Zero Trust In (remote) Access

Uploaded on 2023-01-10 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The increasing number of cyberattacks on remote infrastructures has shown that remote access requires a new approach to security: "Zero Trust". In this approach, the security system does not trust anyone who does not verify themselves - neither users nor devices known or unknown.

While this introduces some extra friction in the security process, workflow disruptions can be minimised and the benefits are well worth it. Zero trust also offers small companies the level of security and peace-of-mind of large enterprises. 

Remote work has brought many benefits to employees. They can better balance work and private life, long commutes are eliminated, and colleagues are less distracting from work. Nevertheless, there are also negative aspects that threaten corporate security in particular. After all, remote access or even Bring Your Own Device (BYOD) offer large attack surfaces for cyber criminals. According to research, the number of cyber attacks more than doubled during the pandemic, and the biggest problem, is that employees are increasingly using their company computers for personal use, but also sometimes need to use personal devices for work. This is "threatening the existence" of one in four companies. 

Small and medium-sized enterprises (SMEs) in particular often have a hard time. They have few financial and human resources to manage their IT infrastructure, but are exposed to the same threats as larger companies.

A company with under 100 employees may have only one IT manager, making it is difficult to keep the IT landscape up to date in terms of security. The increasing security requirements usually leave them too little time to monitor all remote accesses. A large proportion of IT staff (76 percent) confirmed to GoTo in a survey that their workload has increased due to flexible working models and that their work has become more difficult (43 percent).

Trust Is Good, Control Is Better

Classic security approaches act in such a way that they trust every known user who legitimately logs into the network with the correct log-in information. They only assess external data traffic as dangerous. But phishing attacks, social engineering, or exploiting vulnerabilities also give cybercriminals access to login information, so the perimeter-based approach no longer works.

Modern tools, on the other hand, have a zero trust architecture. They enable even smaller companies to implement security features that are standard in large corporations. The concept is based on the principle of not trusting any device, user or service that is not sufficiently verified. This also applies to users and devices already known within the company's own network. Every single access to company data and applications is checked again. To this end, security managers use Software Defined Perimeter (SDP) to secure network access and connections according to the need-to-know principle.

In doing so, they grant access authorisations only if they are required for the user's pending task. This means that it is always possible to track who is accessing what information, when, and how they are using it.

With zero trust, the key is that only when an IT administrator digitally releases access does the server issue the release to the user's laptop. So it is still a human, not a computer, who decides who gets remote access and application or file shares. 

Security Up To The Network Edge

Implementing a zero trust model initially does introduce a bit of friction. Applications, devices and users must be recorded and their authentication processes defined. And IT professionals must implement systems both at the network perimeter and within the network that analyse traffic, validate requests and monitor all actions in log files. However, it also enhances security by several orders of magnitude, making it well worth it — especially since system updates may occur only once a month.

Certain Zero Trust capabilities such as identity management, access control, two-factor authentication, network segmentation, as well as policy management are already built into many modern tools. But there is a need to implement all aspects of zero trust in a comprehensive, integrated, scalable, and policy-driven manner. 

Easy Handling For Reduced IT Effort

Since IT managers have to keep many aspects of IT security in mind, it is crucial not only to use tools with the highest security features, they must also be easy to use. This ensures greater employee acceptance of the zero trust model. Most of the features of modern zero trust solutions take place in the background and are not visible to the user. All they have to do is have their login data ready. If the user logs in and is verified via digital certificates and multi-factor authentication, the password hurdle is also eliminated on the user side.

Zero trust solutions stand for security and reliability. For SMBs in particular, they are an important partner in terms of security, compensating for limited IT resources while still allowing employees to work remotely and securely access applications and data from there.

With zero trust as a central component of a remote support tool, criminals are prevented from exploiting remote support tools, for example, as a gateway to introduce malware into customers' end devices. This means that even small companies benefit from a high level of security and scalability and can offer an intuitive remote user experience. 

Paddy Srinivasan Is Chief Executive Officer at GoTo

You Might Also Read: 

PAM, IAM, Or Both?:

_________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Chinese Spy Device Found Hidden In British Government Car
Crypto Currency: From Bitcoin to Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Meriplex

Meriplex

Meriplex is a Managed Services provider specializing in Intelligent Networks, Cybersecurity and Cloud Communications.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Telesign

Telesign

Telesign connect, protect, and defend online experiences with sophisticated digital identity and programmable communications solutions.

Sonet.io

Sonet.io

Sonet.io is built for IT leaders that want a great experience for their remote workers, while enhancing security and observability.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.