Skip to content

Consumer Electronics Net

Primary Menu

Consumer Electronics Net

  • Home
  • Feature
  • Managing the Data Security Risks of Telework with Zero Trust and SASE
  • Covid
  • Feature
  • Telework

Managing the Data Security Risks of Telework with Zero Trust and SASE

October 30, 2020

In the wake of COVID-19, many organizations have switched to a mostly or wholly remote workforce. This was necessary to ensure that businesses could continue to operate while keeping employees safe and complying with quarantine and shelter in place orders.

In many cases, companies were unprepared to support a primarily remote workforce. Few companies were fully remote and many had no existing telework program. This meant that the organizations lacked the resources and experience required to work remotely both effectively and securely.

Under ideal circumstances, remote workers introduce unique cybersecurity threats, and COVID-19 circumstances are far from ideal. As companies consider extended support for telework, it is necessary to implement a zero trust architecture to minimize and manage the cyber risks of a remote workforce.

Employees Use Personal Devices When Working

The COVID-19 pandemic and the resulting switch to telework caught many organizations unprepared. Many companies were accustomed to their employees working on-site and lacked sufficient company-owned devices to send one home with every remote employee.

As a result, over a third of employees are still working from personal devices. To do their jobs, this means that these employees are accessing sensitive company and customer data on devices that lie completely outside of the organization’s control.

The use of personal devices for telework introduces a number of new cybersecurity risks for an organization, such as:

  • Lack of Cybersecurity Protection: Employees’ computers in the office are likely running the corporate antivirus and potentially other cybersecurity solutions. This helps to identify and remediate malware and other infections on these devices. However, personal computers are unlikely to be running the corporate antivirus, leaving them more exposed to attack.
  • Insecure Configurations: Many companies have security policies in place that outline required configuration settings and mandate the installation of security updates on corporate machines. These policies likely do not apply to the personal devices being used for remote work, increasing the probability that they are vulnerable to exploitation.
  • Poor Password Management: Most companies have password policies in place that require strong passwords to be used on machines accessing company data. However, many remote workers do not have basic password protections on all of their devices. These same devices may be used for remote work and have access to the corporate network.
  • Direct Internet Connectivity: Employees working from the office have all of their traffic pass through the corporate network perimeter and security stack, enabling the organization to perform content inspection and maintain full traffic visibility. The use of personal machines means that remote workers may not be protected by these same solutions, increasing their exposure to attackers.

All of these cybersecurity risks increase the probability that a teleworker’s computer will be compromised by cybercriminals. If this is the case, the attacker can leverage the employee’s direct connection to the corporate network, via the company virtual private network (VPN), to use the compromised personal device as a stepping stone to attack the enterprise.

Zero Trust Improves Enterprise Cybersecurity

With a remote workforce working from personal devices, compromised teleworker machines is not so much a question of “if” as “when”. With little or no control over these devices, organizations need to take steps to minimize the impact of these compromises on enterprise cybersecurity.

This is why implementing zero trust is an essential part of securely supporting a remote workforce. Under the zero trust model, access to enterprise systems and data is granted on a case-by-case basis. After an employee authenticates to the network, access controls based upon their job role are applied to all of their requests, granting them access to only what is necessary for them to do their job.

Implementing zero trust is essential because it minimizes the impact of the compromise of a teleworker’s computer. Instead of a malware infection granting the attacker complete access to the enterprise network, the systems and resources that they are permitted to access are limited based upon the privileges of the compromised account. This restricts the attacker’s access to sensitive data and impedes their ability to move laterally and spread their infection through the corporate network.

Deploying Zero Trust Effectively with SASE

Making the decision to adopt zero trust principles is only the first step in the process. To be effective, these principles and access control policies need to be enforced throughout the organization.

Traditional remote access solutions, like VPNs, are far from suited for this. A VPN is designed to provide the user with full access to the enterprise network, not to restrict access on a case-by-case basis. Secure Access Service Edge (SASE) is a corporate WAN and remote access solution with integrated security and support for zero trust network access (ZTNA). Deploying SASE provides an organization with remote connectivity that offers higher performance and scalability than VPNs as well as the ability to better secure a remote workforce.

Continue Reading

Previous The Next Steps on Your Gaming Journey
Next 5G And The Internet Of Things

More Stories

  • Feature
  • Laptop
  • Review

Dynabook Portege X30W-K Review

February 2, 2023
  • CES
  • Consumer Electronics
  • Feature
  • Smart Devices
  • Smart Homes
  • Telehealth

Smart Home Solutions Should Make Life Easier, Better

January 13, 2023
  • Feature
  • Film
  • Horror
  • Movie

ALL EYES

October 19, 2022

Categories

Video News

Partner Sites

IT Business Net
http://www.ITBusinessNet.com

Digital Producer Magazine
http://www.DigitalProducer.com

Digital Media Net Media Hub
http://www.DigitalMediaNet.com

Consumer Electronics Net
http://34.86.219.74

Health Technology Net
http://www.HealthTechnologyNet.com

Recent Posts

  • Nearly Two Months After New Hands-Free Law, Distracted Driving Remains Lower in Ohio
  • TESSCO Reports Fourth-Quarter Fiscal 2023 Financial Results
  • CRACKED
  • Li-Cycle and Shift2 Partner to Donate Laptops to High School Students in Rochester, New York
  • CORRECTING and REPLACING Belkin Introduces the Ultimate Power Bank – the BoostCharge™ Fast Wireless Charger for Apple Watch + Power Bank 10K

Categories

Archives

You may have missed

  • News
  • Smartphone

Nearly Two Months After New Hands-Free Law, Distracted Driving Remains Lower in Ohio

May 27, 2023
  • News

TESSCO Reports Fourth-Quarter Fiscal 2023 Financial Results

May 26, 2023
  • Film
  • Horror
  • Lead Story

CRACKED

May 26, 2023
  • News

Li-Cycle and Shift2 Partner to Donate Laptops to High School Students in Rochester, New York

May 25, 2023
  • iPhone
  • News
  • Wireless Charger

CORRECTING and REPLACING Belkin Introduces the Ultimate Power Bank – the BoostCharge™ Fast Wireless Charger for Apple Watch + Power Bank 10K

May 25, 2023
Copyright © Consumer Electronics Net - All rights reserved. | CoverNews by AF themes.
error: Content is protected !!