As we look to reopen the economy, a lot of muscle memory will have to be relearned. The old way of doing things isn't going to make it in the post-COVID-19 world. Too much is on the line, for both employees and customers. Everything is being reconsidered, from entry procedures to foot traffic and flow, to capacity, back-end and front-end processes, online customer service, social distancing, and cleaning.
COVID-19 is an unprecedented challenge for IT departments too. Facing lockdowns and quarantines, organizations are rethinking how they rushed thousands of new users, both insiders and third parties, onto enterprise networks to access critical private applications. In many cases, enterprises also are adding new applications to facilitate online transactions and drive-by service in an effort to deliver contactless customer service. During this crisis, speed and agility were what mattered, and now safety and security are driving the decision-making.
To connect a specific user with a specific set of apps, traditional approaches transport the user all the way to the doorstep of the app with a dedicated tunnel — a VPN. VPNs are permissive, difficult to configure, complicated to manage, and extremely fragile. One slight change in location, device, or operating system and the whole tunnel must be rebuilt from scratch. With a small number of users, devices, and private apps, this is somewhat manageable. But when COVID-19 hit and countless apps, users, devices, and locations needed instant access, it became absolute madness.
How can something so vital to business operations, accessing our own apps, still be so complicated?
Whenever the health crisis of COVID-19 subsides, IT organizations should take the time to rethink how they deliver enterprisewide application access. Crises tend to reveal underlying cracks in an organization. In the case of traditional application access solutions, the pandemic has revealed operational and security issues that are clearly not aligned with digital transformation, the user experience, or the future of work.
Ease of Use Matters
Operational challenges are one of the most persistent challenges that IT teams face. The complexity of multicloud network infrastructure and applications today has led to a tool for every problem. Traditional access solutions have proven to be difficult to deploy and operate. They require new licenses to scale and time-consuming network changes to onboard new users. Post-COVID, we won't have time for that.
What About Zero Trust?
Solutions like VPNs provide too much access, taking the opposite of a zero-trust approach. Users need to be tightly managed, monitored, and controlled. They should not be free to roam once they have gained access. But it is clear that we are largely flying blind, and need better visibility and control not only over user access but each individual request.
The security weaknesses of traditional approaches can no longer be ignored. Why are we bringing users on to the network at all? Why are we exposing users to insecure legacy apps?
Here are three considerations for enterprise IT teams to reopen and reimagine enterprise application access, transforming vulnerable apps and networks into zero-trust resources.
- Leverage the cloud to isolate the apps completely from the network, making frontal attacks virtually impossible.
- Enable continuously monitored, recorded, and controlled zero-trust user access. No more binary decisions at the beginning of the session and free range thereafter. Continuously evaluate user access according to threats and user behavior. No more implicit trust. Application access should be zero trust.
- Centralize the access policy and management control of all applications. Ease of use matters.
COVID-19 exposed a lot of weaknesses in the way we enable application access for employees, partners, and third parties. This pain was felt across the board, by executives who wondered about productivity and by users who worried about rationed access. This was felt by IT teams that had to deal with network changes, hardware licensing, and a host of other headaches. Applications remain the lifeblood of business, and employee and third-party access is an issue that is not going away in the new work-from-anywhere world.
Not every change to the way we do business after this crisis will be welcome or particularly helpful. That said, we have learned many lessons during this period of significant business disruption. Access to applications, the foundational tools of business, was put to the test. New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. That's a change worth making.
- Latest Security News & Commentary About COVID-19
- How Cybersecurity Incident Response Programs Work (and Why Some Don't)
- 7 Tips for Employers Navigating Remote Recruitment
- Collaboration Undermined When Security Teams Work Remotely, Some Argue