Though remote work and the hybrid working model have proven beneficial for employee well-being, inclusion and productivity, there have also been pitfalls – most notably on the security front. “Threat actors never stopped looking for new ways to exploit the vulnerabilities that came from this rapid shift to remote work and are still doing so now that hybrid work is becoming the norm,” says Marilyn Moodley, Country Leader for South Africa and WECA (West, East, Central Africa) at SoftwareONE. “To secure the present and future hybrid world of work, organisations need to put a robust zero-trust model in place.”
Zero trust
Most companies approach security with a verification mentality - users and devices can connect to networks but need to be verified afterwards. This works well in an office setting where most users are in one physical location and, as such, can be trusted.
“But in a hybrid model, where some employees are on site, others at home, and others on the go, a zero-trust model is the more sensible – in fact, critical – solution. Zero trust means that companies need to assume that all users and devices may already be compromised, and that all users, whether inside or outside an organisation’s network, to be continuously authenticated, authorised, and validated,” explains Moodley.
This mitigates credential theft, brute force, and insider threat risks; reduces the likelihood of lateral movement across systems and networks; and reduces the likelihood that devices with malware or ransomware can be used as an attack vector.
But, of course, implementing such a system has its challenges. It requires additional technologies for authentication, access limitation, file activity monitoring, endpoint security monitoring, and data-in-transit and data-at-rest encryption.
Getting it right
Despite these challenges, companies can still implement zero-trust models successfully. Moodley gives this basic checklist to get started:
- Multi-factor authentication: This is fundamental to ensure that users are who they say they are. Multi-factor authentication means that users must provide two or more of the following to gain access to networks and applications: Something they know (a password), something they have (a token or smartphone), or something they are (face ID or a fingerprint). Many companies are also adopting passwordless strategies, such as FIDO2-compliant keys. For example, companies can use Windows Hello to enable fingerprint recognition, a unique PIN number, or facial recognition through the PC’s camera.
- Endpoint security: Every computer and server is a potential entry point that threat actors can use to deploy malware and ransomware attacks. It takes just a single accidental click on a link or document in a phishing email to compromise a device. Don’t rely on built-in security and rather ensure you have robust endpoint security in place in the form of device attestation. Device attestation means that the device must meet the organisation’s security requirements prior to being connected to applications and networks. Endpoint security monitoring allows you to set baseline controls and review endpoints to ensure that they have not been compromised.
- Limited access: Don’t forget about the risk of insider threats. Identity and access are fundamental to your security perimeter and limiting access makes it more difficult for threat actors to access sensitive data.
- Continuous monitoring: Monitoring for abnormal activity remains crucial even when the above measures are in place. For example, a high volume of failed login requests coming from the same account in a short time span could indicate a brute force attack attempt. Rapid response to such events will reduce the amount of time threat actors spend in the organisation’s environment and limit their ability to steal data or deploy ransomware.
A successful zero trust model has a lot of moving parts, and organisations need the right set of technologies and services to protect data. Partnering with specialists provides peace of mind. SoftwareONE’s Managed Detection and Response (MDR) solution, for example, affords companies a purpose-built threat defence security service that continuously monitors endpoint security, email security, and server security. And, because even the best security doesn’t guarantee immunity from breaches, backups are essential. Solutions like BackupSimple powered by Metallic provide comprehensive and streamlined data recovery with a secure, scalable, and resilient platform.
Says Moodley: “With a concrete plan and helpful technologies in place to help secure your network while preventing data loss, your organisation can support a hybrid workforce with confidence – and enjoy all the benefits this new way of work can offer, with minimal risks.”