The key zero trust practices to keep a hybrid workforce cyber secure

Heather Hinton, Chief Information Security Officer at RingCentral looks at how the role of zero trust has been accelerated by hybrid work, and how organizations can ensure that employees can remain protected.
Heather Hinton, Chief Information Security Officer at RingCentral looks at how the role of zero trust has been accelerated by hybrid work, and how organizations can ensure that employees can remain protected.

Unfortunately, when it comes to hybrid working, for organizations that are embracing this new ‘normal’, their security challenges are inevitably increasing. Devices, as well as data, and even people will become widely varied and more widely distributed across hybrid working environments, which makes it increasingly difficult to ensure proper management of them when it comes to security. There are numerous collaboration assets, as well as incalculable swathes of data, moving up and down from the cloud. This is happening between off-site locations and offices across a variety of formats; including mobile, laptop, tablet and conference room systems. In order to secure this data and company assets from the many elements of their hybrid places of work and people, organizations will be best served by keeping the following key zero trust practices top-of-mind.

Establishing an understanding of zero trust

The rapid acceleration of the Covid-19 pandemic forced swift lockdowns which closed offices and forced a movement en masse to working on home networks. This dramatic shift redefined security and turned zero trust into a “must have solution”. Now, with the shift to hybrid working becoming more permanent, it is crucial that businesses and employees understand what “zero trust” is and how it protects them.

Also known as “perimeterless” cybersecurity, the overall premise of zero trust is “Trust No One (without repeated verification),” including the users and the devices connecting to your organization’s network. This doesn’t mean that you don’t trust your employees; it does mean that you help them stay secure and keep the business secure by adding seamless checks and balances to their overall network access, resulting in what is called a “zero trust” environment. Sadly, trust as we knew it is relegated to a pre-covid behavior that we look back on with nostalgia. Before, access to a corporate network was assumed to be possible only for trusted devices, and it was assumed that those trusted devices were properly configured and managed. Now, devices must be verified for “ownership” (is this device approved to be on the network) and compliance with security policies (Does it have a valid certificate? Is it patched? Does it have required anti-virus/EDR solutions? And so on) every time they access the corporate network. Before, users could typically use any resources that they could access on the network. Now, users must authenticate (explicitly or under-the-covers, with single-sign-on) when they access the corporate assets they have been authorized to use. Combining device integrity, health checks, user authentication and authorization in this way offers enhanced protection for your organization in the new hybrid normal. And it makes it easier for your users to stay compliant because much of the work is done for them.

Implementing zero trust policies

Irrespective of the thoroughness of access, employees’ devices (including laptops and mobile devices) provide an attractive target to introduce malware and attackers to your corporate network. Businesses must assume that there have been attempts to compromise employees’ laptops throughout remote (and hybrid) working. Additionally, it’s important to assume that malware has been installed (unintentionally) on these devices. Applying patches in a timely manner to avoid downloading harmful code is an example of things that can be taught, there are unfortunately other lessons that will be learned the hard way. There will be, regretfully, some employees who click on unfamiliar links or download strange files (such as games for example) that are potential points of exposure for businesses – this is especially true if employees use their work laptops as personal ones. Businesses can and will help drive the integrity of their environment through zero trust solutions: if an employee can’t get on the network because their device is not patched, or doesn’t have anti-virus software, or the device itself is not authorized for network access, employees will quickly learn how to manage their devices and support a zero trust policy.

After accessing the network, zero trust solutions ensure that employees are only given access to those protected applications that they have been authorized to use. With this approach, you do not have to trust the user to not access unauthorized resources or applications; you have provided the lockdown to limit their access (you have reduced the need to trust their behavior). It is no longer enough to just be on the network to yield access to the corporate directory, to corporate wiki or web pages, or to anything else important, such as customer relationship management applications for example. Employees now have to prove that they are who they say they are AND that they have the privileges required to access a given application.

So much for your network: what happens when your users must use third-party SaaS applications, such as a CRM or a travel booking tool, in order to do their job? In this case, is authenticating to those third-party applications safe enough for businesses? Before the pandemic, this would of course be a more straightforward answer (yes). Just as we trusted our networks to be secure, we trusted our partners’ networks to be secure. However, we now need to ask if third party applications also have a robust zero trust environment that will actively prevent their users from gaining (unauthorized) access to whatever data your business may need to transmit or exchange, or can their environment somehow introduce malware or attackers into your environment. Ultimately, employees should know how their zero Trust environment expands into their partner’s (possibly not zero trust) environment. Undoubtedly, this is a time in which tech companies, in particular, need to demand more from each other – to demand that everyone in this environment operates under a (zero) trusted umbrella both in-and out-of-organizations.

READ MORE
A secure and unified approach to collaboration

While employees may end up being more laid back about their personal cybersecurity when accessing their devices for purposes of living their not-at-work lives, the only sure way to ensure that the more-lenient decisions do not come back to haunt an organization is through the provision of tools that help to account for such human errors in both work and personal contexts. We’ve all heard examples of employees who have disrupted networks for days on end by accidentally introducing malware, or exposing customer data to their social network, due to simple, human errors and the use of insecure and not-fit-for-purpose applications such as Whatsapp or iMessage. This is why providing a truly secure UCaaS application, with convenient features such as chat built-in, is a must-have for cyber-secure organizations.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...