BC Business
Sponsored Content
After more than 20 months of remote working, businesses are looking forward to a return to the office. But, for most, some form of hybrid work model is here to stay.
The ability to work from anywhere does have advantages. It enables business continuity, which enhances organizational resilience. It also appeals to many employees. In a recent survey, KPMG found that 63 per cent of Canadian workers want to return to a physical workspace, yet three-quarters wish for a hybrid model with the flexibility to work remotely.
As hybrid work models become entrenched in the day-to-day operations of businesses in every sector, business leaders and CIOs should be thinking long-term by anticipating how to secure the network to meet the needs of all employees, regardless of the location from which they are working.
Trust matters
Enabling employees with the flexibility to move between different work environments has implications for both user experience and security. How security solutions and enforcement operate in these different environments can sometimes be inconsistent, leading to reduced visibility and control—and more exploitable security gaps. For example, unsecured home networks connecting to corporate networks via VPN create an attractive target for cybercriminals—one they have been quick to exploit throughout the pandemic.
As a result, more security professionals are moving to modern endpoint security solutions and embracing a zero trust access (ZTA) model. Zero trust means just that—trust no one and no device without first verifying it through multi-factor authentication—not just once, but for every session. It is a mindset that assumes every device is potentially infected and every connection a potential threat, regardless of whether it is connecting from within the network or remotely.
Control the network
Endpoint security solutions need to provide better visibility into devices and their state, strong protection measures, remote monitoring tools, and more. And user identity, job function, and authentication are all critical elements of zero trust. Together, they help identify the level of network access a user should be given based on their role.
So, what can organizations do right now to begin the transition to zero trust?
Knowing what is on your network is a good first step. Network access controls (NAC) can help organizations find, identify, and evaluate the risk of any device already on or seeking access to the network. It is also important to define user roles and access policies.
Another early step is to address authentication by adding or modifying firewalls at the network edge to shift from one-time authentication to authenticating at every session. Adding more segmentation firewalls can also help better define access zones within the network to protect sensitive resources. Newer firewalls also offer built-in zero trust network access (ZTNA) to extend secure access controls to critical applications for any device or user, regardless of where they are accessing it from.
Solutions not “fixes”
Before adding to your network, make sure that you are building resilience and flexibility, not creating more problems down the line. During the pandemic, many organizations found themselves scrambling to accommodate remote working. As organizations begin supporting hybrid working models, it is imperative that investments focus on holistic solutions and not the quick fixes needed at the start of the pandemic. Every organization’s goal should be to create a dynamic and scalable network equipped to adapt to any need or demand.
Just as employees value the flexibility of a hybrid work model, businesses will appreciate the flexibility of a universal network platform, especially as they adopt a zero trust mindset. With no barriers to visibility and better control over who can access what, no matter where they are located, networks can quickly adapt to changing requirements, adding to security preparedness and organizational resiliency. And that is a good investment for any organization.
Author Nick Alevetsovitis is VP of Canada Enterprise and Commercial Business at Fortinet