At this point, with case numbers rising and no clear end in sight, it’s apparent that we’ll be dealing with the COVID-19 pandemic for a while yet. That means working from home has become a longer term and potentially permanent arrangement for many people who can fulfill all their professional obligations without commuting to and from their job site.
Businesses with teams that have gone remote due to the public health crisis and probably won’t return to the office anytime soon must now address new cybersecurity concerns and points of vulnerability. With older technologies like Virtual Private Networks (VPNs) making headlines for security issues, a new approach to empowering distributed teams while ensuring optimal data security has emerged: zero-trust network architecture.
How a Zero-Trust Network Functions
The idea behind zero-trust networks is hardly new. In fact, John Kindervag – then a principal analyst for Forrester Research Inc. – introduced it a decade ago, according to the CSO article “What is Zero Trust? A model for more effective security.”
In a nutshell, this type of tech takes the concept of being skeptical of anything outside your network and extends it to everything inside your network as well, the CSO article explains. No matter where anyone seeking access to a resource originates, they must be verified first.
By leveraging micro-segmentation and granular perimeter enforcement based on end user characteristics such as location, role and permissions, a zero-trust architecture only gives people access to the specific resources they need, according to Palo Alto Networks. For example, you could configure it so only employees in your finance department can access financial info. This overall makes it much harder for malicious actors to gain access to sensitive information within your network.
Why COVID-19 Has Driven Zero-Trust Framework Adoption
With everyone working from home, defining and safeguarding your company’s network perimeter is much more complex than it would be with your team logging on from a single location. On top of that, the pandemic has spurred a surge in cybercrime: The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) warned in an alert issued in April stating that malicious actors had seized the opportunity to exploit the crisis with coronavirus-themed schemes.
For instance, the average ransom payment demanded by cybercriminals carrying out ransomware attacks went up by 33 percent in the first quarter of this year to $111,605, compared to the previous quarter, according to a report from Coveware. Phishing attempts have also exploded, with Google’s Threat Analysis Group (TAG) noting 18 million COVID-19-related phishing and malware Gmail messages each day in April.
Additionally, hackers have been attempting to find unaddressed vulnerabilities in newly deployed remote work infrastructure. As a result, businesses around the world are in desperate need of reliable and advanced network security solutions.
Many organizations have implemented VPNs. However, cybersecurity experts have warned of potential problems with this type of tech: In March, the CISA sent out an alert warning companies that enterprise VPN usage could lead to data breaches in the absence of regular patching, updates and the implementation of multi-factor authentication (MFA) for remote access accounts.
Even if you take all the necessary steps on your side to ensure the highest possible level of data security, you could still end up dealing with a breach due to supplier error. For example, news broke recently that some free VPN platforms had left their servers open, possibly exposing millions of users’ personal info, according to the vpnMentor blog entry “Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See.”
As a result, zero-trust is skyrocketing in popularity. Between 2019 and 2020, the percentage of North American organizations that reported having a zero-trust initiative on the books or plans to establish one in the next 12 to 18 months shot up 275 percent year-over-year to 60 percent, according to Okta’s The State of Zero Trust Security in Global Organizations report.
Ultimately, implementing zero-trust architecture is the best bet for any business looking to give remote users the access they need while maintaining the best possible security posture. If you’re interested in leveraging a zero-trust framework, we offer one via our Office Anywhere solution, which also features a Secure Access Service Edge (SASE) and ensures end users are only allowed to connect to the apps and files they absolutely need to do their jobs.
For more information, feel free to give us a call at 877-599-3999 or email sales@stratospherenetworks.com.