The Hybrid Workplace & the Need for ‘Zero Trust’ Security

Zero Trust – assuming by default that no-one, nowhere can be trusted – is a critical security component of the new hybrid, cloud-based workplace, where staff and systems no longer sit within the safety of the traditional office network perimeter.

Zero Trust – assuming by default that no-one, nowhere can be trusted – is a critical security component of the new hybrid, cloud-based workplace, where staff and systems no longer sit within the safety of the traditional office network perimeter.

The need for Zero Trust security in the hybrid workplace

The COVID-19 pandemic finally forced laggards to fully embrace remote collaboration. It seems likely that many organisations will never mandate a complete return to the office, but retaining the ability for people to work from anywhere means viewing security in a new way.

The concept of granting remote staff access to the entire organisation’s IT systems and resources by default leaves the door wide open to attackers. Threat actors were quick to take advantage of the situation.

In essence, Zero Trust means always acting as though there’s already somebody in your network behaving in a malicious way.

Kevin Bloch – Founder Bloch Advisory

The pandemic has seen a significant increase in ransomware, sophisticated spear-phishing attacks and other security threats designed to take advantage of the disruption caused by working from home and the hybrid workplace.

The Zero Trust approach

Just like the hybrid workplace, Zero Trust focuses less on where people are and more on who they are and what they’re doing. Sometimes referred to as the software-defined perimeter, Zero Trust is an identity-driven approach to security.

Rather than simply striving to keep attackers at bay, the Zero Trust philosophy takes extra precautions on the assumption that attackers have already penetrated defences, says Kevin Bloch – ​​former Cisco ANZ Chief Technology Officer and founder of corporate technology advisory firm Bloch Advisory.

“The notion of simply protecting the network is no longer relevant,  you need to protect your users and your apps – especially today when your people and systems are spread far and wide,” Bloch told Orro’s recent ‘The rise of the MSP’ virtual fireside event.

“In essence, Zero Trust means always acting as though there’s already somebody in your network behaving in a malicious way.”

Australia falls behind in adopting Zero Trust security

Zero Trust improves security posture and risk management by taking a granular and segmented approach to security, which significantly limits the impact should a breach occur. Those companies which adopted Zero Trust are better positioned to deal with data breaches – reducing the cost of an average data breach by 35 per cent[1].

The notion of simply protecting the network is no longer relevant,  you need to protect your users and your apps – especially today when your people and systems are spread far and wide

Kevin Bloch – Founder Bloch Advisory

Despite this, Australia lags behind when it comes to embracing the concept of Zero Trust, Bloch says. US President Joe Biden signed a cybersecurity executive order last year calling for the US Federal government to adopt a Zero Trust architecture.

“Likewise, the UK’s legislation based around the NIST Cybersecurity Framework and concepts like Zero Trust have put it in good stead to deal with these threats,” he says.

“Meanwhile, the Australian Government lags the UK Government in this area by 12 to 24 months.”

While the IT skills shortage is making it more difficult for Australian organisations to tackle these challenges, a recent influx of cybersecurity skills into the market presents an opportunity for savvy organisations looking to re-architect their security to better support the hybrid office.

“Three cybersecurity unicorns came to market in the last six to 12 months,” Bloch says. “Then the interest rate lever was pulled and those cybersecurity players are putting 20 per cent of their workforce on the market.”

“In other words, 1000 people from cybersecurity companies are now coming free, which presents a real opportunity for smart organisations looking to embrace Zero Trust to bolster their defences and meet the challenges of the hybrid workplace.”

[1] https://newsroom.ibm.com/2021-07-28-IBM-Report-Cost-of-a-Data-Breach-Hits-Record-High-During-Pandemic

 

 

Get In Touch With Orro Today

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Related Insights

24 March 2022

What Is SASE?

Pronounced “sassy”, SASE is an enterprise networking technology category introduced by Gartner in 2019 – coining a phrase to describe an assortment of security tools and practises.
4 December 2023

How to Improve Your Organisation’s Cyber Security

An insight into Orro’s Director of Cyber Services, Manny Salazar on cyber attacks, crime & security.
21 May 2021

Why Businesses Must Prioritise Ransomware Protection

A couple of weeks ago, news came out that a large pipeline operator in the US, Colonial Pipeline, was breached and infected by ransomware. Their systems were taken offline by an attack that encrypted all their data and demanded a ransom for it to be unlocked.