Zero Trust In (remote) Access

Uploaded on 2023-01-10 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The increasing number of cyberattacks on remote infrastructures has shown that remote access requires a new approach to security: "Zero Trust". In this approach, the security system does not trust anyone who does not verify themselves - neither users nor devices known or unknown.

While this introduces some extra friction in the security process, workflow disruptions can be minimised and the benefits are well worth it. Zero trust also offers small companies the level of security and peace-of-mind of large enterprises. 

Remote work has brought many benefits to employees. They can better balance work and private life, long commutes are eliminated, and colleagues are less distracting from work. Nevertheless, there are also negative aspects that threaten corporate security in particular. After all, remote access or even Bring Your Own Device (BYOD) offer large attack surfaces for cyber criminals. According to research, the number of cyber attacks more than doubled during the pandemic, and the biggest problem, is that employees are increasingly using their company computers for personal use, but also sometimes need to use personal devices for work. This is "threatening the existence" of one in four companies. 

Small and medium-sized enterprises (SMEs) in particular often have a hard time. They have few financial and human resources to manage their IT infrastructure, but are exposed to the same threats as larger companies.

A company with under 100 employees may have only one IT manager, making it is difficult to keep the IT landscape up to date in terms of security. The increasing security requirements usually leave them too little time to monitor all remote accesses. A large proportion of IT staff (76 percent) confirmed to GoTo in a survey that their workload has increased due to flexible working models and that their work has become more difficult (43 percent).

Trust Is Good, Control Is Better

Classic security approaches act in such a way that they trust every known user who legitimately logs into the network with the correct log-in information. They only assess external data traffic as dangerous. But phishing attacks, social engineering, or exploiting vulnerabilities also give cybercriminals access to login information, so the perimeter-based approach no longer works.

Modern tools, on the other hand, have a zero trust architecture. They enable even smaller companies to implement security features that are standard in large corporations. The concept is based on the principle of not trusting any device, user or service that is not sufficiently verified. This also applies to users and devices already known within the company's own network. Every single access to company data and applications is checked again. To this end, security managers use Software Defined Perimeter (SDP) to secure network access and connections according to the need-to-know principle.

In doing so, they grant access authorisations only if they are required for the user's pending task. This means that it is always possible to track who is accessing what information, when, and how they are using it.

With zero trust, the key is that only when an IT administrator digitally releases access does the server issue the release to the user's laptop. So it is still a human, not a computer, who decides who gets remote access and application or file shares. 

Security Up To The Network Edge

Implementing a zero trust model initially does introduce a bit of friction. Applications, devices and users must be recorded and their authentication processes defined. And IT professionals must implement systems both at the network perimeter and within the network that analyse traffic, validate requests and monitor all actions in log files. However, it also enhances security by several orders of magnitude, making it well worth it — especially since system updates may occur only once a month.

Certain Zero Trust capabilities such as identity management, access control, two-factor authentication, network segmentation, as well as policy management are already built into many modern tools. But there is a need to implement all aspects of zero trust in a comprehensive, integrated, scalable, and policy-driven manner. 

Easy Handling For Reduced IT Effort

Since IT managers have to keep many aspects of IT security in mind, it is crucial not only to use tools with the highest security features, they must also be easy to use. This ensures greater employee acceptance of the zero trust model. Most of the features of modern zero trust solutions take place in the background and are not visible to the user. All they have to do is have their login data ready. If the user logs in and is verified via digital certificates and multi-factor authentication, the password hurdle is also eliminated on the user side.

Zero trust solutions stand for security and reliability. For SMBs in particular, they are an important partner in terms of security, compensating for limited IT resources while still allowing employees to work remotely and securely access applications and data from there.

With zero trust as a central component of a remote support tool, criminals are prevented from exploiting remote support tools, for example, as a gateway to introduce malware into customers' end devices. This means that even small companies benefit from a high level of security and scalability and can offer an intuitive remote user experience. 

Paddy Srinivasan Is Chief Executive Officer at GoTo

You Might Also Read: 

PAM, IAM, Or Both?:

_________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Chinese Spy Device Found Hidden In British Government Car
Crypto Currency: From Bitcoin to Blockchain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Noventiq

Noventiq

Noventiq (the brandname of Softline Holding plc) is a leading global solutions and services provider in digital transformation and cybersecurity.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

RecoLabs (Reco)

RecoLabs (Reco)

Reco empowers organizations to discover their SaaS applications, identities, and data, control access and prevent the risk of exposure.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

InnovateHer

InnovateHer

At InnovateHer, our vision is to make the tech sector more equitable, by increasing diversity across the spectrum and creating more inclusive workplaces.

Bureau

Bureau

Bureau is a no-code, identity decisioning platform that offers businesses the complete range of risk, compliance and ongoing fraud monitoring solutions innovated with AI.

CRYPTIQ

CRYPTIQ

CRYPTIQ empowers businesses to navigate the ever-evolving cybersecurity landscape with confidence and clarity.

Corporater

Corporater

Corporater provides organizations with integrated solutions for managing governance, performance, risk, and compliance built on a single platform.