The rapid expansion of remote work has forever changed the face of enterprise cybersecurity, and the effects continue to ripple across the business landscape. As employees and guests return to the office, we need to continue to secure a sizable work-from-anywhere (WFA) population. This hybrid workforce is here to stay: some people work remotely, some go into the office, and some toggle between the two as needs dictate. As a result, the timing is prime to migrate to a zero trust security strategy.
A rebalancing act
The massive move to WFA further eroded the foundation of network-centric, castle-and-moat legacy architecture through shifting working patterns and sheer volumes of remote traffic. To compensate, many organizations invested heavily in VPN technology. But as users return to the office, those same VPNs are over-provisioned, depreciating in value, and don’t support ongoing network and security transformation. VPNs the necessary flexibility to follow users, devices, and applications to new virtual perimeters. The net is that security costs and complexity increased, but granular visibility didn’t.
Forward-looking IT teams, in turn, are seizing the opportunity to overcome the challenges of VPNs by turning to new cloud-native, secure access solutions to help drive innovation both within IT and for the business.
Modern cloud-native security solutions extend zero trust principles to enable and secure WFA access to applications, without requiring public exposure or complex network segmentation. Security, simplicity, and user experience hand-in-hand in this new model, which allows for seamless access across all the permutations of the hybrid workforce.
Regaining your footing with zero trust
Zero trust initially envisioned context-based controls for least-privileged access for on-premises users accessing internally-hosted apps. But as the pandemic demonstrated, IT teams also require a solution that offers seamless access for remote workers. By extending these tenets to the new hybrid workforce, IT teams can provide secure access to any application or asset without publicly exposing the application, asset, or even the infrastructure that supports access. A zero trust architecture provides security, granularity, and visibility no matter where users, applications, or assets live.
The migration to a cloud-delivered zero trust solution allows IT teams to deliver a consistent, frictionless user experience for employees, third parties, and B2B communication. Access is seamless regardless of whether the user is on or off a trusted network—the network becomes irrelevant. The policy environment is simplified, becoming user- and app-centric rather than network-centric, and consistent across cloud and data center application environments. Granular policies for context-based access ensure least-privileged connections, combining user and device attributes to grant access only to authorized users on compliant devices.
Because zero trust connects users to specific applications rather than allowing endpoints access to the entire network, yesterday’s VPN has evolved into today’s secure access service edge (SASE). Public service edges provide transport to remote applications, while private service edges support local and on-premises access.
Moreover, by incorporating industry-leading endpoint detection and response solutions from CrowdStrike, Carbon Black, Sentinel One, and others, IT can detect and stop unsanctioned devices. Browser isolation enables BYOD and unmanaged devices to access applications without the data ever touching the device. API-driven integration with security orchestration, automation, and response solutions frees up expensive human attention to focus on more critical security considerations and priorities.
The capabilities above work together to greatly reduce dependency on network perimeter security, increase visibility, and minimize cost and complexity.
Secure connection to internal applications is fundamental, but also needs to be coupled with a solution that provides secure access to internet and SaaS applications. Backhauling everyone’s traffic to a few internet egress points just to send it through a stack of security appliances no longer makes sense. It’s important to implement a platform that fully supports WFA users by providing comprehensive any-to-any connectivity, over any network, at any location.
The fundamental zero trust principle of context-based, least-privileged access is being increasingly applied to remote users connecting to internally-hosted applications. Protection of outbound as well as inbound traffic, identity-based access controls for machine-to-machine as well as user-to-machine traffic, and integration of additional context all combine to offer more granular and adaptive access decisions.
But nobody does this overnight. Solutions need to work seamlessly across hybrid use cases to protect both legacy resources and infrastructures as well as modernized workflows.
The path forward
The past year rapidly accelerated digital transformation efforts and associated cloud migration and remote work initiatives. Traditional security models struggled to accommodate the huge change in traffic flows when the global digital workforce went home en masse. Companies that had already embraced digital transformation absorbed the change and adapted more easily. Over the course of a couple of months, organizations globally had to rethink their secure WFA approach, subsequently realizing the full power and potential of a true zero trust architecture.
Now we have the luxury of thinking and planning more strategically for how to best support the evolving hybrid workforce. A continuing theme going forward will be the importance of flexible, resilient solutions that adapt to ongoing change. Modern cloud-delivered zero trust architectures apply security functions consistently across an ever-evolving landscape, and will remain a critical component to accommodating and securing the hybrid workforce.