#HowTo: Secure Distributed Infrastructures

Written by

Despite there being much hype since the remote work shift, ‘work from anywhere’ hasn’t actually introduced any new security threats. Instead, it has meant continuing to tackle the ones that we already know about, now with a dispersed workforce.

The problem today, however, is that communication paths — and with them, the paths of data traffic — often lie outside of the corporate network. As such, they are extremely difficult to secure, at least with traditional tools. 

That’s why organizations need to complement the new normal of work with a new normal of security. As a starting point, CISOs and their teams should pay particular attention to the following six areas, all of which are critical to protecting distributed infrastructures.

Least Privilege and Zero Trust

In modern work-from-anywhere infrastructures, employees are increasingly working outside the secure ‘castle walls’ of a corporate network. As such, it no longer makes sense to secure resource access at the network level. 

Instead, security teams should focus on the application level and follow the ‘least privilege’ principle — restricting access for end users tailored to their respective roles and context of use.

In addition, taking a ‘zero trust’ approach means the security infrastructure does not simply trust a user after a successful login. It also continuously monitors the device behavior, as well as the activities of the user account that is logged in. In distributed environments, this ongoing monitoring is ideally implemented in the cloud.

AI-based Monitoring

In the past, businesses invested heavily in prevention but too little in timely defense against ongoing attacks. So, today, we must rebalance our defenses. This means near-real-time monitoring of what is happening in the network. 

However, basic endpoint and user behavior monitoring won’t spot all those attacks if they simply check the conformity of an access request with a pre-defined user profile. Rather, it is important to continuously compare current events with the historical behavior patterns of a user. 

This is where AI and machine learning (ML) can flex their muscles: ML-based security monitoring software automatically abstracts the usual end user behavior from the data collected during a learning phase, issuing an automatic warning as soon as deviations from the automatically determined baseline indicate suspicious behavior.

Secure Access Service Edge

In a remote work scenario, rather than all traffic passing through the central security infrastructure at the corporate data center, the network should select the best path. 

SD-WAN automatically determines the optimal access path, taking into account types of applications such as video conferencing. If a company obtains the security and network services such as SD-WAN from the cloud, Gartner refers to this as "SASE" (Secure Access Service Edge). 

The transition to SASE is likely to take some time in the European market. But the more cloud services a company procures, the more reasonable it is to rely on SASE to secure the hybrid multi-cloud environment. Some early-adopter companies have already taken the first steps toward SASE, and the approach is sure to gain widespread traction in the years to come.

Applications and Cloud Services

Applications and cloud security must, and will, remain a top priority for security teams. This will increasingly involve defending against targeted hacking, application-level DDoS attacks and also attacks that target the programming interfaces of web applications and cloud services.

Web Application and API Protection (WAAP) solutions and Application Delivery Controllers (ADCs) are deployed for these purposes.

As part of their digitization strategies, more and more companies are developing new applications as cloud-native applications; that is, container workloads with Kubernetes orchestration. Therefore, in the modern hybrid multi-cloud world, WAAP solutions and ADCs must also be available in containerized form to integrate these new enterprise cloud infrastructures.

Multi-factor Authentication

With billions of username and password combinations circulating on the dark web, traditional methods of authentication are anything but secure. This is why the future belongs to multi-factor authentication via tokens, soft tokens or biometrics — or even password-free, biometric-based access via fingerprint, facial recognition, etc., which many users already know from their smartphones. 

To free end users as much as possible from tedious security tasks, their digital workspaces should come with single sign-on so that users can access all business applications and cloud services via this single (secure) point of access. In the future, modern access protection mechanisms will not only make access more secure by design but will also reduce stress among employees and speed up workflows.


The new normal of distributed work increases demand for responsible, security-aware end user behavior. After all, workers are on their own in the home office, without the option of a warning from the colleague at the next desk. At the same time, mobile end users are often distracted by their surroundings when on the move, making them even more vulnerable. 

Security awareness needs to be given greater weight in companies' security strategies in the future. It will be important to continually warn end users about risky behavior during their everyday work with digital workspaces but unobtrusively to avoid provoking backlash effects. 

Bottom line: The future of distributed work is the digital workspace with integrated security functionality. It must include secure access via MFA/biometrics as well as protection of application and cloud usage via zero trust, SASE and AI-based monitoring.

What’s hot on Infosecurity Magazine?