It’s becoming clear that a significant number of workers will continue to work from home even as the economy fully opens. A report from Pew Research found that about half of those surveyed would like to stay remote, at least part-time, even after the pandemic, while analysts at Global Workplace Analytics forecast that 25 to 30 per cent of the workforce will be working multiple days at home each week by the end of 2021.
This rapid and often unplanned shift to remote work led to more home offices being connected to largely unsecured home networks. FortiGuard Labs research tracked a shift in attacks targeting consumer-grade routers and home IoT devices last year.
Of course, the trend to more complicated and more dispersed networks was already well underway. Critical resources and applications are now spread across data centres, distributed branch and home offices, and multi-cloud environments. The sprawling nature of modern networks means security strategies have to shift, and channel partners need to be ready to help their clients through the transition.
As planning shifts into 2022 and beyond, it’s important to focus your clients on approaches that not only maximize security, but also provide a resilient and productive network foundation.
Moats are for the dark ages
The idea of an impenetrable perimeter around the network is as outdated as the castle moat of yore. In 2020 the average time to identify a security breach was 207 days, according to a recent report, so it’s clear that traditional perimeter-based approaches to security are falling short. Because networks now have many edges, it’s difficult to create a single defensible boundary. The perimeter gets pretty thin when the edge constantly expands to include remote offices, bring-your-own-devices (BYOD), SaaS-based tools, voice over Internet Protocol (VoIP) video services, wireless access points, and IoT devices. Secure access and consistent policy enforcement is essential, but because the traditional network perimeter is dissolving, it is now far more difficult to tell who and what can be trusted, especially based on location. And each device or user that is automatically trusted has the potential to put data or intellectual property at risk.
Trust no one, trust nothing approach
For channel partners looking to offer their customers more flexibility and control, the time has to come to consider a Zero Trust Access (ZTA) strategy that includes Zero Trust Network Access (ZTNA) for remote access. Unlike a traditional approach that assumes that anyone or anything that passes network perimeter controls can be trusted, the zero trust security model takes the opposite approach. It assumes that every device is potentially infected and that any user is capable of compromising the network. Protecting the network means every employee, device, and web application must be identified and authenticated. Trust must be established through a mix of identity and context-based considerations. Only when a device or user is formally authorized as “trusted” are they assigned specific access privileges.
There’s an opportunity here for the channel: Despite the complexity of modern networks and increasing cyber threats, only 15 per cent of organizations have completed the transition to a zero-trust security model. This opens up a worthwhile conversation for partners.
Zero-trust requires an integrated approach
Implementing the zero trust model requires changes to process as well as the underlying hardware and software. At its core, zero trust is about identity and access management, and to implement it successfully, channel partners and IT teams must work to fully understand their organization’s intent-based segmentation so they can define users’ access based on business needs. Zero trust also operates under a “least access policy,” which limits what people can access to only those resources they really require.
To segment the network according to ZTA principles, managers need to know who and what is on the network. This process starts with user identification, either through single sign-on or multi-factor authentication. Network access control tools can automatically identify and profile devices as they connect and run vulnerability checks. Credentials are established on a user’s first entry to the network and as they move through the network. At the same time, machine learning and real-time monitoring identify any aberrant behavior.
Once strong authentication and network access controls are established, zero-trust can be applied for remote access using ZTNA, which reduces the reliance on VPNs as much.
Integrated security approaches using ZTA can help organizations shift from protecting perimeters to protecting data at every edge, user, system, device, and application. Channel partners can and should play a vital role in this transformation by helping customers recognize its many advantages.
Sean Campbell is Director Canadian Channels, Fortinet