Zero Trust – assuming by default that no-one, nowhere can be trusted – is a critical security component of the new hybrid, cloud-based workplace, where staff and systems no longer sit within the safety of the traditional office network perimeter.
The need for Zero Trust security in the hybrid workplace
The COVID-19 pandemic finally forced laggards to fully embrace remote collaboration. It seems likely that many organisations will never mandate a complete return to the office, but retaining the ability for people to work from anywhere means viewing security in a new way.
The concept of granting remote staff access to the entire organisation’s IT systems and resources by default leaves the door wide open to attackers. Threat actors were quick to take advantage of the situation.
In essence, Zero Trust means always acting as though there’s already somebody in your network behaving in a malicious way.
Kevin Bloch – Founder Bloch Advisory
The pandemic has seen a significant increase in ransomware, sophisticated spear-phishing attacks and other security threats designed to take advantage of the disruption caused by working from home and the hybrid workplace.
The Zero Trust approach
Just like the hybrid workplace, Zero Trust focuses less on where people are and more on who they are and what they’re doing. Sometimes referred to as the software-defined perimeter, Zero Trust is an identity-driven approach to security.
Rather than simply striving to keep attackers at bay, the Zero Trust philosophy takes extra precautions on the assumption that attackers have already penetrated defences, says Kevin Bloch – former Cisco ANZ Chief Technology Officer and founder of corporate technology advisory firm Bloch Advisory.
“The notion of simply protecting the network is no longer relevant, you need to protect your users and your apps – especially today when your people and systems are spread far and wide,” Bloch told Orro’s recent ‘The rise of the MSP’ virtual fireside event.
“In essence, Zero Trust means always acting as though there’s already somebody in your network behaving in a malicious way.”
Australia falls behind in adopting Zero Trust security
Zero Trust improves security posture and risk management by taking a granular and segmented approach to security, which significantly limits the impact should a breach occur. Those companies which adopted Zero Trust are better positioned to deal with data breaches – reducing the cost of an average data breach by 35 per cent[1].
The notion of simply protecting the network is no longer relevant, you need to protect your users and your apps – especially today when your people and systems are spread far and wide
Kevin Bloch – Founder Bloch Advisory
Despite this, Australia lags behind when it comes to embracing the concept of Zero Trust, Bloch says. US President Joe Biden signed a cybersecurity executive order last year calling for the US Federal government to adopt a Zero Trust architecture.
“Likewise, the UK’s legislation based around the NIST Cybersecurity Framework and concepts like Zero Trust have put it in good stead to deal with these threats,” he says.
“Meanwhile, the Australian Government lags the UK Government in this area by 12 to 24 months.”
While the IT skills shortage is making it more difficult for Australian organisations to tackle these challenges, a recent influx of cybersecurity skills into the market presents an opportunity for savvy organisations looking to re-architect their security to better support the hybrid office.
“Three cybersecurity unicorns came to market in the last six to 12 months,” Bloch says. “Then the interest rate lever was pulled and those cybersecurity players are putting 20 per cent of their workforce on the market.”
“In other words, 1000 people from cybersecurity companies are now coming free, which presents a real opportunity for smart organisations looking to embrace Zero Trust to bolster their defences and meet the challenges of the hybrid workplace.”
Get In Touch With Orro Today
"*" indicates required fields