Zero Trust In (remote) Access

Uploaded on 2023-01-10 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The increasing number of cyberattacks on remote infrastructures has shown that remote access requires a new approach to security: "Zero Trust". In this approach, the security system does not trust anyone who does not verify themselves - neither users nor devices known or unknown.

While this introduces some extra friction in the security process, workflow disruptions can be minimised and the benefits are well worth it. Zero trust also offers small companies the level of security and peace-of-mind of large enterprises. 

Remote work has brought many benefits to employees. They can better balance work and private life, long commutes are eliminated, and colleagues are less distracting from work. Nevertheless, there are also negative aspects that threaten corporate security in particular. After all, remote access or even Bring Your Own Device (BYOD) offer large attack surfaces for cyber criminals. According to research, the number of cyber attacks more than doubled during the pandemic, and the biggest problem, is that employees are increasingly using their company computers for personal use, but also sometimes need to use personal devices for work. This is "threatening the existence" of one in four companies. 

Small and medium-sized enterprises (SMEs) in particular often have a hard time. They have few financial and human resources to manage their IT infrastructure, but are exposed to the same threats as larger companies.

A company with under 100 employees may have only one IT manager, making it is difficult to keep the IT landscape up to date in terms of security. The increasing security requirements usually leave them too little time to monitor all remote accesses. A large proportion of IT staff (76 percent) confirmed to GoTo in a survey that their workload has increased due to flexible working models and that their work has become more difficult (43 percent).

Trust Is Good, Control Is Better

Classic security approaches act in such a way that they trust every known user who legitimately logs into the network with the correct log-in information. They only assess external data traffic as dangerous. But phishing attacks, social engineering, or exploiting vulnerabilities also give cybercriminals access to login information, so the perimeter-based approach no longer works.

Modern tools, on the other hand, have a zero trust architecture. They enable even smaller companies to implement security features that are standard in large corporations. The concept is based on the principle of not trusting any device, user or service that is not sufficiently verified. This also applies to users and devices already known within the company's own network. Every single access to company data and applications is checked again. To this end, security managers use Software Defined Perimeter (SDP) to secure network access and connections according to the need-to-know principle.

In doing so, they grant access authorisations only if they are required for the user's pending task. This means that it is always possible to track who is accessing what information, when, and how they are using it.

With zero trust, the key is that only when an IT administrator digitally releases access does the server issue the release to the user's laptop. So it is still a human, not a computer, who decides who gets remote access and application or file shares. 

Security Up To The Network Edge

Implementing a zero trust model initially does introduce a bit of friction. Applications, devices and users must be recorded and their authentication processes defined. And IT professionals must implement systems both at the network perimeter and within the network that analyse traffic, validate requests and monitor all actions in log files. However, it also enhances security by several orders of magnitude, making it well worth it — especially since system updates may occur only once a month.

Certain Zero Trust capabilities such as identity management, access control, two-factor authentication, network segmentation, as well as policy management are already built into many modern tools. But there is a need to implement all aspects of zero trust in a comprehensive, integrated, scalable, and policy-driven manner. 

Easy Handling For Reduced IT Effort

Since IT managers have to keep many aspects of IT security in mind, it is crucial not only to use tools with the highest security features, they must also be easy to use. This ensures greater employee acceptance of the zero trust model. Most of the features of modern zero trust solutions take place in the background and are not visible to the user. All they have to do is have their login data ready. If the user logs in and is verified via digital certificates and multi-factor authentication, the password hurdle is also eliminated on the user side.

Zero trust solutions stand for security and reliability. For SMBs in particular, they are an important partner in terms of security, compensating for limited IT resources while still allowing employees to work remotely and securely access applications and data from there.

With zero trust as a central component of a remote support tool, criminals are prevented from exploiting remote support tools, for example, as a gateway to introduce malware into customers' end devices. This means that even small companies benefit from a high level of security and scalability and can offer an intuitive remote user experience. 

Paddy Srinivasan Is Chief Executive Officer at GoTo

You Might Also Read: 

PAM, IAM, Or Both?:

_________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Chinese Spy Device Found Hidden In British Government Car
Crypto Currency: From Bitcoin to Blockchain »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

Contechnet Deutschland

Contechnet Deutschland

Contechnet Deutschland started as a specialist in the area of IT disaster recovery and has since broadened its portfolio into information security and data protection.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Axelerated Solutions

Axelerated Solutions

Axelerated Solutions offer a comprehensive range of technology services tailored to meet our clients' diverse needs. Our focus is on delivering innovative and secure solutions.