The rapid expansion of remote work due to the pandemic has forever changed the face of enterprise cyber security, and the effects are still rippling across the business landscape. Even as users return to the office, we’ll still need to secure a sizeable work-from-anywhere (WFA) population.
This new hybrid workforce is here to stay: some people work remotely, some go into the office, and some toggle between the two as needs dictate. As a result, there is no better time than now to implement a zero trust strategy.
A rebalancing act
The massive move to WFA during the pandemic eroded the foundations of network-centric, castle-and-moat legacy architecture through shifting patterns and sheer volumes of traffic. To compensate, many organisations invested heavily in virtual private network (VPN) technology. As users return to the office, those same VPNs are over-provisioned, depreciating in value, and don’t support ongoing network and security transformation. VPNs lack the necessary flexibility to follow users, devices, and applications to new virtual perimeters. The net is that security costs and complexity increased, but granular visibility didn’t.
Forward-looking IT teams, in turn, are seizing the opportunity to overcome the challenges of VPNs by turning to new cloud-native secure access solutions to help drive innovation both within IT and for the business.
Modern cloud-native security solutions extend zero trust principles to enable and secure WFA access to applications, without requiring public exposure or complex network segmentation. Security, simplicity, and user experience go hand-in-hand in this new model, which allows for seamless access across all the permutations of the hybrid workforce.
Regaining your footing with zero trust
Zero trust initially envisioned context-based controls for least-privilege access for on-premise users accessing internally hosted apps. But as the pandemic demonstrated, IT teams also require a solution that offers seamless access for remote workers. By extending these tenets to the new hybrid workforce, IT teams can provide secure access to any application or asset without publicly exposing the application, asset, or even the infrastructure that supports access. A zero trust architecture provides security, granularity, and visibility no matter where users, applications, or assets live.
At Zscaler, our cloud-delivered zero trust solution, Zscaler Private Access (ZPA), allows IT teams to deliver a consistent, frictionless user experience for employees, third parties, and B2B communication. Access is seamless regardless of whether the user is “off-network” or “on-network”—the network doesn’t matter anymore. The policy environment is simplified, becoming user- and app-centric rather than network-centric, and consistent across cloud and data centre application environments. Granular policies for context-based access ensure least-privileged connections, combining user and device attributes to permit access only by authorised users on compliant devices.
Since zero trust connects users to specific applications rather than allowing endpoints access to the entire network, yesterday’s “virtual private network” evolves into today’s secure access service edge (SASE). Public service edges provide transport to remote applications, while private service edges support local and on-premises access. Furthermore, while ZPA connects users to an enterprise’s internal applications, Zscaler Internet Access (ZIA) connects users to internet and SaaS applications on the internet. Backhauling everyone’s traffic to a few internet egress points just to send it through a stack of security appliances no longer makes sense: WFA users can leverage the same Zscaler Zero Trust Exchange and access public resources via direct internet connections protected by ZIA.
Application of the fundamental zero trust principles of context-based, least-privileged access beyond their initial narrow scope of on-premises users connecting to internally hosted applications is on the rise. Protection of outbound as well as inbound traffic, identity-based access controls for machine-to-machine as well as user-to-machine traffic, and integration of additional context all combine to offer more granular and adaptive access decisions.
But nobody does this overnight. Solutions need to work seamlessly across hybrid use cases to protect both legacy resources and infrastructures as well as modernised workflows.
The path forward
The past year rapidly accelerated existing cloud migration and remote work trends. Traditional security models struggled to accommodate the huge change in traffic flows when the global digital workforce went home en masse. Companies that had already embraced digital transformation absorbed the change and adapted more easily. In the space of a couple of months, we helped many companies use zero trust to transition their entire workforce to WFA.
Now we have the luxury of thinking and planning more strategically for how to best support the evolving hybrid workforce post-pandemic. A continuing theme in 2021 will be the importance of flexible, resilient solutions that adapt to ongoing change. It’s time to seize the zero trust moment! Modern cloud-delivered zero trust architectures apply security functions consistently across an ever-evolving landscape, and will remain a critical component to accommodating and securing the new hybrid workforce.