Zero Trust approach: Effective cybersecurity in the work-from-anywhere era

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has announced the industry’s most complete solution to enable organisations to secure and connect work-from-anywhere. By unifying Fortinet’s broad portfolio of Zero Trust, endpoint and network security solutions within the Fortinet Security Fabric, Fortinet delivers security, services and threat intelligence that seamlessly follow users whether on the road, at home, or in the office to provide enterprise-grade protection and productivity.

John Maddison, EVP of Products and CMO at Fortinet, said: “Empowering users to move seamlessly between different work environments has critical implications for maintaining user productivity as well as security. Cybercriminals have been quick to exploit the expanded attack surface and security gaps created by this shift in work patterns to get a foothold into the corporate network. Today’s enterprise organisations require work-from-anywhere security that is as flexible and dynamic as today’s business demands. Fortinet is the only vendor capable of delivering unified security built for the work-from-anywhere era that seamlessly adapts based on a user’s environment and risk profile.”

The COVID-19 pandemic has surfaced as the forcing function that greatly expanded the work-from-anywhere model. A forecast analysis from Gartner reveals, ‘by the end of 2024, the change in the nature of work will increase the total available remote worker market to 60% of all employees, up from 52% in 2020’. Also according to Gartner, ‘Organisations are facing a hybrid future, with 75% of hybrid or remote knowledge workers saying their expectations for working flexibly have increased’.

At the same time, multi-stage sophisticated attacks like ransomware are plaguing organisations at an increasing rate. According to the 1H Global Threat Landscape Report from FortiGuard Labs, ransomware incidents have increased nearly 1100% from June 2020 to June 2021. And in a recent global ransomware survey conducted by Fortinet, an astonishing 67% of organisations report having been a ransomware target.

It’s clear that remote and hybrid work is now the status quo and cybercriminals will continue to take advantage of this expanded attack surface. To address the shift in the workforce and threat landscape, enterprises must now take a ‘work-from-anywhere’ approach to their security by deploying solutions capable of following, enabling and protecting users no matter where they are located.

Intelligent CISO spoke to five industry experts about how important a Zero Trust approach is in ensuring effective cybersecurity in the work-from-anywhere era.

In the age of work-from-anywhere, IT teams have had to completely reconceptualise the traditional notion of a ‘secure perimeter’, adapting instead to an office that spans the globe and technologies that render the concept of a network edge redundant. Zero Trust networks are segmented into batches of smaller perimeters, each with strict authentication measures. These are designed to prevent someone who breaches a network from roaming around your system undetected and accessing your most sensitive data, which can drastically reduce the damage they can cause.

The notion of Zero Trust has caught the attention of many organisations over the past few years – so much so that President Biden enforced the approach for government agencies in an executive order earlier this year. In today’s threat landscape, IT teams must operate on the assumption that they will be subject to a cyberattack and focus instead on mitigating the damage. With a Zero Trust strategy, businesses are bolstering their existing cybersecurity with a series of virtual firedoors, preventing malicious actors from penetrating the business in search of the most sensitive data.

However, the true cyberthreat to businesses are negligent or malicious insiders. Time and time again, research has shown that human error is the main cause of company data breaches, and in the remote office, social engineering attacks are growing in success and frequency. People often mistake Zero Trust as an approach that suggests businesses do not trust anyone, including their own staff, but that is not the case. Zero Trust is a change in approach from the tried and tested methods of cybersecurity and it requires the implementation not just of a network infrastructure, but also a new culture of cyber consciousness. One of the most critical aspects of Zero Trust is a far greater understanding of the data residing in an organisation and the context in which the data is being used in order to better assess appropriate safeguards and ensure policies are in place. Features like Multi-Factor Authentication act as a reminder to employees that the data that they handle day-to-day could be valuable to a malicious actor, and instils a culture in which cybersecurity is everyone’s responsibility.

