Share this article on:
Sudip Banerjee from Zscaler explains how organisations can best employ a zero trust strategy in the modern work environment.
If you scan technology news websites or peruse industry research reports, there’s one topic that’s consistently being discussed: zero trust.
At its essence, zero trust is a holistic approach to IT security based on the principle that no user or application should be inherently trusted. It assumes that everything is hostile and only establishes trust based upon user identity and context.
It’s a security strategy that is growing in popularity because of how corporate IT infrastructures have evolved. Rather than existing within a walled perimeter, they extend outward to include remote workers and resources on hosted and public-cloud platforms. Put simply, it’s a security framework which enables users to access private applications securely, without connecting to the network on which they’re hosted, or exposing those applications to the internet.
Indeed, the trend of zero trust adoption has accelerated even further in the wake of the COVID-19 pandemic. This has been driven by the need for organisations to provide secure but flexible remote access for their staff.
The need is even more acute because it is highly likely that many people will continue to work from home for an extended period. Some companies will also adopt a ‘hybrid’ working pattern where employees can work from home two days a week and in the office for the remainder.
At the same time, there has also been an increase in attack surface exposures. Staff will almost certainly use a private Wi-Fi network to connect to work resources and will often do so using a personal notebook or desktop PC. Whether they like it or not, organisations have been forced into having a policy of ‘anytime, anywhere and any device’.
These changes are further evidence of the need for a zero trust strategy as it’s no longer possible to blindly trust that the people accessing corporate IT resources are authorised to be there. In many cases, the corporate network has become the public internet.
A new architecture
In this new world of work, a new IT architecture is required to ensure staff can have secure access to the resources they need, whether in a corporate data centre or on a cloud-based platform. This new architecture must have some core attributes, which include:
One zero trust security strategy architecture gaining traction right now is Secure Access Service Edge (SASE) which has been designed from the ground up with the digital workplace in mind.
At its heart, SASE involves ensuring data traffic is fully secure throughout its journey, between a device and a destination application, regardless of where a user is located or the type of device they are using. It’s this focus on security for the journey, rather than the destination, that is critical and will benefit the new hybrid workforce which is well and truly here to stay and as the trend continues to gather pace.
Organisations in the year ahead will continue to embrace security technologies which enable employees to access applications, without opening the enterprise up to additional risk. This indeed will be a priority for organisations which value the integrity of their systems and data.
Chief information security officers are fast learning that the challenge of maintaining effective IT security is very different in this emerging post-pandemic world. In many cases, changes that would have taken years to achieve have been planned for and deployed in just months.
The time to embrace zero trust is now as it can provide the protection, flexibility and scalability required by organisations. Organisations that don’t adopt the new zero trust new normal will continue to put their employees and customers at risk. So begin your zero trust journey today.
Sudip Banerjee is the senior director – transformation strategy at Zscaler.