Zero Trust will be the New Normal
As the world fitfully rebounds from the recent Covid-19 pandemic, both our personal and professional lives will be altered. A recent survey by Gartner * revealed that 74% of CFOs and Finance leaders said they will move at least 5% of their previously on-site workforce to permanently remote positions post Covid-19.
The Office will no longer be the same
Organizations will evaluate rent costs, health risks, and productivity benefits in the new environment. Some office space will be released. For those who do return, changes will probably begin with staggered shifts to avoid crowding. Workers might take turns working alternate days. Cubicles will probably make a comeback. These changes will be a catalyst for making even bigger changes to centuries-old business practices.
At Google and Facebook, employees will be able to work from home until the end of the year. Other companies have realized they don’t need offices at all. They find that they can draw from a larger pool of candidates than they could locally. This of course reduces employee costs, since they would no longer require large salaries to offset expensive housing costs in cities such as San Francisco.
Not all companies can go remote, especially those with thousands of employees. Employees such as customer support staff typically need more resources than would be available at home, but the office as we know it is changing dramatically.
Organizations have to rethink about data security
With the inevitable changes, IT resources will be taxed to keep up with the demand, and especially in digital security. The office is no longer a fixed location, but a combination of variable entry points into a common repository and set of tools.
Office data is portable, and so like any valuable, you need to protect it when you move about. The new reality, however, is that people are the perimeter, and they are mobile. Allowing a remote workforce without adequate security policies opens the door for cyber-attacks. Network-based security is no longer adequate today – Organizations must find new ways to effectively manage security.
Today’s security approach must shift from unconditional confidence in users to zero trust fundamentals. A zero trust model relies on contextual awareness to adaptively grant access to authorized users using patterns based on identity, time, and device posture.
This tightens the reins on access security while giving users their choice of devices and access. Zero Trust along with Multi-factor Authentication, has become the new normal.
Zero Trust becomes the new security mindset
Zero Trust isn’t any specific technology but rather a security strategy. It requires a significant mindset shift. Since it’s a philosophy that defines your whole approach, implementation requires multiple technologies working together.
Implementing a true Zero Trust model requires that all components—user identity, device, network, and applications—be validated and proven trustworthy. Zero Trust verifies identity and device health before granting access to corporate resources.
When access is granted, applying the principle of least privilege limits user access to only those resources that are explicitly authorized for each user, thus reducing the risk of lateral movement within the environment. In an ideal Zero Trust environment, the following four elements are necessary:
- Strong identity authentication everywhere (user verification via authentication)
- Devices are enrolled in device management and their health is validated
- Least-privilege user rights (access is limited to only what is needed)
- The health of services is verified (future goal)
Software and cloud service providers like Microsoft are taking a structured approach toward Zero Trust implementation that will span many years. The first phases are in progress. Identity authentication is being improved with dual authentication, and you may now be experiencing the two-step login regularly.
Existing software applications can be improved to implement “Least-privilege user rights” (access is limited to only what is needed). These changes are application-specific, so they will require specialized development.
To meet this need quickly, SECUDE has partnered with Microsoft and SAP to provide zero trust security for data extracted from SAP systems. SECUDE’s HALOCORE provides this control. Before this initiative, data was trusted for all purposes to any user who had access to it. With the SAP GUI interface, data could be downloaded to the user’s desktop from where it became uncontrolled.
Similarly, CAD (Computer-Aided Design) software used in almost all manufacturing and design businesses does not currently have built-in zero-trust security. Data files are often shared between businesses with an implicit (but not guaranteed) security control.
Designs may be stolen or copied fairly easily. SECUDE’s HALOCAD package provides add-in software to the major CAD vendor’s products so that they are compliant with zero trust methodology.
These capabilities from SECUDE provide an immediate step forward into Zero Trust security with existing software systems and applications.
To learn more about how we can help with your Zero Trust Implementation, contact me at