Our workplaces have become more mobile than ever before, largely due to advancements in technology being used by businesses for communication and collaboration. The circumstances related to the COVID-19 pandemic have expedited this movement by forcing most businesses and organizations out of their offices and into remote work sites. With this reality comes greater risk to information security across all industries. The increase in remote workforce results in more endpoints that need protection, and more resources are needed to fill this security need. The need for additional cyber security measures now exists outside of a physical perimeter that used to include only office buildings and campuses.
A Need For Enhanced Data Security
Understanding where an organization’s legally protected data comes from, who interacts with it, where it is stored, and with what third parties it is shared has always been included in a mature information security risk management program. These questions still need to be asked, but with so many endpoints operating outside of the physical walls of an organization, the questions are more complicated and difficult to answer. Understanding the flow of data is necessary to develop a complete view of your organization, and to make productive security and risk management decisions. A new and commonly adopted cyber security model is being used to address these present and here to stay cyber security risks, and that is the Zero Trust Model.
The Zero Trust Model
In an interview with FedScoop Radio, Yassir Abousselham, the CISO of Splunk, stated that the Zero Trust Model means moving away from the perimeter-based security model to place more of an emphasis on security at the data level and protecting organization assets regardless of physical location. Abousselham further explains that with this reality, security professionals can no longer assume the identity of or “trust by default” any user or device.
A component of the Zero Trust Model is the ability to make automated access decisions. This automation follows the same principles that a cyber security analyst would in that, for example, an analyst practicing zero trust would prevent any non-compliant device from accessing the network. This type of validation done on the scale required to maintain a proper cyber security posture would likely be an unmanageable task, particularly as IT security teams are commonly understaffed. Cyber security tools with this type of automation or machine learning capabilities are a near necessity for any modern zero trust security architecture.
The term “new normal” has been said a lot over the last 20 months and the remote workplace is no exception -- it is not going anywhere. Zero trust and the assistance provided by artificial intelligence and automation are essential to maintaining information security both today and in the foreseeable future.
For additional information about the FedScoop interview with Yassir Abousselham, please see https://www.fedscoop.com/radio/future-work-zero-trust-data-security/
For additional cybersecurity information, please reach out to our experts at FoxPointe Solutions today!