The rush to secure an expansive remote workforce may be over, and yet a CISO’s work is never done. Today, organizations are thinking about resiliency — and how to balance security and user productivity with cost efficiencies.
Although the future of the workplace is still uncertain, it is increasingly likely to include a large contingent of remote workers. In fact, organizations anticipate that up to 41% of their employees will permanently work remotely as of January, according to the CIO Pandemic Business Impact Survey.
So, CISOs must think in terms of securing workforces, workloads, and workplaces — no matter where they exist.
That’s where the Zero Trust approach can help. It’s a framework that provides seamless access to corporate resources, while protecting critical assets. At the most basic level, it’s about approaching security from the aspect of verification.
“The Zero Trust model is about verifying users, devices, and applications,” said Dave Lewis, an advisory CISO with Cisco. “You are verifying that the user and the asset or device they’re using are allowed to access the applications they’re connecting to.”
Adopting a Zero Trust approach provides a balance between security and usability. It establishes a framework that makes it harder for attackers to collect what they want — such as user credentials, network access, and the ability to move laterally. Meanwhile, users get a consistent and more productive security experience, regardless of where they’re located, which endpoints they’re using, or whether their applications are on-premises or in the cloud.
And critically, Zero Trust helps organizations gave visibility into security posture across the IT environment.
Do your homework first
The good news: “We have found that some organizations are actually a little further down the Zero Trust road than they might anticipate,” Lewis said. “They have asset inventories, and they have an understanding as to the user accounts within their organizations. So right there, they have a couple of the foundational elements towards a Zero Trust program.”
But if that isn’t the case, start rationalizing user and asset accounts. Lewis recounted an experience of finding 10 “super user” accounts for individuals no longer employed by the company. “One of those users had actually died and yet their account had been used subsequent to their death.”
That sort of vulnerability or gap must be closed before moving on to implementations like multifactor authentication (MFA).
“It’s an iterative process,” Lewis explained. “You have to understand what you’re trying to protect and what risks the business is willing to accept. Having user and device inventories allows you to springboard forward to strategies like MFA and micro-segmentation.”
Another important step: Tool rationalization. Especially as security budgets tighten, it makes sense to consolidate and use security solutions that seamlessly work across all the disparate parts of the organization.
“Rather than sacrificing security in order to save money, CISOs have to look at how to improve security and streamline processes,” Lewis said. “It’s a balance between reducing risks and costs while protecting assets.”
Taking the next step
Once you’ve done the homework and are ready to consolidate security solutions, seek a partner familiar with the value and foundations of Zero Trust. There are multiple considerations to factor in — from MFA and biometric access to application and network segmentation, and more.
That’s where Cisco, recently named a leader in the Forrester Wave™ Zero Trust eXtended Ecosystem Platform Partners, Q3 2020 report, can help.
“We have bench strength like nobody else,” Lewis said. “We recognize there is no one-size-fits-all approach with Zero Trust. Our expertise enables us to help organizations from the ground up, or if they’re more advanced, help them make progress toward a password-less future, for example.”
No matter where your organization is in terms of Zero Trust adoption, now is the right time to move the journey forward.
“In this pandemic world that we’re living in, we have the opportunity to streamline and make security seamless,” Lewis said. “Being able to verify who’s accessing what and where, these are definitely positives. We have the chance to democratize security — make it easy for individuals to get their jobs done while strengthening security effectiveness.”
Read more about Zero Trust and how its principles are baked in to Cisco’s core solutions.
Copyright © 2020 IDG Communications, Inc.