Today’s ‘work from anywhere’ culture, largely a result of the pandemic, means the world of work has become highly connected and highly digitised. According to Gartner, the growing adoption of cloud applications combined with a more mobile workforce have made the browser the most important productivity tool in the business. Given the current threat landscape, this presents a real challenge.

Where companies are increasingly moving to the cloud and adopting SaaS solutions, they are experiencing attacks outside of the safety of the corporate network. Firms have moved from having an easily defensible, centralised perimeter to going directly to the Internet, bypassing network security and exposing a series of new vulnerabilities.

Unfortunately, many continue to rely on the same approach of ‘detect and prevent’. Blocking an attack and then detecting a breach once it’s occurred is failing this new model and means organisation simply cannot keep up with sophisticated browser-based attacks.

Zero Trust is the principle that allows security teams to overcome the ingenuity of even the most malicious attackers.

Traditional security models operate on the outdated assumption that everything inside an organisation’s network should be trusted. Under this broken trust model, it is assumed that a user’s identity is not compromised and that all users act responsibly and can be trusted.

But many of the most damaging cyberattacks in recent times, such as the SolarWinds breach, were allowed to happen because of the simple fact that once hackers gained access inside corporate firewalls, they were then able to move laterally through internal systems, access and exfiltrate data, elevate privileges, and importantly, without any real resistance.

Zero Trust addresses this, leading the shift away from legacy ‘castle and moat’ solutions and removing many of the issues associated with detection-based security technologies.

It takes a default ‘deny’ approach to security that is rooted in the principle of continual verification. It recognises ‘trust’ as a vulnerability, and therefore, commands that all traffic – including emails, websites, videos and documents that originate from either inside or outside an organisation – is verified.

The three key principles typical of Zero Trust are:

The idea of verification with continuous authentication of all available data points.
Companies must incorporate a policy of ‘least privilege’, limiting user access to the applications and areas of a company network that they need to do their job effectively. This not only secures data, but also helps to enhance productivity.
An organisation must assume that a breach is imminent. In doing so, security becomes a priority in all decision-making and can be continually adapted with the use of other tactics.

In this new work-from-anywhere era, organisations have been under increasing pressure to adopt efficient and secure access policies. With employees working from multiple locations at different times, organisations are under increasing threats from cyberattacks, with every connection a possible route for bad actors to compromise the network. In order for organisations to protect their networks they must adopt a Zero Trust mindset, which always assumes a device, or an employee account might be compromised.

Zero Trust is founded on the idea of authenticating an identity. These authentication requirements are based on the assets that are being accessed and the device that is being used to access them.

Zero Trust Network Access (ZTNA) is a solution that creates an identity-based access boundary around applications with access depending on the user having the right credentials. ZTNA allows security teams to control how an organisation’s network can be accessed and enables them to implement network segmentation which limits a user’s access to only the areas they need in order to fulfil their job.

Segmentation helps stop any suspicious activity before it turns into a potential breach. In a Zero Trust model, you can isolate a network segment as soon as suspicious activity is detected. With employees accessing the network at different endpoints with varying degrees of security, it is important that organisations can restrict the movement of possible threat actors and mitigate the damage caused by any cyberattacks that may occur.

A highly automated ZTNA approach also reduces the management burden for IT and security teams while maintaining a secure network. IT and security departments benefit from an automated setup with a greater degree of control, rather than having to continually assign and configure dozens of different firewall policies. Security teams with a reduced management burden can deal with threats much faster, which significantly reduces the damage caused by cyberattackers.

A good ZTNA solution will also provide access logs, which details which user accessed what and when. This is crucial in the remote working era when CISOs need to quickly detect threats and deal with them before they can cause significant damage to an organisation’s network.

Organisations which still rely on legacy tools, such as VPNs, will find out quickly that they are not sensible choices in today’s fast-paced digital world. As malware continues to become more advanced and threat actors find new methods to breach networks, organisations that fail to adopt Zero Trust solutions will find themselves exposed to further cyberattacks, which will cause significant damage across their whole network, resulting in both major financial and reputational damage. With Zero Trust, CISOs can have confidence that they are able to deal with threats despite workers accessing the network from multiple locations at different times.

