The applications and infrastructure used by enterprises is no longer homogenous or confined within office perimeters. The increased reliance on software-as-a-service (SaaS) apps and mobile devices means that users are working from anywhere and accessing enterprise data on unmanaged endpoints and networks. As a result, enterprise data no longer stays within network perimeters but instead flows to wherever it is needed. This is great for productivity but less so for security as the visibility and control security teams use to have have disappeared.
VPN is NOT Zero Trust
Zero Trust security, which is defined as the idea that no user or device can gain access to enterprise resources unless proven to be trustworthy, is not a new concept. Channel solution providers have been talking about it for years. However, the huge increase in the scale of remote working triggered by the pandemic made Zero Trust a marketing tool.
Examples of security tools that would have been considered part of a Zero Trust architecture a few years ago included domain-based network access control and two-factor authentication. These however became less useful as apps and data move to cloud and users stop going into the office and using corporate-issued personal computers.
Because the pandemic demanded remote working solutions to be scaled up so rapidly, most enterprises fell back on simply extending VPNs because these were already in use for remote working. As problems arise, security tools are tacked onto VPNs.
But this is not a Zero Trust architecture. Regardless of how many third-party solutions you throw at it, if the security check is only done once, it's not enough. Once a user gains access into an enterprise network, they can go pretty much wherever they like, determined of course by access rights and permissions. This opens up a door for attackers to compromise credentials, gain access and move laterally across enterprise networks seeking data to compromise. Criminals are targeting privileged accounts via phishing tactics, easily evading perimeter security measures.
This is why adding further individual security measures onto a VPN is not Zero Trust security.
Zero Trust SASE from Endpoint to Cloud
To ensure that remote and hybrid workers can remain productive without compromising sensitive corporate data, channel partners should position intelligent Zero Trust solutions. Through the integration of endpoint security and secure access service edge (SASE) technologies, organisations can get deep visibility into the risk level that users and the networks and devices they use pose and the sensitivity level of the data they want to access.
Device telemetry is critical because mobiles phones rarely use enterprise controlled networks. Instead, they usually connect via home Wi-Fi or public networks and users are sometimes slow to download OS or app updates that contain security patches.
User behaviour also needs to be continually analysed to detect deviations from the norm indicative of malicious or accidental wrongdoing. For example, if telemetry indicates unusual behaviour from an employee, access to sensitive data can be restricted, extra authentication measures could be enforced or the content itself could be encrypted or redacted. Or the session completely terminated, if needed.
All this needs to be tied to the context — or the sensitivity level of the data the users and devices seek to access. You could lock down access solely based on user and device sensitivity, but it will likely hinder productivity as not every piece of data is highly sensitive.
In a remote-first work environment, organisations require a modern Zero Trust architecture that is intelligent. To make smart access decisions, you need deep and continuous telemetry into users, endpoints, networks, apps and data.
Find out more about how partnering with Lookout to offer SASE solutions can help you enable secure and efficient hybrid working at your customers' organisations.
This post was funded by Lookout