The key zero trust practices to keep a hybrid workforce cyber secure

Heather Hinton, Chief Information Security Officer at RingCentral looks at how the role of zero trust has been accelerated by hybrid work, and how organizations can ensure that employees can remain protected.
Heather Hinton, Chief Information Security Officer at RingCentral looks at how the role of zero trust has been accelerated by hybrid work, and how organizations can ensure that employees can remain protected.

Unfortunately, when it comes to hybrid working, for organizations that are embracing this new ‘normal’, their security challenges are inevitably increasing. Devices, as well as data, and even people will become widely varied and more widely distributed across hybrid working environments, which makes it increasingly difficult to ensure proper management of them when it comes to security. There are numerous collaboration assets, as well as incalculable swathes of data, moving up and down from the cloud. This is happening between off-site locations and offices across a variety of formats; including mobile, laptop, tablet and conference room systems. In order to secure this data and company assets from the many elements of their hybrid places of work and people, organizations will be best served by keeping the following key zero trust practices top-of-mind.

Establishing an understanding of zero trust

The rapid acceleration of the Covid-19 pandemic forced swift lockdowns which closed offices and forced a movement en masse to working on home networks. This dramatic shift redefined security and turned zero trust into a “must have solution”. Now, with the shift to hybrid working becoming more permanent, it is crucial that businesses and employees understand what “zero trust” is and how it protects them.

Also known as “perimeterless” cybersecurity, the overall premise of zero trust is “Trust No One (without repeated verification),” including the users and the devices connecting to your organization’s network. This doesn’t mean that you don’t trust your employees; it does mean that you help them stay secure and keep the business secure by adding seamless checks and balances to their overall network access, resulting in what is called a “zero trust” environment. Sadly, trust as we knew it is relegated to a pre-covid behavior that we look back on with nostalgia. Before, access to a corporate network was assumed to be possible only for trusted devices, and it was assumed that those trusted devices were properly configured and managed. Now, devices must be verified for “ownership” (is this device approved to be on the network) and compliance with security policies (Does it have a valid certificate? Is it patched? Does it have required anti-virus/EDR solutions? And so on) every time they access the corporate network. Before, users could typically use any resources that they could access on the network. Now, users must authenticate (explicitly or under-the-covers, with single-sign-on) when they access the corporate assets they have been authorized to use. Combining device integrity, health checks, user authentication and authorization in this way offers enhanced protection for your organization in the new hybrid normal. And it makes it easier for your users to stay compliant because much of the work is done for them.

Implementing zero trust policies

Irrespective of the thoroughness of access, employees’ devices (including laptops and mobile devices) provide an attractive target to introduce malware and attackers to your corporate network. Businesses must assume that there have been attempts to compromise employees’ laptops throughout remote (and hybrid) working. Additionally, it’s important to assume that malware has been installed (unintentionally) on these devices. Applying patches in a timely manner to avoid downloading harmful code is an example of things that can be taught, there are unfortunately other lessons that will be learned the hard way. There will be, regretfully, some employees who click on unfamiliar links or download strange files (such as games for example) that are potential points of exposure for businesses – this is especially true if employees use their work laptops as personal ones. Businesses can and will help drive the integrity of their environment through zero trust solutions: if an employee can’t get on the network because their device is not patched, or doesn’t have anti-virus software, or the device itself is not authorized for network access, employees will quickly learn how to manage their devices and support a zero trust policy.

After accessing the network, zero trust solutions ensure that employees are only given access to those protected applications that they have been authorized to use. With this approach, you do not have to trust the user to not access unauthorized resources or applications; you have provided the lockdown to limit their access (you have reduced the need to trust their behavior). It is no longer enough to just be on the network to yield access to the corporate directory, to corporate wiki or web pages, or to anything else important, such as customer relationship management applications for example. Employees now have to prove that they are who they say they are AND that they have the privileges required to access a given application.

