For the majority of organisations digital transformation is well underway, bringing innovation, efficiency, and data-driven decision making as a result. So far, so good. However, as organisations expand considerably through the cloud, the security risks facing their intellectual property and customer data increases as a result too. In fact, Akamai’s latest State of the Internet Security Report found that organisations were under increasing pressure from botnets looking to gain access to networks through credential abuse, with nearly 27 billion bot attacks between May and December 2018 alone.
Moving beyond the control
In the past, businesses would only be able to operate within their ‘own walls’, making protecting themselves a much more defined process. Security teams knew where everyone was, where they were accessing things from, and what they were using to do so. Think of it like the old-fashioned castle, with a moat acting as a firewall for the business. Here everyone is verified before the drawbridge is lowered, then once you’re in the castle you’re considered safe and trusted. So, with this approach, you’re either completely in, or shut out entirely from the network.
As more companies embrace the cloud, this perimeter security approach looks a bit shaky. Users and data are no longer in the same location and businesses are faced with employees accessing the company network beyond the perimeter they control. While this is good for employees to work where they want and how they want, moving beyond that perimeter makes them more susceptible targets to malicious hackers. This is made worse when you bring in freelancers or employees that want to use their own devices.
The reason is simple, even though employees have moved beyond the perimeter, by accessing the same applications as they would have from inside, they have stretched the perimeter and made it less secure. As they are still considered as trusted by the network and there is an increase in the number of devices gaining access to the network, this means that hackers have a greater attack surface to target. If hackers can compromise someone’s device, then they have a free shot into the network, where they can cause havoc. This can be through a phishing email or employees working remotely on unsecured Wi-Fi. Freelancers in particular can be vulnerable targets, and act as unwitting carriers, becoming compromised while connected to one company’s network and then introducing vulnerabilities to the next one they go to. Once inside, attackers can remain undetected for months and are able to extract huge amount of confidential and proprietary data.
Verify and never trust
In the age of the General Data Protection Regulation (GDPR), protecting customer data should be a business’ key concern – reputation, customer loyalty, and a business’ bottom line all hang in the balance otherwise. But with today’s flexible working environments, where corporate boundaries become harder to define, protecting customer data presents a challenge. Therefore, for businesses wanting to reap the true rewards of digital transformation a transition away from perimeter security is a necessary step.
This is where Zero Trust comes in; giving a clear methodology enabling businesses to ensure data is protected beyond the corporate boundary. Whereas the perimeter approach is ‘trust but verify’, a Zero Trust approach to security means businesses do not assume requests to access applications or data should be automatically trusted, no matter where, who or what device they come from. This requires every attempt to be authenticated before access can be granted. By doing so, should one application be compromised, the damage is limited and restricted with the rest of the network and applications isolated and protected. A good example of this would be if a remote worker who can only access a specific application is targeted, hackers would only be able to attack that app, rather than be able to see other machines and applications on the rest of the network that they could look to target.
So as businesses focus on expanding their ability to create the perfect environment for their employees to thrive, they mustn’t forget the steps they need to take to protect themselves. With Zero Trust, businesses can rest easy knowing that everyone is empowered with the right tools they need, without putting the company at risk.