Why CISOs Must Achieve Zero Trust in the Wake of the Remote Working Revolution 

Post-Pandemic Cybersecurity 

The number of “homeworking” job adverts posted in May 2021 was three times higher than the previous year, demonstrating the continued trend of organizations offering remote or hybrid working environments. The evolution of the workplace has posed many benefits such as better work-life balance, and greater flexibility – but also challenges including strains in team communication.  

As organizations face digital transformation, they are evaluating new services and operations for employees, but should also consider security enhancements. Businesses who choose to omit to update their security posture in light of the changing demands of their workforce open themselves to the risk of costly breaches. In fact, according to the UK Department of Culture, Media and Sport (DCMS), nine in 10 British businesses have ‘some form of digital exposure’ and for every five UK businesses, two will face cyberattacks. 

Today, the big challenge for CISOs is balancing enhanced security measures with competing pressures such as mounting cost constraints, demands to reassess measures brought in under semi-emergency conditions to cater to a newly remote workforce, and the ever-present need for usability. CISOs’ must protect both office and remote employees against the increasing complexity of cyber-attacks amid a shifting operational context. 

Adapting to a New Reality 

The clear-cut office fortress that once drew a line between friend and foe on the basis of access location no longer exists. All companies with digital components (in other words, everyone), must ensure they have made lasting structural changes to their security processes to keep pace with modern work practices. Staff today demand entry to company networks from everywhere, continuously and unpredictably. So what is the solution? 

VPNs have been a useful tool to facilitate secure remote access – no surprise that they are now used by one-third (32%) of UK businesses. However, they don’t solve all security challenges, given the sheer number of unsecured IoT devices and WiFi networks employees now use regularly to access files and workspaces. In the post pandemic era, businesses need a better, more comprehensive solution. This is why the concept of Zero Trust is more important than ever. 

The pandemic and shift to hybrid work environments have accelerated the growth of identity and the need for comprehensive solutions that include hygienic practices, like streamlining critical data access and requiring two-factor authentication for new connection requests, and delivering Zero Trust everywhere. Zero Trust has become foundational to the growth, health, and security of enterprises as they aim to meet the ever-changing cyber security landscape and increased threat of security breaches. The concept of “trusting nothing and verifying everything” is helping businesses ensure that identities are continuously analyzed and challenged based on their level of risk, leading to greater security. 

Expecting the Unexpected 

As Zero Trust becomes more widespread and visible on the world stage, we will likely see regulators increasingly push these frameworks as best practices for modern security postures. This is good news for a number of reasons. New COVID variants, resulting in restrictions and public health measures, combined with consequent shifts in workforce preferences, mean that we likely haven’t seen the end of the disruption businesses have undergone over the past two years. Businesses must be ready to continue to evolve not only their operations and services, but their security apparatus as well.  

At the end of the day, the benefits of investing in the right security solutions far outweighs the cost of compromised accounts, legal fines and data breaches. Capital invested in Zero Trust capabilities will be well deployed and help avoid the loss of customer trust, something that is even more difficult to regain.  

Where there are demands for cost-savings, CISOs should look at their tech stack and ask which applications are adding true value. Investments in Slack, Zoom and VPNs made to accommodate remote working in the early stages of the pandemic do not come cheap, but there is more than just cost to consider here, and that is where Zero Trust comes in. 

Amid growing costs, an unforgiving cybersecurity threat profile, increasingly assertive data regulations, and growing business pressures, CISOs should see Zero Trust as a cornerstone – and a lens through which to assess cost-driven investment decisions and build future resilience and flexibility. During the prospect of continued future uncertainty, it is more important than ever that CISOs put their faith in Zero Trust. 

About the Author

Russ Kirby is CISO at ForgeRock. ForgeRock®, the leader in digital identity, delivers modern and comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world. Using ForgeRock, more than a thousand global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data – consumable in any cloud or hybrid environment.

Featured image: ©Gorodenkoff