Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
How Do I Empower a Remote Workforce Without Compromising Security?
To transition to a zero-trust architecture, focus on doing the things that offer the most value.
Question: How can I empower a remote workforce without compromising security or productivity? How do I begin to transition to a zero-trust architecture?
Ash Devata, general manager, Cisco Zero Trust and Duo Security: The transition to a zero-trust architecture is a multiyear journey. We recommend that organizations scope through the phases of a journey and then integrate that scope into the organization’s zero-trust architecture. Starting with a strong maturity model, first establish user trust by verifying users with strong authentication using a passwordless or biometric indicator unique to them. Second, determine device and activity visibility, verifying user devices any time a user tries to login to an application. Third, device trust should be the focus, with limited access to apps or only segments of the network with zero-trust proxies or network segmentation. Fourth, adopting a fully adaptive set of policies for workforce and workloads together is the end state.
Making the transition to a zero-trust architecture should focus on doing what offers your organization the most value. Reducing the attack surface is your main objective. As an example, you may already have multifactor authentication (MFA) for 80% of your users and require it for 60% of your apps; now you can work toward expanding that to 100% for both.
A zero-trust model can help you with a remote workforce because it doesn’t distinguish a remote employee from an employee in the office. You always do the right and same verification, regardless of where the employee resides. In this regard, it is the simplicity of the solution that is the genius behind the function.
Reducing friction for the end user at any point you can is extremely important. Going VPN-less for apps inside the environment helps keep end user friction low. This means the user can just log into a corporate application the way they log into popular consumer applications, like Facebook or Twitter. We always recommend SSO and adaptive policies to eliminate friction for users without compromising on security. And you should have SSO for all applications, passwordless, and VPN-less remote access, which is easier for the end user, reduces overall friction, and increases access.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024