The COVID-19 pandemic necessitated a mass migration to remote working with some organisations in the Asia Pacific (APAC) planning to permanently transition to a hybrid work arrangement.
The implications of moving online and into the cloud from a cybersecurity standpoint are troubling. Our cloud threat researchers found that as organizations globally increased their cloud workloads by more than 20% between December 2019 and June 2020, it has also led to an explosion of security incidents. The trend is not abating.
Why does this happen? In the past, an employee’s ability to access resources and work securely was completely determined by whether or not they were in the office. Our security architecture was thus designed presuming trust based on physical location. However, such an assumption is troublesome. On the network, employees get access to internal applications. But what if it’s accessed by an external party? What if the device of use is compromised? And what if the employee shouldn’t have access to all of the applications?
There is now an urgent need for APAC organisations to understand and adopt a new cybersecurity approach that does not rely on the users’ physical location since employees could be working from anywhere with their devices. It is time for them to embrace a Zero Trust approach.
The Building Blocks of Zero Trust
Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Although the concept is not new, it is only starting to pick up in many geographies, including APAC. Leaders in the region are now waking up to the importance of a mindset shift in security when dealing with the new realities of remote work.
For every connection from any user to any application, the Zero Trust promise is to verify who the user is and the device they are using, regardless of location. Implementation of this means consistent, easy and safe access to all applications the organisation needs.
The core building blocks of a Zero Trust architecture consist of:
- Verify all users, devices and applications: Always verify the identity of the user, the integrity of the host they are using and the application they seek to access, irrespective of where the user, device or application may be.
- Apply context-based access: Every access policy decision should consider user, device and application context, ensuring consistent security and user experience.
- Secure all content: Continuously inspect all content to verify that it is legitimate, safe and secure, and examine all data transactions to prevent enterprise data loss.
- Continuously monitor and analyse all security infrastructure: Continuously monitor all connections and content for signs of anomalous or malicious activity to help uncover gaps in implementation, and use this data to continuously analyse and fine tune the organisation’s policies to improve the security of the system.
Far-reaching benefits beyond cybersecurity
The Zero Trust approach will not only safeguard networks but also has a positive effect on employee productivity. The productivity of a remote workforce lies in the ability for users to move freely on and off the office network and still securely access any applications or data from any device in any location. Implementing a Zero Trust architecture will enable this seamless experience securely. Once implemented, users can enjoy consistent access and protection for every connection with a peace of mind.
Zero Trust does not need to be hard
With the inexorable move towards the cloud, cybersecurity needs to evolve with the organisation. Fortunately, it does not need to be complex. It may come as a surprise to some that Zero Trust does not require a complete technology overhaul. Rather, it is an augmentation of the organisation’s existing architecture and can be deployed iteratively while allowing the organisation to take advantage of the tools and technologies they already have.
As organisations continue to face more advanced and vicious cyber threats while at the same time managing a remote workforce, working with a trusted cybersecurity partner can give them the tools to achieve complete Zero Trust Network Security to succeed in the new world of work.