Streamline and Unify Your Security Infrastructure with Zero Trust
COVID-19 and the ensuing pandemic has forced companies to completely rethink and adapt their workplace. Work-from-home (WFH) arrangements were generally reserved for remote employees, with most expected to be physically present at an office.
In only a month, WFH has become the recommended and preferred approach across many large organizations, for all their employees. While it’s expected that the pandemic will subside in the months to come, some work habit changes may never go back to “how it used to be.”
This sudden and significant shift to the home office imposes a significant burden on IT and InfoSec teams. Legacy approaches to IT have required a different infrastructure and a different security framework for employees accessing applications and services when on the “intranet” versus when on the “internet.”
One example of this is having a dedicated VPN infrastructure for remote employees. With the sudden push towards WFH, this approach severely tests the limits of traditional IT and security frameworks, not just in terms of scaling the infrastructure to accommodate the rapid shift towards a remote desk, but also in terms of the human resources needed to manage, monitor and secure the infrastructure, data and applications.
COVID-19’s impact is both sobering and humbling, but it hasn’t stopped nefarious groups and individuals who see a huge opportunity to take advantage of a strained, tested and constrained InfoSec team and infrastructure.
Opportunists have gone as far as creating fake COVID-19 maps and use them as droppers for malware. Unsuspecting users who are seeking information on the COVID-19 spread are enticed to download these maps and having their systems being compromised (see this KrebsOnSecurity post).
In many cases the goal is credential theft, such as stealing usernames and passwords. These same users may then come in on the intranet, and with the implicit trust of being on the intranet, gain access to systems that can then be easily compromised. Many other such schemes are being rapidly deployed by bad actors to take advantage of unsuspecting users and thinly-stretched IT and InfoSec teams.
Moving toward a Zero Trust (ZT) architecture is gaining importance, where basic premise of ZT is to eliminate the implicit good faith associated with locality of access, and shift towards protecting assets, not network segments. In this case, assets are users, devices and applications. In other words, ZT assumes there is no implicit trust granted to assets based solely on their physical or network location. A few key principles of Zero Trust are:
- Identify all assets and their access/communication patterns
- Deploy/enforce authentication, authorization and access control of all assets
- Encrypt all data flows regardless of network location
- Monitor data flows and assets to detect changes, violations or anomalies
Though ZT, companies see a unified security framework for all assets. In doing so, IT and InfoSec teams can reduce the burden of dealing with different infrastructure for users on the intranet versus internet, while also providing a unified experience to users independent of the locality of access, and keep one consistent framework for security. In a world where the workplace is increasingly shifting toward a “work anywhere” model, moving toward a ZT architecture simply makes sense.
Shifting towards a ZT architecture requires more than a night and a weekend. ZT architecture is a journey that requires organizational commitment. Severe dislocations, like the widespread upheavals caused by COVID-19, force organizations to adopt such policies with surprising urgency.
For businesses and groups that embark on the journey, the worry and difficulty will ultimately result in a more secure, more reliably high-performance network of assets.
Your organization can embrace the journey with a few key steps:
- Map out your assets. Leverage nonintrusive techniques such as network metadata for visibility, along with leveraging host/endpoint-based approaches.
- Discover and understand asset communication flows and patterns.Once again, monitoring network traffic provides an excellent approach for gaining this insight. This is important in order to define the right access control policies. Not understanding this can lead to potential disruption in the business.
- Implement authentication and access control policies based on your discovery.For legacy devices and applications that can’t easily be authenticated, isolate them on different segments of the network and monitor and control all access to and from them.
- Set up a continuous monitoring strategy.Monitor network traffic, as well as log host/endpoint data. Use tools that can work off this data to analyze it, and surface incidents and violations of the policy.
Zero Trust is a journey that requires significant thought in terms of executing to the above steps. Many organizations have in the past delayed this initiative. With the workplace being completely reimagined due to the tragic disruption of the COVID-19 pandemic, the need to streamline and unify the security infrastructure of organizations is perhaps never as urgent as it is now.