Zero Trust In (remote) Access

The increasing number of cyberattacks on remote infrastructures has shown that remote access requires a new approach to security: "Zero Trust". In this approach, the security system does not trust anyone who does not verify themselves - neither users nor devices known or unknown.

While this introduces some extra friction in the security process, workflow disruptions can be minimised and the benefits are well worth it. Zero trust also offers small companies the level of security and peace-of-mind of large enterprises. 

Remote work has brought many benefits to employees. They can better balance work and private life, long commutes are eliminated, and colleagues are less distracting from work. Nevertheless, there are also negative aspects that threaten corporate security in particular. After all, remote access or even Bring Your Own Device (BYOD) offer large attack surfaces for cyber criminals. According to research, the number of cyber attacks more than doubled during the pandemic, and the biggest problem, is that employees are increasingly using their company computers for personal use, but also sometimes need to use personal devices for work. This is "threatening the existence" of one in four companies. 

Small and medium-sized enterprises (SMEs) in particular often have a hard time. They have few financial and human resources to manage their IT infrastructure, but are exposed to the same threats as larger companies.

A company with under 100 employees may have only one IT manager, making it is difficult to keep the IT landscape up to date in terms of security. The increasing security requirements usually leave them too little time to monitor all remote accesses. A large proportion of IT staff (76 percent) confirmed to GoTo in a survey that their workload has increased due to flexible working models and that their work has become more difficult (43 percent).

Trust Is Good, Control Is Better

Classic security approaches act in such a way that they trust every known user who legitimately logs into the network with the correct log-in information. They only assess external data traffic as dangerous. But phishing attacks, social engineering, or exploiting vulnerabilities also give cybercriminals access to login information, so the perimeter-based approach no longer works.

Modern tools, on the other hand, have a zero trust architecture. They enable even smaller companies to implement security features that are standard in large corporations. The concept is based on the principle of not trusting any device, user or service that is not sufficiently verified. This also applies to users and devices already known within the company's own network. Every single access to company data and applications is checked again. To this end, security managers use Software Defined Perimeter (SDP) to secure network access and connections according to the need-to-know principle.

In doing so, they grant access authorisations only if they are required for the user's pending task. This means that it is always possible to track who is accessing what information, when, and how they are using it.

With zero trust, the key is that only when an IT administrator digitally releases access does the server issue the release to the user's laptop. So it is still a human, not a computer, who decides who gets remote access and application or file shares. 

Security Up To The Network Edge

Implementing a zero trust model initially does introduce a bit of friction. Applications, devices and users must be recorded and their authentication processes defined. And IT professionals must implement systems both at the network perimeter and within the network that analyse traffic, validate requests and monitor all actions in log files. However, it also enhances security by several orders of magnitude, making it well worth it — especially since system updates may occur only once a month.

Certain Zero Trust capabilities such as identity management, access control, two-factor authentication, network segmentation, as well as policy management are already built into many modern tools. But there is a need to implement all aspects of zero trust in a comprehensive, integrated, scalable, and policy-driven manner. 

Easy Handling For Reduced IT Effort

Since IT managers have to keep many aspects of IT security in mind, it is crucial not only to use tools with the highest security features, they must also be easy to use. This ensures greater employee acceptance of the zero trust model. Most of the features of modern zero trust solutions take place in the background and are not visible to the user. All they have to do is have their login data ready. If the user logs in and is verified via digital certificates and multi-factor authentication, the password hurdle is also eliminated on the user side.

Zero trust solutions stand for security and reliability. For SMBs in particular, they are an important partner in terms of security, compensating for limited IT resources while still allowing employees to work remotely and securely access applications and data from there.

With zero trust as a central component of a remote support tool, criminals are prevented from exploiting remote support tools, for example, as a gateway to introduce malware into customers' end devices. This means that even small companies benefit from a high level of security and scalability and can offer an intuitive remote user experience. 

Paddy Srinivasan Is Chief Executive Officer at GoTo

You Might Also Read: 

PAM, IAM, Or Both?:

_________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Chinese Spy Device Found Hidden In British Government Car
Crypto Currency: From Bitcoin to Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.