Key Zero Trust Practices for a Cyber-Secure Hybrid Workforce

Written by

As organizations face a future of hybrid workforces, their security challenges become greater. People, data and devices will increasingly become more widely distributed and more varied, and it will be harder to ensure proper security management. In addition, incalculable data and collaboration assets are moving up and down from the cloud between offices and off-site locations. Organizations should prioritize zero trust practices to secure their data and assets from the many components of their hybrid workplaces and workforces.

Understand the Concept of Zero Trust

Zero trust has gone from a “buzz word” to a “must-have” in a very short time, accelerated by the sudden shift to workforces operating on home networks due to the incredibly rapid effects of COVID-19 on businesses. Zero trust is also known as “perimeter-less” cybersecurity. The overall premise is “Trust No One (without repeated verification),” including the users and the devices connecting to your organization’s network. Trust by default must be relegated to one of those pre-COVID behaviors that we look back on with nostalgia. Devices must be verified for compliance with security policies, including patch currency and anti-virus/EDR status, every time they access the corporate network. Users must be authenticated when they access the corporate network and every time they access assets on that network (including travel booking, HR applications and development environments, for example). Combining device integrity and health checks plus user authentication in this way offers enhanced protection for businesses.

Implement Zero Trust 

Regardless of the rigor of the access, zero trust of employees’ laptops is warranted. It is reasonable to assume that there have been attempts to compromise employees’ laptops and even that malware has been installed (unintentionally) on these devices. While some things can be taught, like applying patches promptly and avoiding downloading strange code, some things will be learned the hard way. There always will be some employees who click on strange links or who download questionable games that are potential points of exposure – especially if their work laptop is also their personal one. Organizations can help drive the integrity of their environment through zero trust solutions: if you can’t get on the network because your machine is not patched, or doesn’t have anti-virus, or does have a virus, employees will learn how to manage their devices to support a zero trust policy.

"Organizations can help drive the integrity of their environment through zero trust solutions..."

Once on the network, zero trust solutions ensure that employees have to (re-)authenticate to access the zero trust protected applications that they need to use. Just being on the network itself is not enough to yield access to the corporate directory, corporate wiki or web pages or customer relationship management applications. Employees have to re-authenticate to prove they are who they say they are and ensure that they have the access privileges required to access a given application.

That said, what happens when hybrid employees need to authenticate to a third-party SaaS application, such as a CRM or a travel booking tool, to do their job? Is authenticating to those third-party applications cyber-safe? Before the pandemic, the answer was “of course.” Now, however, we need to ask if those third-party applications also have a robust zero trust environment that prevents unauthorized users from gaining access to their production environment and whatever data you need to transmit or exchange. That is, does, or how does, your zero trust environment expand into your partner’s zero trust environment? Unquestionably, this is when tech companies, especially, need to demand more from each other – to demand that everyone in this environment operates under a zero trust umbrella.

Provide a Secure Unified Collaboration Application as the Best Way to Manage Your Hybrid Workforce

It goes without saying that there is no secure way for a distributed workforce to do business in unsecured apps like iMessage. Yet, we’ve all heard the stories of employees who have turned networks upside-down for days because of such human errors. This is why providing a genuinely secure UCaaS application with conveniences like chat built-in is mission-critical. While employees may end up being cavalier about their personal cybersecurity when accessing those same devices for purposes of living their out-of-work lives, the only sure way to make sure that those often more-lenient decisions do not come back to haunt businesses is through the provision of tools that account for such human errors when accessing work. By providing a UCaaS application that has the highest level of zero trust cybersecurity, your organization’s data can be kept safe as best as possible. 

What’s hot on Infosecurity Magazine?