Achieving Zero Trust? One Size Does Not Fit All
Published 06/20/2022
This blog was originally published by Lookout here.
Written by Hank Schless, Senior Manager, Security Solutions, Lookout.
How mobile and cloud technologies enable us to be reliable
More than a year of near-universal remote work has proven that many of us can reliably stay productive from anywhere — whether it be from home, co-working spaces or otherwise. Businesses have caught wind of this, and according to IDC, 60% of them will continue with remote work or implement a hybrid model even after they reopen their offices again.
This calls for a paradigm shift in the way we conduct cybersecurity. As your employees use cloud applications and work outside security perimeters using unmanaged endpoints and networks, you no longer have visibility or control over your sensitive data.
I recently invited Art Ashmann, Staff EUC Solutions Engineer at VMware to the Lookout Endpoint Enigma podcast to discuss the opportunities and challenges mobile and cloud technologies have created. Art and I talked through the pivots needed to leverage mobility safely and how to determine your path to achieving Zero Trust. Here are a couple of takeaways from our conversation:
Legacy policies and architectures are not enough
When it comes to working remotely, reliability is king. To be dependable, employees need quick and easy access to the documents and data required to do their job. This leaves the burden on organizations to determine how to secure that data in a way that does not hinder productivity.
For Art, one of the main obstacles preventing security teams from accommodating the mobile workforce is the outdated policies around legacy architectures that many organizations created over a decade ago. To securely take full advantage of the potential of cloud apps and mobile technology it is incumbent on organizations to rewrite policies to accommodate the new way of doing things, beyond physical spaces. Luckily, as Art stressed, there are many solutions out there to help along the way.
Much ado about Zero Trust: know your users and the data they require
During our conversation, Art and I kept returning to a metaphor of mountain biking to explain the customer journey of achieving Zero Trust, the idea that no entity should be given access to your data unless its risk level has been verified. In the scenario, you're standing at the bottom of a mythical mountain with a summit that constantly moves. There are 15 different trailheads and no way to tell the lengths of each trail or what obstacles you’ll encounter.
Similar to the mountain biker in this scenario, any organization that wants to achieve Zero Trust has the daunting task of determining which solutions will fit their unique needs in a market inundated with confusing terminology and ever-changing standards.
When facing this “mountain,” Art’s advice is to invest in Zero Trust technology that is both safe and easy to use. How much of either side of the equation you require will depend on several factors, including who your users are, how they interact and what types of data they need to access.
In many cases, you won’t need the “entire mountain” of Zero Trust applied to one user, especially if they are dealing with low-sensitive or public data. As Art put it, “Even though the market is saying ‘buy Zero Trust’ and ‘here's the mountain,’ you don't have to implement everything. It's about knowing who you are and what your business requires.”
Rewriting the script to accommodate the new mobile workforce
Tune into the podcast to hear the whole conversation, but for now I want to leave you with one more nugget of wisdom from Art: Rewriting policies enable organizations to start rethinking how they accommodate different users. With more space for creative problem-solving, IT and security teams can approach how best to mobilize and ensure these methods are safe and easy to use.
Related Articles:
Zero Standing Privileges (ZSP): Vendor Myths vs. Reality
Published: 11/15/2024
Modernization Strategies for Identity and Access Management
Published: 11/04/2024
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Published: 11/04/2024