The COVID-19 pandemic has resulted in widespread lockdowns. Commuting to workplaces has been suspended for all but a few essential-service organizations and personnel. To ensure business continuity, many organizations had to rush almost overnight to implement work-from-home (WFH) policies for their entire workforce. Understandably, when viewed from a ‘zero-trust lens,’ few have found themselves fully equipped to handle the surge in WFH scale, which is testing the robustness of the IT security fabric.
The state of running entire operations remotely is unprecedented! IT heads are scrambling with issues such as infrastructure availability and sizing to meet the growing demands. From a security readiness perspective, CISOs are seen doing comprehensive assessments to map the network usage patterns and risk aspects. With more employees working remotely today than ever before, the odds of potential threats have grown manifold. The biggest challenge for CISOs today is to make necessary tools and resources available to their virtual workforce without compromising confidential data.
The practical and effective strategy that works to address this challenge is ‘zero-trust lens’ approach to information security—a contemporary lens that treats everyone who access organizational network as suspicious and distrustful.
The concept of zero trust security framework distinguishes between what’s necessary and what’s not. It stresses that everything cannot be critical and hence need not require full network access. Contrary to the trust-based perimeter defense approach, zero trust defines users and their job requirements. It provides people with adequate permissions to access applications and tools relevant to perform their job virtually, while withholding the rest of the corporate data. For instance, an HR department employee working remotely need not be given access to the sales department database.
In the current setup, it becomes even more important for CISOs to have visibility on what’s happening on the network. Looking at the fact that many employees may be accessing corporate information through personal and unfamiliar devices remotely, CISOs are expected to incorporate strong multi-factor authentication protocols to strengthen the zero-trust security framework. A strong multi-factor authentication protocol ensures controlled access to data repositories and specifies who may access information and under what conditions.
It is equally important for CISOs to educate their users regularly about not clicking insecure links and staying watchful of phishing emails, thereby preventing easy doorways to hackers and cyber crooks.
Even during these difficult times, organizations can operate to their fullest potential, if they enable their people in a right manner, using a ‘zero-trust lens’ framework to secure the borderless networks.