The COVID-19 pandemic has forced many organizations to adapt to unprecedented numbers of personnel working remotely. Rather than just a temporary deviation, this seems likely to persist, with a recent Microsoft survey finding that 73% of employees want to continue to work from home after the pandemic. However, this "new normal" creates a significant security problem where IT resources, usually accessible only within the organization's local areas network, or LAN, must now be made available remotely.
In many instances, LAN-based IT resources are available without any special authorization, as these resources can only be accessed within an organization's premises, using physically connected devices, by vetted personnel, working within a physical access-controlled boundary.
To some extent, organizations had already begun to extend these boundaries with on-premises Wi-Fi. Those with their own premises that include outside areas, such as car parking, could largely contain Wi-Fi access within their physical perimeter. Remote access changes the scenario drastically as the physical boundary disappears. Virtual private networks, or VPNs, the standard mechanism used to secure remote access, even when coupled with secondary authentication, cannot replace traditional physical access controls, and network security alone is no longer enough. Access to IT resources now requires a far more granular approach, and this is what Zero Trust is all about.
Zero Trust assumes that all networks, even internal firewalled networks, are insecure. Organizations must individually evaluate each online resource to assess its value, decide who should be allowed access and how access should be regulated. Of course, this does not mean organizations should abandon network security in favor of Zero Trust. Overall, security is strengthened with multiple layers of different types of protection.
Security needs to start fro ..
Support the originator by clicking the read the rest link below.