So much for your network: what happens when your users must use third-party SaaS applications, such as a CRM or a travel booking tool, in order to do their job? In this case, is authenticating to those third-party applications safe enough for businesses? Before the pandemic, this would of course be a more straightforward answer (yes). Just as we trusted our networks to be secure, we trusted our partners’ networks to be secure. However, we now need to ask if third party applications also have a robust zero trust environment that will actively prevent their users from gaining (unauthorized) access to whatever data your business may need to transmit or exchange, or can their environment somehow introduce malware or attackers into your environment. Ultimately, employees should know how their zero Trust environment expands into their partner’s (possibly not zero trust) environment. Undoubtedly, this is a time in which tech companies, in particular, need to demand more from each other – to demand that everyone in this environment operates under a (zero) trusted umbrella both in-and out-of-organizations.

A secure and unified approach to collaboration

While employees may end up being more laid back about their personal cybersecurity when accessing their devices for purposes of living their not-at-work lives, the only sure way to ensure that the more-lenient decisions do not come back to haunt an organization is through the provision of tools that help to account for such human errors in both work and personal contexts. We’ve all heard examples of employees who have disrupted networks for days on end by accidentally introducing malware, or exposing customer data to their social network, due to simple, human errors and the use of insecure and not-fit-for-purpose applications such as Whatsapp or iMessage. This is why providing a truly secure UCaaS application, with convenient features such as chat built-in, is a must-have for cyber-secure organizations.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of Zero Trust, Cyber Security, The key zero trust practices to keep a hybrid workforce cyber secure

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

AI alignment: teaching tech human language

Daniel Langkilde • 05th February 2024

However, Embodied AI refers to robots, virtual assistants or other intelligent systems that can interact with and learn from a physical environment. In order to do this, they’re built with sensors that can gather data from their surroundings, with this they also have AI systems that help them analyse data they collect, and ultimately learn...

CARMA announces acquisition of mmi Analytics

Jason Weekes • 01st February 2024

CARMA announces acquisition of mmi Analytics, expanding expertise in Beauty, Fashion, and Lifestyle sectors The combined organisation is set to redefine the landscape of media intelligence, providing unparalleled expertise and comprehensive insights for PR professional and marketers in the exciting world of beauty, fashion and lifestyle.

Managing Private Content Exposure Risk in 2024

Tim Freestone • 31st January 2024

Managing the privacy and compliance of sensitive content communications is getting more and more difficult for businesses. Cybercriminals continue to evolve their approaches, making it harder than ever to identify, stop, and mitigate the damages of malicious attacks. But, what are the key issues for IT admins to look out for in 2024?

Revolutionizing Ground Warfare Environment with Software-Enabled Armored Vehicles

Wind River • 31st January 2024

Armoured vehicles which are purpose-built for mission-critical operations are reliant on control systems that provide deterministic behaviour to meet hard real-time requirements, deliver extreme reliability, and meet rigorous security requirements against evolving threats. Wind River® has the partners and the expertise, a proven real-time operating system (RTOS), software lifecycle management techniques, and an extensive track...

The need to prove environmental accountability

Matt Tormollen • 31st January 2024

We are currently in the midst of one of the most consequential energy transitions since records began. The increasing availability of clean electrons has motivated businesses in the UK and beyond to think green. And for good reason. Being environmentally conscious attracts customers, appeases regulators, retains staff, and can even gain handouts from government. The...

Fuelling Innovation in Aftermarket

Jim Monaghan • 31st January 2024

One section of the motor trade is benefitting from the cost-of-living crisis: with consumers keeping their cars for longer, independent repairers are in huge demand. But they are also under pressure. Older cars need more repairs. They require more replacement parts, tyres and fluids. With car owners looking for value and a fast turn-around, independents...

The return of the five-day office week

Virgin Media • 25th January 2024

Virgin Media O2 Business has today published its inaugural Annual Movers Index, revealing four in ten companies are back to the office full time, despite widespread travel delays and disruptions With 2023 cementing the cost-of-living crisis, second hand shopping and public transport use surged as Brits sought to save money Using aggregated and anonymised UK...