Insights

Zero Trust: Cyber Security in a remote working world

Practically overnight organisations have been forced to work remotely.

What began as a short-term necessity is now being considered a longer-term solution with a recent Gartner survey revealing 74% of organisations surveyed intend to shift some staff to permanent remote working following COVID-19.

Remote working has been on the rise for years thanks to its flexibility, work-life balance, and increased productivity; however, the current pandemic has acted as a catalyst to accelerate mass adoption. Now widespread, it will be difficult for organisations to return to exactly how they were before as staff enjoy these benefits and business leaders consider the cost savings of reducing office space.

With more permanent remote (or flexible) working currently being considered across the UK, organisations are having to review how to make this sustainable. Initial solutions that were launched to support remote working, such as Microsoft Teams, have been successful for business continuity and collaboration but one critical element has fallen behind: cyber security.

The sudden transition to remote working has meant that former cyber security models are no longer fit for purpose and staff identities, devices and data are susceptible to cyber-attacks. In fact, nearly half of UK businesses believe that their cyber security is unfit for permanent remote working according to a recent report from Centrify. As cyber-attacks continue to increase and capitalise on the new vulnerabilities of remote working, cyber security needs to be a top business priority.

How security has changed

Traditionally, IT security adopted a perimeter-defence method – also known as ‘castle and moat’ – where organisations would build a wall of protection around their network and anyone within the perimeter was trusted. This is no longer effective as cloud services and mobile computing have redefined the security perimeter. Today, staff need to access applications and information outside of traditional corporate network boundaries, making the perimeter model obsolete. As cloud computing and mobile working continues to increase, organisations need to evolve their security to protect their staff, devices, and data – wherever they are.

The solution is Zero Trust networking. At its core is the principle of “never trust, always verify”, which means that anyone requires verification to gain access to organisational data. The key is balancing tight security measures with a great user experience so staff can still easily access what they need to without frustrating barriers or tedious steps. Whilst staff still need to be aware and trained on cyber risks, Zero Trust can take security largely out of their hands. Modern security technologies, such as Microsoft 365, use automation and machine learning to instantly verify the identity, device, permissions, data, and location of the person requesting access before granting – without them even being aware that it’s happening.

Achieving Zero Trust

With the right people (or partners), processes and technology, organisations can implement a Zero Trust model to addresses the modern security challenges that arise from cloud migration and remote working. By following a phased approach, organisations can tackle the quickest wins first and embed Zero Trust into their wider IT strategy – even using existing technologies, such as Office 365 to start the transition. When combined with ongoing managed security services, organisations can have the peace of mind that potential cyber threats are being automatically identified, analysed, and mitigated.

Whether being driven by remote working, or the inevitable continued adoption of cloud services, it is important for all organisations to develop and implement a Zero Trust security strategy.

If you would like help to understand your current security posture, please get in touch today.