By Stephen Helm, Product Marketing Manager, WatchGuard Technologies
Last year was a challenging year for IT teams, and tech workers will continue to feel the mounting burden of maintaining business continuity moving forward. In the early part of 2020, IT teams were stressed to the brink as they scrambled to help their organizations adapt to the realities of the COVID-19 pandemic. Digital transformation timelines accelerated and businesses entered a mode of “survive to thrive.” Many companies even opted to issue poorly secured devices or extend network access broadly with the goal of getting users productive as quickly as possible, while paying little regard to the security implications of those decisions.
Now, as the pandemic stretches on, 54% of IT teams find they are spending more time managing security threats and developing new security protocols than in previous years, according to a recent LogMeIn study. Further, 47% of IT teams now spend five to eight hours per day on IT security, up from just 35% in 2019. With IT teams already suffering from startling burnout levels, keeping up with this increased workload is as dangerous as it is unsustainable. In fact, a study from the U.S. Department of Defense found that the vigilance required to maintain cyber security is consistent with that of professionals in sectors such as air traffic control, industrial process control, and medical monitoring.
Most businesses build their security posture layer by layer as their needs change over time, while relying on disparate security tools and manual processes to keep things operational. This leads to unnecessarily complex security operations and poor security efficacy overall. It also increases the risks of employee burnout by increasing the workloads of IT teams that are already overwhelmed and under-resourced.
The Zero Trust framework offers a clear path IT professionals can use to simplify security delivery in the face of all this chaos and complexity. While a traditional network is built around the idea of inherent trust, Zero Trust takes a “never trust, always verify” approach to security – one that uses multiple, integrated layers of protection to prevent threats, block lateral movement and enforce granular user-access controls. What does this look like in practice? Let’s take a closer look at three areas where Zero Trust helps to streamline security management, and make IT teams’ lives easier as a result.
- Limit access to systems and applications, by default. A core tenet of a Zero Trust approach to security, access management provides centralized oversight across all common IT systems while limiting access to specific users, devices or applications. This mitigates the threat of unauthorized access, which could give attackers access to sensitive areas of your network, while giving teams complete control over access privileges. At the same time, single sign-on (SSO) technologies, combined with multi-factor authentication (MFA), improves access security. It also minimizes the password burden on users by allowing them to log in just once to access their applications from a central point. Given the average user has around 70-80 passwords (and spends an average of 7-12 hours a year trying to remember and/or reset them), minimizing the number of times they have to enter their credentials can be a significant time saver.
- Pinpoint who and what is connecting to the business network. MFA is one of the cornerstones of good security and a key component of the Zero Trust framework. MFA technology both facilitates secure authentication by requiring three factors for approval (something you know, something you have, and something you are) and empowers users to manage their own security by allowing for complete, centralized credential management. Cloud-based approaches to MFA make it possible for users to securely log in by simply downloading an application to their smartphone without needing hands-on IT involvement. Organizations that provide both online and offline authentication options enable authorized users to access what they need, when they need it, without a call to the help desk. Once a daunting technology for the average user (and for some IT teams), MFA is now commonly offered to consumers by social media sites, banks, retailers, and more.
- Single out threats earlier. Employees stuck at home will undoubtedly use company laptops issued for remote work to conduct personal email checks and web surfing. Keeping users safe from phishing attacks and drive-by downloads as they navigate the internet (for whatever reason) is more difficult when they’re connecting from outside the network perimeter. The Zero Trust framework assumes that malware has compromised every device trying to connect to the network. So, by constantly monitoring endpoint devices for signs of attack, IT staff are no longer at the mercy of regularly scheduled scans or timely signature updates when it comes to detecting threats. As part of this integrated approach, infected devices are prevented from connecting to the network entirely, and automatically.
Although remote work can provide many business and personal benefits, we must also weigh them against the real consequences. According to one survey from staffing firm Robert Half, 55% of employees who have transitioned to remote work say they have been logging in on weekends, while 34% find themselves working more than eight hours a day. The IT teams providing support behind the scenes were already working overtime, and now they support a workforce scattered across home offices, working at all hours of the day, on non-secure networks. The stress is real. While deploying a Zero Trust framework may seem like a complex process, the outcome is a stronger security posture that is dramatically easier to manage.
About the Author
Stephen Helm is a Product Marketing Manager responsible for Network Security at WatchGuard Technologies. Prior to WatchGuard, Stephen held product marketing roles for the Cryptographic Management division of SafeNet (now Gemalto). He has over a decade of experience in cyber security and holds a degree in Mass Communications from Towson University.