informa

Cybersecurity In-Depth

The Edge

Edge Chat With Cisco's Ash Devata on Hybrid Workforce and Zero Trust

Hybrid work is here to stay. The latest installment of Edge Chats focuses on how zero trust will ensure this new business model can keep organizations secure.

Much has changed for enterprise IT and security since the pandemic-related lockdowns began in March 2020. As employees shifted to working from home using different devices and new applications, the attack surface for organizations increased significantly -- while visibility decreased. In this latest Edge Chat, Ash Devata, vice president and general manager of Cisco Zero Trust and Duo Security, talks about how the zero-trust security model can enable the hybrid workforce. 

Traditional monitoring tools do not scale very well, Devata says. On top of that, enterprise IT teams have lost much control because it isn't possible to enforce all of their policies -- especially if the user is using a personal device. Looking ahead, the hybrid workforce will continue in some shape or form as some people go back to the office while others continue to work remotely. This means organizations will have to consider how to handle the higher risks. Zero trust provides a path forward.

"Some people like [the term zero trust], some people hate it, a bunch of people are in the middle. But the principles are extremely strong," Devata says.

Zero trust is a three-step process. The first step is verifying the user, device, location, and risk of granting access. If access is granted, the next step is providing the right level of privileges to complete the task -- no more, no less. And finally, there has to be a way to enforce these policies, Devata says.

Simplicity is a key message when talking about zero trust. If the end user is interacting with technology, the easiest workflow should be the most secure workflow, Devata says. Making it complicated is not going to translate to being the most secure. Similarly, the architecture should not be complicated; if there are many different components stitched together, something will slip through the cracks. Simplified architectures make it easier for IT and security administrators to see all the key components and what is happening.

"The No. 1 enemy in security is actually complexity. And the opposite of complexity is simplicity," Devata says.