Microsoft Predicts Escalation of Zero Trust in Lockdown Environments

Speaking during a Microsoft webinar, the company’s EMEA chief security advisor Cyril Voisin said he does not expect companies to “fully revert to the IT state that they were in before” COVID-19 lockdown, predicting more cloud usage in the future.

Whilst he acknowledged that this will lead to more questions about how to secure a cloud deployment, he expected more use of Zero Trust strategies. Voisin also said he expects remote working to remain an option for many companies, and he explained that there is the potential for compromises in the shift of working in an office to working from home. He acknowledged that whilst the original goal “was to make things work and security may have been an afterthought,” employees still need to be trained and receive security education.

As well as that, he said he expects VPN policies to evolve. “Companies that were already doing this notion of ‘you must use a VPN for everything you do when you are not in the office’ are starting to relax,” he said, due to latency and bandwidth issues, and he predicted companies will require more VPNs going forward.

Alongside that, he said keeping corporate resources secured whilst keeping users productive will lead to greater encryption of documents, and the deployment of endpoint detection and response (EDR) will enable that. Also, companies will invest in application management, with strategies like bring your own device (BYOD) and bring your own application important to offer more flexibility and “keep a company competitive.”

In terms of the financial impact of the COVID-19 pandemic, Voisin said companies may have to choose between investments to keep the company afloat and investing in security practices. “There will be a tension here, but I’ve had conversations with customers and they understand the need for security, and understand it is a requirement to sustain a long term business.”

Asked by Infosecurity if he had seen more companies deploy a Zero Trust approach since lockdown procedures began, Voisin said he had seen many companies “intensify what they are doing” and some were ahead of the curve, “but the people who had not done Zero Trust had started to do it slowly because they relied on a ‘VPN for everything approach’ to security and when they realized the limitations of VPN, they started to do Zero Trust.”

He said that, in some cases, people could not be armed with a laptop to work from home, and so had to use personal devices for work, “and we’ve seen adoption of Teams skyrocket, with 75 million unique users every day, so people are impacted by that and started to implement Zero Trust based on their situation.”

What’s Hot on Infosecurity Magazine?