IT security is constantly evolving as companies strive to keep up with increasingly sophisticated threats on the part of hackers—though this is not the sole objective of security.
When the way we work changes, IT security must accompany that change. A total transformation has taken place this year: employees have left the corporate building. Yet what does this mean for security?
Because employees are no longer working at a single central location, the attack surface has expanded. Many of these employees are using personal devices to do their work and using home networks to stay connected, making it difficult if not impossible for the IT department to control. As if that weren’t enough, many companies have chosen VPNs as a remote work strategy, despite the fact that it is neither the safest nor the most sustainable model in the long term. In cases in which employees have not received the tools they need to be productive, they have also relied on apps not approved by IT departments.
Since remote work represents the most extreme scenario for security, it requires a security model focused on every remote worker and based on Zero Trust. Zero Trust isn’t a product or a solution: it’s an architecture or framework that IT utilizes to provide safe access to all applications from any device, conducting a continuous trust assessment at each contact point. It is based on contextual awareness and relies on patterns like identity, time and device. This reinforces security, visibility and control while also giving users the option to choose between devices and apps without forfeiting productivity or experience.
As part of this model, it is necessary to conduct a comprehensive analysis focused on every aspect of access to applications and corporate data by every remote employee. In other words, it is necessary to decide how to trust each device, app, network and even user, treating them as separate but related entities. The premise of this model is not to trust but to authenticate and validate—only granting a user access to what he or she actually needs. Depending on the context, access-control tools may also prove useful to disable printing, copy-paste and screenshots. Finally, Zero Trust can give employees access to their apps and data within a safe workplace, thus providing more robust corporate security.
With an eye to a context in which every employee is working remotely, a Zero Trust model unquestionably allows us to optimize security in the most extreme scenario: insecure devices, places and networks that are off the radar of IT departments. We can thus guarantee security coverage for any other situation, raising standards for future scenarios like a return to offices.
The implementation of Zero Trust means rethinking how corporate information is accessed, auditing networks, and coming up with possible threat scenarios for a profound understanding of the company’s infrastructure and all possible vulnerabilities. Though this is no easy process, it is a savvy strategy in a work world where the playing rules have changed—and are unlikely to change back to the way they were.
Edward Rodriguez is the Vice President of Sales and General Manager of Citrix Canada, where he is dedicated to helping Canadian businesses realize a better way to work. With technical knowledge and forward-thinking vision developed over his 20-year career, Edward has refined his expertise in product sales and management, marketing and consulting services with a specific focus on cloud, mobility, virtualization and SaaS. Edward began his career in technical consulting, and in prior roles at Citrix, led teams that focused on emerging markets and channels and brought new products to market.