Securing the remote work landscape with zero trust

The lockdown orders that were part and parcel of the first stages of the Covid pandemic have changed the working landscape irrevocably.

The hybrid working model that emerged to cope with those early months of social distancing now seems to be locked in, with employees valuing its increased flexibility and businesses realising the economic benefits of having to maintain less office space and a happier workforce.

Accenture figures state that 83% of employees identify the hybrid model as the optimal one, while 58% of executives have noted improvements in individual productivity as a result.

There have been challenges along the way, however, security remains an issue when managing a distributed workforce. Employees in the hybrid digital workspace routinely access resources from different locations with different devices, making the old location-based castle-and-moat network security model largely ineffective.

As a result, many organisations have moved to a zero-trust network security model. Rather than being designed to prevent a breach in network security from occurring, this assumes it already has taken place and that organisations should not trust anything, both inside and outside their perimeters. Systems are therefore put in place to continuously verify and authenticate what data employees have access to and what networks they are connected to.

It is successful too. According to a study from Statista, 31% of companies in hybrid workplaces have already implemented a zero-trust strategy, with 50% starting to adopt the approach.

Improving company performance and the customer experience

There are multiple touchpoints along the way to implementing a successful zero-trust IT strategy. The list of best practices that need to be implemented is a long and important one and covers such deployments as Multi-Factor Authentication, Endpoint Security, Limited Access, and Continuous Monitoring and Response.

Importantly, Zero-trust IT strategies necessitate wider stakeholder involvement than castle-and-moat ones and can be seen as part of the wider cultural shift within a company that is part of any successful digital transformation project. Indeed, the two go hand in hand and, in many cases, the successful implementation of zero-trust is predicated on the success of a wider digital transformation project.

This, in turn, is not an easy task. According to BCG research, 80% of companies are planning to accelerate their digital transformations, but 70% of digital transformations fall short of their objectives, often with profound consequences.

The reasons are many, but one of the underlying factors is that companies can tend to see digital transformation as a commodity that can simply be purchased. Nothing could be further from the truth. Digital transformation requires a significant change within a company and, despite assumptions, is primarily not about technology.

What it is about is having clear goals, commitment from leadership, agile responses, and effective monitoring. The technology and business side of an organisation need to work together cohesively and understand one another’s different needs and viewpoints. When that is all in place, then by nature the technology that is being adopted and implemented will work to drive forward company performance as well as help provide a better customer experience.

It’s all about changing the culture

Another study by BCG found that 90% of companies focussing on culture first for their digital transformation achieved performance breakthroughs, whereas in companies that did not only 17% achieved a breakthrough.

For far too long, IT and tech projects have solely been the responsibility of IT teams, however, digital transformation projects can only be effective if teams work together across an organisation. Zero-trust is very much a part of this equation, especially as it requires buy-in from a distributed workforce that may never even have met face-to-face.

To promote a culture shift within a company is not something that simply can be decreed, however. It requires a distinct change in mindsets and attitudes from old monolithic corporate cultures to create an organisation that looks outward and engages with its customers and partners, values delegation and collaboration, is strengthened by continual iteration, and is agile in both thought and deed.

With so many digital transformation projects failing, focussing on changing culture can not only lead to a successful digital transformation project in the here and now, it can optimise companies for the long run.

The project with no end date

Both zero-trust security and digital transformation are open-ended projects that are in continual adaptation to the world around them. Zero-trust has to continually adapt strategies and technologies to deal with evolving security threats, while digital transformation efforts must constantly reframe themselves to meet the challenges of a dynamic business environment undergoing constant change.

Neither project should ever be considered ‘done’, as that will fix an organisation at a point in time as the rest of the world moves on. The new underlying business strategy has to be one of constant iteration and evolution to meet the many business challenges that will lie in the decades ahead.

About the Author

Amin Tavakoli is Future Workplace Global Service Line Lead at SoftwareONE. SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions, headquartered in Switzerland. With an IP and technology-driven services portfolio, it enables companies to holistically develop and implement their commercial, technology and digital transformation strategies. SoftwareONE provides around 65,000 business customers with software and cloud solutions from over 7,500 publishers.

Featured image: ©Ariel Skelly (Getty Images)