How to stop worrying and love zero confidence

How to stop worrying and love zero confidence

Countless articles have been published in recent years on zero trust, most of them explorations and expositions for security professionals.

But I want to write for the remote workers on the other side of the so-called "trust" equation: the people who will face change and pitfalls as zero-trust strategies are implemented and refined over the next few years.

Welcome to this jargon-free explanation of zero trust.

If you're an IT or security professional, save this newsletter to share with employees, especially remote employees, who need to understand what's happening and why.

First of all, Zero Trust is not a product or a service, it is an idea, an approach, a strategy.

We need zero trust to secure the future of the workplace. And the reason is that the old strategy, perimeter security, no longer works.

Along with perimeter security, a corporate firewall was in place. Everyone, devices, and applications inside the firewall were supposed to be safe – they were trusted because they were inside. Remote employees can access the firewall using a virtual private network (VPN), which is software that encrypts data and allows an authorized person to access the firewall, even from a home office or hotel in another country.

Perimeter security used to work pretty well, but the world has changed. And now it doesn’t work anymore. Connectivity is too complex, and cyber attackers have become too sophisticated. These days we have all kinds of antiquated networks, complex cloud computing arrangements, and a host of tiny, connected, often sensor-based units all brought together under the umbrella of the Internet of Things (IoT).

And we have you. Yes, you.

The main reason perimeter security is no longer working is that people are working remotely not just from their home office but over any connection, anywhere, anywhere.

Think about the home office. With a perimeter security device, you would connect through your home Wi-Fi network using a VPN, allowing your main work laptop to be inside the firewall. Now, a number of things can happen:

  • The neighbour's hacker kid, who can access your Wi-Fi from his room, is using that access to hack into your laptop, compromise your VPN software, and therefore compromise the entire business, because now she's on the inside too. perimeter. from her workplace.
  • You step away from your laptop for a few minutes, and while you're still logged in, your son's friend comes over to your home office to take a look at some porn. While doing so, he visits a shady site that automatically downloads all sorts of malware onto your laptop. After this event, your laptop connects to servers in Eastern Europe all day, every day, allowing gangs of professional malicious hackers to take advantage of VPN access to your corporate networks.
  • Your parents buy your kids a toy for Christmas, which connects via Wi-Fi. Now you have an IoT device on your home network from a company that has no plans to release a security update. This device is another gateway into your Wi-Fi, your laptop, and your business by skilled hackers operating out of a car out front.
  • These scenarios involve a single WFH employee. Now imagine 5000 remote employees at a single company working from home and from all over the world, all with an untold variety of vulnerabilities.

    Do you see why remote work is the enemy of perimeter security?

    This is how zero trust works. Instead of relying on a secure “perimeter” that can’t be protected, your company will require each user, device, and application to authenticate individually.

    This means that: Even if you and your laptop are authorized to access company resources, if someone plugs a USB drive into your system, neither that drive nor the software on it will have access to these same resources. The hacker kid next door can’t access it. Malware downloaded onto your laptop can’t access it. Random IoT devices that appear on your home Wi-Fi can’t access it.

    The downside, as you can imagine, is that all this authentication will increase hassle. You'll need very good hygiene and good password practices. You'll probably need biometric authentication. There will be accidental cases where access to an authorized device or app is denied, and you'll need to work with Support to sort it all out.

    But all of those drawbacks are the price we pay for the power of IoT, cloud computing, and most importantly, remote work.

    The process is coming, and there will be a learning curve. But, in the end, I urge you to rely on zero trust. That's how things should work now.

    Copyright © 2022 IDG Communications, Inc.

    Leave your comment

    Your email address will not be published. Required fields are marked with *

    Go up