Securing the Evolving Workplace: Zero Trust and COVID-19

Note: This article was previously published by SC Magazine UK.

Many companies have had to drastically, and quickly, restructure the way they work in the face of the COVID-19 pandemic over the past few weeks. For those businesses that were able, their entire workforce switched to working from home (WFH) practically overnight. We currently don’t know how long this way of working will last, and many are even suggesting that this unprecedented situation will change how we work forever.

This sudden and significant shift has placed a large burden on IT and security teams. Legacy approaches to IT have required a different infrastructure and a different security framework for employees accessing applications and services when on the “intranet” versus when on the “internet.” One example of this is having a dedicated VPN infrastructure for remote employees. With the sudden push towards WFH, this approach severely tests the limits of traditional IT and security frameworks not just in terms of scaling the infrastructure to accommodate the rapid shift towards WFH, but also in terms of the human resources needed to manage, monitor and secure the infrastructure, data and applications

The COVID-19 pandemic is also proving to be extremely lucrative in terms of opportunities for malicious actors — taking advantage of overstretched security and IT teams — and many are preying on those seeking information about the virus by using fake websites to spread malware and steal user credentials. This includes websites encouraging users to download fake maps of the virus, leading to their systems being compromised. For businesses, the real issue comes when users access these sites using the implicitly trusted intranet, which can grant cybercriminals access to the business’s network to further spread malware or steal valuable data, all with no questions asked.

Trust No One

In these challenging times, businesses should look towards a Zero Trust (ZT) architecture approach to secure their networks. ZT architecture eliminates the implicit trust of any asset — be that a user, device or application — inside or outside the network, thus stopping malicious actors from using a privileged user’s account to gain access to the network. The ZT framework adopts four main pillars: identifying all assets and their access and communication patterns; authenticating, authorizing and access controlling all assets; encrypting all data flows (regardless of network location); continually monitoring all data flows and assets in order to identify changes, violations or anomalies.

ZT isn’t a product that businesses can buy, but a framework that provides unified security for all assets. As a company shifts towards ZT architecture, IT and security teams will lessen their burden when it comes to dealing with assets differently depending on whether they’re on the intranet or internet. They will also be able to provide a more unified experience for users, no matter how or where they’re accessing the network. Ultimately, it provides a consistent framework for security.

The Journey Towards Zero Trust

The Zero Trust framework is invaluable, and never more so than now that the workplace has shifted so dramatically away from the traditional office set up. However, business leaders must be aware that achieving ZT is a journey, not a quick fix. Nonetheless, there are a few simple steps that businesses can take to start down the right path.

Businesses must begin by mapping out all the assets on their network, which can be achieved with non-intrusive techniques such as utilizing metadata to gain visibility into the network, in combination with appropriate endpoint-based methods. They must then discover how these assets communicate and the patterns they usually follow — thus allowing for anomalies to be spotted later down the line. This can be done by monitoring and analyzing network traffic, which can provide valuable insights.

Once the discovery phase has been completed, organizations can begin to introduce authentication and access control policies, based on the insights gained — such as what users access on a regular basis, or what data various tools need to work. Of course, this isn’t always straightforward and assets such as legacy applications and devices often can’t be easily authenticated. In this case, they should be isolated on different parts of the network and specially monitored, with all access to and from them thoroughly controlled. Finally, businesses must set up a continuous monitoring strategy for all network traffic and endpoint data. This will enable them to introduce tools capable of analyzing the data and comparing it to the policies implemented, flagging when incidents or violations occur.

IT and security teams are set to face challenging times as the COVID-19 pandemic progresses, and restructuring their security practices may not be front of mind. However, beginning the journey towards achieving Zero Trust architecture to streamline and unify their security practices has never been more vital than in the face of today’s unprecedented workplace. 

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today