Five reasons to implement Zero Trust for modern, distributed workforces
Several years after the first pandemic-driven lockdown, 78% of New Zealanders still work remotely some or all of the time, and of those the majority (54%) wish they could work from home more than they currently do.
Nationwide, CIOs and CISOs across enterprise, government, and commercial organisations are stepping up to help their business transform and succeed in this “new” normal way of working. To help their distributed, hybrid workforces thrive, they need a simple, scalable security approach that:
- Minimises incidents stemming from SaaS applications such as email, IM/chat platforms, cloud storage, collaboration, and productivity tools. For example, in 2022, a ‘white hat’ hacker breached a cloud server and stole sensitive information of approximately 20,000 Christchurch hot pools customers.
- Proactively addresses the growing attack surface and related risks, such as phishing attacks, API attacks, ransomware, and more. The Computer Emergency Response Team (Cert NZ) reported that New Zealanders lost a record $20 million to online scammers last year, with the financial and insurance sector accounting for 30% of reports.
- Makes it easy to monitor and thwart threats before attackers have a chance to move deeper into the network. For example, ransomware attackers look to infect as many devices as possible, to ensure maximum leverage for demanding a ransom.
netQ, in partnership with Cloudflare, helps enterprise, government, NGO, and commercial customers quickly overcome the challenges of securing hybrid work by implementing Zero Trust.
Unlike traditional cybersecurity that trusts users and devices inside the network, a Zero Trust security model trusts no one and nothing by default. It follows three core principles:
- Assume breach: Always assume that attackers are already within and outside of the network, so no users or machines should be automatically trusted. To achieve this, security teams need visibility into their entire SaaS landscape, to easily monitor and mitigate threats, and granular policies over access to sensitive data and systems.
- Never trust: No one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. This requires implementing “least privilege”, only giving users (including contractors and other third parties) as much access as they need to do their work, and maintaining separate access to specific parts of the network.
- Always verify: Continually verify every user, device, and request, even if they are inside the corporate network. This requires multi-factor authentication, and regularly enforcing users and devices to re-verify their identity.
netQ and Cloudflare Zero Trust services make it simple to secure any connection, so users on any device – or in any location – stay safe and productive when accessing applications or the Internet. For instance:
- Secure application access without adding VPNs: With users so dispersed, backhauling traffic through on-prem appliances like virtual private networks (VPNs) creates unnecessary latency. It also creates risk, as VPNs are increasingly vulnerable to breaches.Replacing VPNs with Cloudflare’s Zero Trust Network Access (ZTNA) service enables identity-aware, least-privilege access to any corporate resources for any user, regardless of device or location, with no backhauling required.
- Protect employees on the Internet: Cloudflare’s secure web gateway (SWG) defends against ransomware, phishing, and other threats for faster, safer Internet browsing. It also allows organisations to build custom HTTP, DNS, and network filtering policies across remote and office users. Cloudflare’s email security, remote browser isolation (RBI), and other Zero Trust services provide multiple layers of protection against phishing, web-based malware of all forms, as well as protection from zero-day browser exploits.
- Stop multi-channel phishing attacks: Attackers are increasingly targeting users with malicious links across multiple communication channels, not just email but also web, text/SMS, instant messaging, social media, collaboration tools, and more. Cloudflare can automatically isolate suspicious or untrusted links in the cloud, far away from the device and without impacting end users’ browsing experiences.
- Regain control over SaaS apps: Cloudflare’s cloud access security broker (CASB) helps organisations gain more comprehensive visibility and control over SaaS applications and prevent the risks of shadow IT. It also makes it easier to prevent data leaks and compliance violations, which are more challenging to control outside the office.
- Shift connectivity to the cloud: For organisations that aspire to shift all network connectivity and security onto one unified cloud network, netQ and Cloudflare can support every step of your journey. Together, customers can extend Zero Trust over time to any network location (such as HQ, branch, data centers, and satellite offices to support hybrid work), phase out traditional on-prem firewalls and other network appliances, secure app-to-app connectivity across hybrid multi-cloud environments, and in some instances phase out costly telco MPLS (multiprotocol label switching) contracts.
Whether your organisation is a mature enterprise transforming your architecture to support new digital business initiatives – or is already digital-native – Zero Trust makes it easier to secure hybrid work.
If you’d like to chat more about your Zero Trust journey, please click the contact us button below.