor devices known or unknown.

While this introduces some extra friction in the security process, workflow disruptions can be minimised and the benefits are well worth it. Zero trust also offers small companies the level of security and peace-of-mind of large enterprises. 

Remote work has brought many benefits to employees. They can better balance work and private life, long commutes are eliminated, and colleagues are less distracting from work. Nevertheless, there are also negative aspects that threaten corporate security in particular. After all, remote access or even Bring Your Own Device (BYOD) offer large attack surfaces for cyber criminals. According to research, the number of cyber attacks more than doubled during the pandemic, and the biggest problem, is that employees are increasingly using their company computers for personal use, but also sometimes need to use personal devices for work. This is "threatening the existence" of one in four companies. 

Small and medium-sized enterprises (SMEs) in particular often have a hard time. They have few financial and human resources to manage their IT infrastructure, but are exposed to the same threats as larger companies.

A company with under 100 employees may have only one IT manager, making it is difficult to keep the IT landscape up to date in terms of security. The increasing security requirements usually leave them too little time to monitor all remote accesses. A large proportion of IT staff (76 percent) confirmed to GoTo in a survey that their workload has increased due to flexible working models and that their work has become more difficult (43 percent).

Trust Is Good, Control Is Better

Classic security approaches act in such a way that they trust every known user who legitimately logs into the network with the correct log-in information. They only assess external data traffic as dangerous. But phishing attacks, social engineering, or exploiting vulnerabilities also give cybercriminals access to login information, so the perimeter-based approach no longer works.

Modern tools, on the other hand, have a zero trust architecture. They enable even smaller companies to implement security features that are standard in large corporations. The concept is based on the principle of not trusting any device, user or service that is not sufficiently verified. This also applies to users and devices already known within the company's own network. Every single access to company data and applications is checked again. To this end, security managers use Software Defined Perimeter (SDP) to secure network access and connections according to the need-to-know principle.

In doing so, they grant access authorisations only if they are required for the user's pending task. This means that it is always possible to track who is accessing what information, when, and how they are using it.

With zero trust, the key is that only when an IT administrator digitally releases access does the server issue the release to the user's laptop. So it is still a human, not a computer, who decides who gets remote access and application or file shares. 

Security Up To The Network Edge

Implementing a zero trust model initially does introduce a bit of friction. Applications, devices and users must be recorded and their authentication processes defined. And IT professionals must implement systems both at the network perimeter and within the network that analyse traffic, validate requests and monitor all actions in log files. However, it also enhances security by several orders of magnitude, making it well worth it — especially since system updates may occur only once a month.

Certain Zero Trust capabilities such as identity management, access control, two-factor authentication, network segmentation, as well as policy management are already built into many modern tools. But there is a need to implement all aspects of zero trust in a comprehensive, integrated, scalable, and policy-driven manner. 

Easy Handling For Reduced IT Effort

Since IT managers have to keep many aspects of IT security in mind, it is crucial not only to use tools with the highest security features, they must also be easy to use. This ensures greater employee acceptance of the zero trust model. Most of the features of modern zero trust solutions take place in the background and are not visible to the user. All they have to do is have their login data ready. If the user logs in and is verified via digital certificates and multi-factor authentication, the password hurdle is also eliminated on the user side.

Zero trust solutions stand for security and reliability. For SMBs in particular, they are an important partner in terms of security, compensating for limited IT resources while still allowing employees to work remotely and securely access applications and data from there.

With zero trust as a central component of a remote support tool, criminals are prevented from exploiting remote support tools, for example, as a gateway to introduce malware into customers' end devices. This means that even small companies benefit from a high level of security and scalability and can offer an intuitive remote user experience. 

Paddy Srinivasan Is Chief Executive Officer at GoTo

You Might Also Read: 

PAM, IAM, Or Both?:

_________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Chinese Spy Device Found Hidden In British Government Car
Crypto Currency: From Bitcoin to Blockchain »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

ESL Bangladesh

ESL Bangladesh

ESL is the Largest IT Infrastructure & Telecom Service Provider in Bangladesh.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

Blueskytec (BST)

Blueskytec (BST)

BST provide accredited, patent-pending commercial cyber security hardware and software to protect your cyber physical systems from attack.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.