IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The importance of a zero-trust model for hybrid working

How identity-based security solutions can help protect our dispersed workforces

Hybrid working is here to stay. The new flexible practices that have been adopted in the wake of the pandemic offer many benefits to workers and employers alike, promising a new work-life balance and a realignment to an outcomes-based model where results are prioritised over where and how the work gets done.

Okta’s The New Workplace Report found that 42% of workers want a mix of home- and office-based working, while 17% want to work from home permanently. 60% of workers also said that they would like to work in an asynchronous environment, where they are able to determine their preferred schedule too. The benefits of flexible working are clear to workers, and employers who want to remain competitive have to take these pressures into account, putting paid to any idea that we might all return to 9-to-5 office work.

But hybrid working brings challenges as well as benefits, and one of the most prominent is the impact that it has on security. Dispersed workforces have put new pressures on IT teams and security professionals, who can no longer exercise the same levels of rigid control and oversight they may have been used to when everyone worked from the office.

Fortunately, new zero-trust principles and identity and access management (IAM) technologies, offered by security specialists like Okta, are powering the shift to a new control plane that can protect your critical systems no matter where or how employees are accessing them.

Beyond the perimeter

Traditional office-based working models favoured a network-centric approach to security. With the majority of employees working on premises, the focus was on protecting the perimeter to prevent access to your network by cyber criminals. On-premises endpoints could conceivably be tracked and monitored, and if there were any issues or configuration problems, IT teams and other workers would likely be based in the same building, enabling easy communication and access to devices.

Hybrid working has changed all that. When the first lockdowns hit, suddenly entire workplaces were emptied, with employees having to access systems remotely through their own personal networks, whose security (or lack thereof) falls outside the control of IT teams. Bring-your-own-device (BYOD) practices, whether official or unsanctioned, meant that some devices were likely to be unsecured, too, and made it much more difficult to keep track of endpoints. With the cementing of hybrid working, these challenges will persist indefinitely.

With the perimeter fraying so drastically, it becomes much easier for cyber criminals to find ways to access business networks. Cyber attacks have boomed since the beginning of the pandemic, and the adage ‘it’s not a matter of if, but when’ applies more firmly than ever. For all these reasons, we are seeing a shift in focus from preventing cyber criminals from accessing networks to limiting what they are able to do once they get inside.

When it comes to accessing mission-critical apps and services, credential theft has become a focus of cyber criminals. The 2021 Verizon Data Breach Investigations Report found that stolen credentials were involved in 61% of breaches, with credentials compromised through various methods including brute force and also phishing attacks, the latter of which have continued to boom in recent years. The report found that 85% of social engineering breaches compromise at least some credentials as part of the attack. In systems with potentially hundreds or thousands of unsecured logins with access to critical data and applications, these are ripe for abuse by cyber criminals.

In this new environment, where endpoints are more difficult to secure, we need to shift away from a network-centric approach to security to a place where identity is the new control plane and criminals are prevented from leveraging credentials and trusted paths within our networks. But how can this be managed?

Identity-based solutions

Zero trust is a framework by which access to systems and resources is carefully monitored and controlled. Gartner defines zero-trust security as “never trust, always verify” – in other words, no one has blanket, permanent access that can be taken advantage of if their login credentials are compromised. Users are given the right access for the right length of time, so that IT teams can identify who is accessing what, and can be sure that bad actors are not able to lurk anonymously and indefinitely in these systems to steal data or in any other way compromise them.

As the importance of identity as a new control plane becomes clearer, solutions are emerging to help organisations enshrine zero trust in their operations. For instance, Okta’s IAM solution offers a centralised control plane where identity is a key component – while also focusing on keeping friction to a minimum. This is key – identity solutions that snarl up your day-to-day processes can end up replacing one issue with another. These will not be welcomed by your workforce, no matter how much they improve overall security, and can lead some workers to adopt counterproductive workarounds.

Okta’s IAM keeps the burden on IT teams to a minimum by centralising operations and oversight, and automating processes. It allows permissions to be granted for a set amount of time, tackling the risk of unsecured logins that could potentially end up granting unfettered access to cyber criminals. For users, it provides single sign-on and adaptive multi-factor authentication that makes the processing of requesting permissions and logging in as simple and secure as possible.

Remote working has put serious pressure on our endpoint security measures. With zero-trust solutions, organisations are able to empower their employees to work anytime, anywhere and from any device while remaining confident that access to critical systems is fully controlled and monitored.

Okta supports thousands of organisations to reduce IT admin, work faster and keep employees secure. Learn how leading companies have transitioned to a new workplace with Okta

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022