Defending Your Remote Workforce with Zero Trust Security

By Raul Popa, CEO & Co-founder, TypingDNA

To truly understand zero trust, you must rethink your mindset of cyber security. For years, security teams followed a simple code: “Trust, but verify.“  But with zero trust, security is far less laid back — guided by a more skeptical philosophy of “Never trust. Always verify.”

The beauty of this security approach is how well it works in the new work-from-anywhere environment. Zero trust does not care if an employee is logging in from the office, at home, or from a local Starbucks — making it the ideal solution for defending the millions of employees now working remotely.

In this article, we’ll walk you through the basics of zero trust security, the key role of continuous authentication, and why zero trust is critical for protecting against today’s modern threats.

What is zero trust?

Simply put, zero trust functions on the philosophy that because attackers can live both inside and outside the network, no person should be fully trusted even if they’ve authenticated themselves at the front door with a username and password.

Zero Trust Architecture treats every user, device, and application as a potential threat to the company, limiting user access to only what is needed, and continuously searching for anomalous or suspicious activity — assuming that a breach is imminent or has likely already occurred.

A drastic change from the old model of “perimeter thinking” where users were typically only authenticated once to access the network. With zero trust there is no assumption that what was trusted to get into the network should be trusted to access everything that’s inside.

Let me paint you a scenario to illustrate why this concept is so important.Let’s say an attacker steals a user’s credentials and “legitimately” authenticates with their username and password. They get through the front door and discover a folder of highly sensitive corporate data, like source code, HR data, or internal emails — downloading its contents and threatening to expose it in a ransomware attack. To avoid this scenario, traditionally you have two moves:

• Force the user to re-authenticate every few minutes to ensure only legitimate users are accessing the network at all times. But this comes at a steep price: costing you money in lost productivity, and increased Help Desk calls — not to mention some pretty frustrated employees.
• Or, allow them to authenticate themselves seldomly, like once a day… which certainly makes for happier users, but leaves your company vulnerable to greater threats.

With a zero trust approach, you would apply a “never trust, always verify” approach — continuously checking the user’s access — even once they’ve authenticated at the front door. As a result, significantly reducing the chances of a data breach.

Continuous authentication: a key component of zero trust

A core part of the zero trust model is continuous authentication — the need to solve for what happens in-between security checks. This means that to achieve true zero trust, organizations must constantly authenticate user identities throughout a user’s entire engagement with a network, service, or device—rather than just once at login.

This is especially critical for remote workforces, where insider threats and negligent employee behavior present a real risk for companies when employees handle sensitive or privileged information in insecure work-from-anywhere environments. In just the last two years, there was a 44% increase in insider threats incidents.

It’s important to remember that insider threats include both malicious insiders who purposely steal data, money, or other assets, as well as negligent insiders — usually employees making a human error such as falling prey to a phishing attack or sharing their devices with an unauthorized user. These individuals can potentially misuse access to networks and assets to intentionally or unintentionally modify, delete, or disclose sensitive information. Organizations must take action to protect this sensitive data.

Device sharing maybe your company’s biggest threat

With millions of employees shifting to remote work at the start of the pandemic, an unexpected new threat entered the picture. Danger was no longer limited to hackers or external forces. The threat was inside, and company devices like laptops and desktops were now at risk of being accessed by family members living in the same household.

While sharing company devices with family members may seem innocent, ignorance can cause real harm. A single wrong click on a phishing link, or unauthorized access to sensitive company or customer data can lead to serious consequences.

Companies from highly regulated industries such as medical, finance, legal, customer service, and human resources have to follow strict standards to safeguard customer and company data. Protecting these endpoint devices is critical. Employers must find continuous authentication solutions that allow employees to constantly prove their identities throughout the day without it being a burden.

To achieve zero trust with a remote workforce, two core rules must be followed:

1. Identify the user before they enter the system with Multi Factor Authentication (MFA). Corporate Vice President Ann Johnson from Microsoft’s Cybersecurity Solutions Group said “The entire principle of zero trust is that you trust nothing. That’s the first thing that we tell organizations: they must use multi-factor authentication for 100% of employees 100% of the time. That is the first control to put in place as part of that Zero Trust architecture”.
2. Continuously authenticate the user throughout the day, especially when they’re accessing privileged data. If continuous authentication is added on top of the MFA-secured login process, it adds an even greater layer of security by continuously checking that the logged-in user is the one operating under granted access at all times — even in-between standard and front-door security checks. This way, even if the login is compromised, access to crucial information is denied by applying a second, continuous layer of secured authentication.

Can you afford not to have zero trust?

In a work-from-anywhere environment, company devices are more vulnerable than ever before. As millions of employees now work remotely, companies must make sure that only authorized users are accessing the company’s endpoints.

Any business which handles customer data on employees’ devices should be able to tell at any time throughout the day whether unauthorized users are accessing the company endpoints — with processes in place to flag suspicious behavior and take action.

Companies looking to protect against such insider attacks must limit privileges to internal structures and apply a zero trust policy where the identity of any actor can be verified at all times.

About the Author

Raul Popa is the CEO, Co-founder, and Data Scientist at TypingDNA — an award-winning cybersecurity startup that authenticates people by the way they type on computers and mobile devices. Typing biometrics technology is currently being used in our suite of Continuous Authentication and 2FA products. Raul and TypingDNA have won multiple awards and were featured in TechCrunch, Forbes, VentureBeat, TheNextWeb, ProductHunt, FinancialTimes, and other top publications. Raul was recognized in the Top 60 AI Influencers from Eastern Europe and was featured in the Top 100 New Europe list of influencers. As a tech innovator Raul speaks about AI, Biometrics, Identity Access Management and entrepreneurship at global events such as TEDx, Applied Machine Learning Days, World Summit AI, International Biometrics Summit, Future of AI (at European Parliament), How To Web, TechFest, any many others. Connect with Raul on LinkedIn and Twitter, or at https://www.typingdna.com/