Zero Trust Security – assuming by default that no-one, nowhere can be trusted – is a critical security component of the new hybrid, cloud-based workplace, where staff and systems no longer sit within the safety of the traditional office network perimeter.
[Image of Zero Trust Security architecture]
The need for Zero Trust Security in the hybrid workplace
The COVID-19 pandemic finally forced laggards to fully embrace remote collaboration. It seems likely that many organisations will never mandate a complete return to the office, but retaining the ability for people to work from anywhere means viewing security in a new way.
The concept of granting remote staff access to the entire organisation’s IT systems and resources by default leaves the door wide open to attackers. Threat actors were quick to take advantage of the situation, highlighting the urgency for a Zero Trust Security framework.
In essence, Zero Trust means always acting as though there’s already somebody in your network behaving in a malicious way.
Kevin Bloch – Founder Bloch Advisory
The pandemic has seen a significant increase in ransomware, sophisticated spear-phishing attacks and other security threats designed to take advantage of the disruption caused by working from home and the hybrid workplace.
The Zero Trust Security approach
Just like the hybrid workplace, Zero Trust Security focuses less on where people are and more on who they are and what they’re doing. Sometimes referred to as the software-defined perimeter, this is an identity-driven approach to security.
Rather than simply striving to keep attackers at bay, the philosophy takes extra precautions on the assumption that attackers have already penetrated defences, says Kevin Bloch – former Cisco ANZ Chief Technology Officer and founder of corporate technology advisory firm Bloch Advisory.
“The notion of simply protecting the network is no longer relevant, you need to protect your users and your apps – especially today when your people and systems are spread far and wide,” Bloch told Orro’s recent ‘The rise of the MSP’ virtual fireside event.
“In essence, Zero Trust Security means always acting as though there’s already somebody in your network behaving in a malicious way.”
Australia falls behind in adopting Zero Trust Security
This model improves security posture and risk management by taking a granular and segmented approach to security, which significantly limits the impact should a breach occur. Those companies which adopted Zero Trust Security are better positioned to deal with data breaches – reducing the cost of an average data breach by 35 per cent[1].
The notion of simply protecting the network is no longer relevant, you need to protect your users and your apps – especially today when your people and systems are spread far and wide
Kevin Bloch – Founder Bloch Advisory
Despite this, Australia lags behind when it comes to embracing the concept, Bloch says. US President Joe Biden signed a cybersecurity executive order calling for the US Federal government to adopt a Zero Trust Security architecture.
“Likewise, the UK’s legislation based around the NIST Cybersecurity Framework and concepts like Zero Trust have put it in good stead to deal with these threats,” he says.
“Meanwhile, the Australian Government lags the UK Government in this area by 12 to 24 months.”
While the IT skills shortage is making it more difficult for Australian organisations to tackle these challenges, a recent influx of cybersecurity skills into the market presents an opportunity for savvy organisations looking to re-architect their security to better support the hybrid office using Zero Trust Security.
“Three cybersecurity unicorns came to market in the last six to 12 months,” Bloch says. “Then the interest rate lever was pulled and those cybersecurity players are putting 20 per cent of their workforce on the market.”
“In other words, 1000 people from cybersecurity companies are now coming free, which presents a real opportunity for smart organisations looking to bolster their defences and meet the challenges of the hybrid workplace.”
Consult an Expert: Implementing a robust Zero Trust Security framework is the most effective way to protect your distributed workforce.
Contact our team to learn how Orro can help you transition to an identity-driven security model.
