Enabling people to work from home securely has never been a big deal, with most organisations having in place secure VPN access for remote workers. Although it was not perfect, this allowed the monumental shift from some people working from home some of the time, to most people working from home all of the time during the pandemic.
But is this our best option moving forward. Do we want to live with a solution that caters for home- working or should we be thinking of an environment designed for hybrid working?
The Need for Seamless Working
The challenge we see ahead of us is the user experience of hybrid working. Among organisations we have spoken to, there is no absolutely consensus, with each taking a different view, ranging from adopting a fully remote approach, to mandating a set number of days in the office.
What is clear though, is that very few organisations have been willing to return to a set up where homeworking was very much an exception.
Whichever approach you have decided upon, the need to securely connecting every person from any location at any time has become a reality. Making this happen while ensuring a as effortless as possible for the end-user as. We don’t want one way of doing things at home, another when in the office and potentially another again when in a remote public location.
We Need To Think Zero Trust
It is likely that your network was built on ‘trust’ with a clearly defined perimeter and known devices, in known places, connecting to and being trusted by your network. As our IT environments become boundary-less, simply relying on trust is no longer sufficient. We now have people connecting from any location, likely using a mixture of their owned devices and corporate devices and they are connecting to applications and data that reside in a hybrid cloud environment.
It is no longer sufficient to secure this environment at a single point of entry to your network; you need to propagate your security policies across your entire virtual environment. In essence, you need to trust no one and ensure that access is provided to only the right people in the right circumstances.
Access Management is Key
In order to establish a zero-trust environment you need to redefine the rules around ‘trust.’ This is where access management plays a significant role. Rather than validating access by device or network port, the move is to authenticate users and utilise this to permit or deny access.
This enables a single approach to user access to be provided acros any environment and preferably a form of multi-factor authentication. What a user has access to is then not governed by the network but the user profile and the specific policies that you set around this profile. For example, certain sensitive data can be accessed by nominated individuals on the secured network utilising a corporate owned and managed device. However, restrictions can be placed on that user accessing the same data from a different device, through a non-secure network or at particular times of the day.
Policy Driven Access
This approach of defining security and access policy centrally and having this propagated across your network removes the need to have different mechanisms, applications, or gateways specifically to support remote workers. A single solution can be used to authenticate the user regardless of whether they are at home, in a remote location or within the office and what they do and what information they can access is governed by this policy.
Such a move does not just provide benefits to IT in the form of a single point of control and management; it also benefits the end-users providing a simplified and unified experience, removing the need to utilise different routes and applications when working remotely.
Moving forward, it is those organisations that build Hybrid-Working into the way they architect both their IT infrastructure and the way they secure this who will reap the benefits that come from more flexible and productive ways of working.
At NAK, we specialise in secure networking and are helping our clients to align their infrastructure and security to the changes taking place in working practices. If you would like to discuss any of the challenges raised in this blog, we would be more than happy to connect you with one of our specialists. You can contact the team on 0300 456 0471 or email us at email@example.com.