Tech

business need to enable the secure, hybrid-work enterprise –

Written by Mark Cooke, Chief Operating Officer, Xalient

The case for change

Cybersecurity will undoubtedly remain high on the C-Suite agenda throughout 2022. With escalating trade disputes, an expanding threat landscape, a highly distributed workforce, supply chains strained by the pandemic, and additional pressure. as a result of the ongoing effects of Brexit and other geopolitical issues, it will be essential to implement a secure, productive, agile and cost-effective security framework.

It is clear that today’s enterprises conduct business and use digital technologies in ever-changing ways. This digital transformation is making traditional perimeter-based cyber security IT infrastructure redundant. The days when every user and every device operating within an organization’s premises or firewall could be automatically trusted are long gone.

Over the past two years the global shift to the cloud has accelerated as enterprises look towards digital transformation and the need, brought into even sharper focus by the pandemic, for business agility and higher productivity, while adapting to the new ‘here for good’ model. of hybrid work. And with this comes new challenges for cyber security.

Traditional security is less effective

The traditional security perimeter is rendered ineffective in this new world, and most legacy security systems, which were designed for a data center rather than a cloud-centric world, are the same. This is because traffic between an employee and a cloud-based application can now completely bypass the traditional security perimeter and any existing security controls or policies. The network is no longer a secured enterprise network. Instead, the insecure internet has become the new corporate network. It’s time for organizations to take action if they are to keep attackers out and keep their businesses and people safe.

Geographical location is irrelevant – and a VPN is no longer the answer

As working from home is now widespread around the world, security technologies and processes based on a single established geographic location are becoming irrelevant. Millions of workers around the world have switched from being in the office to working from home, where they share broadband connections with family and friends. With a remote workforce, the use of potentially unsecured Wi-Fi networks and devices increases security risks exponentially. The changing expectations of workers, in terms of being able to work from home, mean that telecommuting is unlikely to be a passing trend. After all these connectivity and security challenges and risks are here for the long term.

A popular, but now outdated, option for providing secure connectivity to corporate applications is to use a Virtual Private Network (VPN). While this will encrypt traffic between a device and an application, and provide a level of authentication, a VPN provides access to the corporate network as well as the applications served. As a result, this can give inappropriate levels of access to applications and functions that are outside of the employee’s role or job profile. This greatly increases the risk of a cyber security incident. For today’s sophisticated threat actors, it is a trivial task to realize that an organization is using a centralized firewall and launch a DDoS attack through an online service that seriously impacts productivity. So, if VPNs are no longer fit for purpose, is there a better way?

Zero Trust – an adaptive model, built for the cloud

In short, yes. In this new environment, more and more enterprises are adopting a Zero Trust approach. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeter, and instead must verify anything and everything trying to connect with its systems before granting access. Zero Trust employs “never trust” and “always verify” principles, offering a secure platform for users to access applications, from anywhere, whether they are located in data centers or in the cloud. Security is about context – where a user is, what their role is, what data they need and when – rather than about location – inside or outside the organisation’s firewall. And Zero Trust ensures adaptive levels of trust and constant verification as these parameters change.

As the pressure to protect enterprise systems and data increases significantly, and attacks become more sophisticated, CIOs and CISOs are moving the implementation of Zero Trust across all aspects of their infrastructure, to the top of the corporate agenda . By moving away from the centralized approach to policy enforcement and moving towards a distributed model where security is delivered through the cloud, organizations can begin to move to a model where users and devices can be connected to applications and data securely and effective – regardless of geography.

Challenges and benefits

It is undoubtedly a challenge for most large enterprises with established IT teams, who have worked on a ‘trust but verified’ basis using corporate firewalls and VPNs, to change direction and move towards a framework Zero Trust. But in our view, there are significant benefits to taking this approach.

Without the concept of a fixed network perimeter, users can be anywhere and on any device. It is also true today that the devices being used by employees are less likely to be devices assigned by their employer. Employer-owned laptops and phones are traditionally managed, logged and kept up-to-date with security tools and policies. However, in the era of remote work, employees may forget basic cyber hygiene skills and begin, or indeed are actively encouraged, to use their own devices to access corporate resources. If the enterprise moves to a Zero Trust approach, a CISO can reduce the attack surface of the business by giving employees access only to the applications they need to work with.

A modular approach to Zero Trust

In our experience, one of the main questions when adopting a Zero Trust approach is – “where do we start?”

When trying to reach important milestones in the journey between an employee (or indeed a sensor or other IoT device) and an application, the sheer number of technology touch points involved can be overwhelming. Most enterprises tend to have a subset of existing tools that address certain key aspects of trust eg. multi-factor authentication, identity and access management, network access control. However, scaling the approach across multiple technology towers is challenging. This is where a modular approach can work effectively. Separating key functions or “journeys” into modules allows for a more focused approach to implementing security policy, from a supply, implementation and budget perspective.

While each enterprise will have its own priorities that will dictate the appropriate starting point and path to take, we believe there are four key areas of the Zero Trust journey that need to be considered.

Identity and Access

First, Identity and Access, which enables you to identify and authenticate user and device access, ensuring appropriate levels of access are granted based on role-based policies, rather than location. If your current landscape of IDAM systems is complex today, with so many following acquisitions, disposals and global reorganizations, these can now be simplified with a single cloud overlay. That eliminates complexity, acting as a central repository of users and devices, managing starters and leavers, and more.

The Network

The second consideration is the network itself, ensuring that you can always connect users and devices to apps and data over a high-performance, secure and optimized path – using cloud solutions such as SD-WAN for example. And of course, it’s more important than ever to be able to monitor the entire path, helping to find, avoid or resolve issues before they affect your business operations. We use an advanced, proprietary AI-powered tool called Martina that does not only that, but also solves problems automatically; in many cases even before a user sees a problem. Monitoring these new complex data paths is critical to performance and security.

Secure Service Edge

The third area we focus on is the Secure Service Edge – this ensures a secure gateway to the cloud, helping you get users on and off the internet quickly, efficiently and securely, using solutions cloud on ramp, while ensuring high quality digital. experience.

Apps and Data

Finally, we look at your Apps and Data, a crucial step to ensure these are properly separated to protect against cross-infection should a virus occur.

For example, if your most pressing area of ​​activity is the network itself, we see SD-WAN as a core solution component in the journey to Zero Trust. It makes network infrastructure management easier, allowing IT to avoid complex network security architectures, while providing the highest security through a cloud-delivered model. All traffic is securely connected through a cloud-delivered service, regardless of connection type – mobile, satellite or home broadband. And because the network intelligence is software-driven and centrally managed, it can manage the user’s journey through an insecure internet to the application location, while compressing other applications to improve the user experience.

An SD-WAN solution can be acquired and implemented as a stand-alone initiative – but the true zero-trust value comes when incorporated as part of a complete security and networking solution, often called SASE, Secure Access Service Edge.

Addressing the four areas above will leave your enterprise secure, resilient, agile and connected – providing a solid foundation for a successful digital transformation. At Xalient we give our Zero Trust Framework – and by using this framework we ensure that we consider every step of the journey through a Zero Trust lens. It is also our belief that to achieve a successful and continuous digital transformation, enterprises must address the challenges of security transformation at the outset.

The CIO and CISO Need

Now is the time for CIOs and CISOs to work together to design their Zero Trust journey together – investing in modern technologies, rather than trying to retrofit legacy systems, to ensure their organizations succeed and that they are secure in today’s work – from anywhere and a cloud-centric world.

business need to enable the secure, hybrid-work enterprise –

Source link business need to enable the secure, hybrid-work enterprise –

Back to top button