The traditional notion of perimeter security has crumbled in the face of the public cloud within the last 18 months, with remote working and increased mobility. As staff work from home and increase the use of personal devices, IT teams have reduced control around access to business systems and data, while the attack surface and threat level increases. With this in mind, businesses are more frequently implementing Zero Trust approaches in their IT security landscape.

A Zero Trust strategy moves beyond the notion of a traditional network perimeter and operates under the theory of ‘never trust, always verify,’ limiting access levels and prioritising the minimum user authorisation to ensure data, assets and infrastructure are protected. Under this model, every device, user, network and application flow should be checked to remove excessive access privileges and other potential threat vectors.

The Zero Trust approach recognises that even trusted insiders can constitute a cyberthreat. In 2020, 94% of organisations experienced insider data breaches. It’s common to think of an internal threat actor as a disgruntled employee or spy undermining cybersecurity with ill intent but it’s even more common for a well-meaning employee to inadvertently open the door to hackers through poor password hygiene, nonsecure practices or the ever-popular phishing lure. This is why Zero Trust excels in environments where employees are trusted with business data.

In the work from anywhere era, a Zero Trust strategy requires thoughtful integration into every level of a business, from the IT infrastructure to the daily processes to staff training. Without attention to detail, businesses could create even more vulnerabilities for malicious actors to exploit, but if done correctly, Zero Trust can eliminate cyberthreats even with the largest attack surface.

Today’s modern enterprises face a unique challenge. While under pressure to constantly innovate and scale, organisations must now also empower the anywhere workforce – and mitigate the security risks that come with it. This involves securing applications and data across multiple platforms and workloads, with exponentially more surfaces to defend. In a recent global survey, nearly 80% of organisations reported experiencing greater cyberattack volumes, with majority pointing to the work-from-anywhere era as the cause.

Now is the time to rethink security as an inherent and distributed part of the modern enterprise – and this can only be done through implementing a Zero Trust strategy. To implement a Zero Trust approach, siloed teams, processes and technologies must connect and align. This requires real-time intelligence to orchestrate security controls across distributed environments. Simply put, a Zero Trust architecture sits on the basis, never trust always verify. This allows users only the access they require to perform their jobs, while allowing them to request further access if necessary. This reduces the attack surface without adding operational complexity – allowing for the seamless and connected employee experience required in this work-from-anywhere era.

To achieve cybervigilance with Zero Trust, organisations must first increase situational awareness. This involves taking a proactive and comprehensive approach to security, regardless of sector size. Increasing extended detection and response capabilities across endpoint, workload, network, identity and email can enable the SOC to have more telemetry at their fingertips.

Migration to the cloud shows no sign of slowing down, which must result in security that extends across workloads, containers and Kubernetes environments. Protection across cloud workloads should be the top priority for organisations implementing a Zero Trust strategy, utilising public and private clouds to take security to the next level and protect against attacks like cloud-jacking.

Moreover, today’s attacks do not have a distinct beginning or end. Instead, adversaries use the opportunity to learn as much as they can about organisations. Security teams need the ability to accurately track identities as they move throughout networks to ensure adequate protection. This requires just in time administration and two factor authentication. Only then can the principle of least privilege be effectively applied.

Applying micro-segmentation also enables companies to limit an adversary’s ability to move laterally within the organisation. Forcing intruders to cross trust boundaries provides an improved opportunity for detection and prevention. Security teams should always assume attackers have multiple avenues into their organisation. Threat hunting on all devices can help security teams detect behavioural anomalies as adversaries usually act under the radar.

A nuanced approach, that involves end-to-end visibility and reduced time to detection and response, is the only way to combat ever-evolving threats. Only then will enterprises be better equipped to solve the threats of today and tomorrow, while remaining competitive through innovation and growth.

Source: Intelligent Ciso