NC Nov-Dec 2021
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SECURITY UPDATE<br />
A ZERO-TRUST FUTURE FOR A<br />
HYBRID WORKING WORLD<br />
MICHELE MABILIA AT KYOCERA<br />
DOCUMENT SOLUTIONS UK EXPLAINS<br />
WHY A HOLISTIC APPROACH TO<br />
SECURITY IS THE BEST WAY FORWARD<br />
As employees return to offices, what was<br />
a largely successful period of remote<br />
working for many businesses is now<br />
giving way to a hybrid working future.<br />
Flexibility for employees is now the norm<br />
rather than the exception, which promises to<br />
make for happier workforces in the long term.<br />
That said, there are still challenges to<br />
address. One of these is the need to protect<br />
company data and devices from the impact<br />
of ransomware attacks, which have become<br />
the modus operandi for millions of hackers in<br />
the last couple of years.<br />
As businesses plan for hybrid working,<br />
connected devices such as mobile phones,<br />
laptops, desktop computers and printers are<br />
often earmarked for close scrutiny in the bid<br />
to shore up cybersecurity capabilities. To<br />
achieve this, organisations need to take a<br />
cautious approach to security, and ensure<br />
this is replicated across the entire IT estate.<br />
This is where a holistic zero-trust approach<br />
has merit.<br />
THE CHALLENGE<br />
The hybrid working model brings several key<br />
challenges for employers, including the need<br />
to properly manage BYOD policies and staff<br />
using the same devices for work and personal<br />
activities, as well as encouraging responsible<br />
cyber practices without regular face-to-face<br />
interaction. Alongside all of this is the<br />
responsibility to ensure that all endpoints -<br />
whether remote or office-based - have the<br />
right security software in place to prevent<br />
attacks. Finally, this has to be done while<br />
minimising the impact on productivity.<br />
Mobile phones, laptops and printers are<br />
often among the first devices mentioned when<br />
discussing security risks. There are legitimate<br />
reasons for this: these are highly recognisable<br />
pieces of home or office equipment, so it is<br />
easy to consider these devices as a likely route<br />
through which opportunistic hackers could try<br />
to gain access to sensitive data. Alongside<br />
these, the ubiquity of software such as email<br />
or cloud storage means cybercriminals have a<br />
huge attack surface to conduct their<br />
operations. With so many areas to keep an<br />
eye on, a zero-trust approach to IT security<br />
makes sense.<br />
THE RISK<br />
To highlight the current cybersecurity state of<br />
play, recent research has found that 92 per<br />
cent of UK businesses suffered a cyberattack<br />
in the last 12 months, and 78% feel<br />
unprepared to deal with current threats.<br />
Despite the upsurge in cyberattacks, more<br />
than a quarter of UK companies do not<br />
consider IT to be ranked within their top three<br />
priorities as they plan for the next 12 months.<br />
This is concerning when considering the<br />
finding that cyberattacks cost nearly one in ten<br />
(8%) UK businesses over £1 million.<br />
Plenty of work needs to be done across the<br />
entire IT estate, as not enough is being done<br />
to actively address these issues. Organisations<br />
need tools to cover all the bases, including<br />
multi-factor authentication to govern access to<br />
sensitive data, secure document management<br />
systems to ensure information is shared in a<br />
safe and compliant manner, and encryption<br />
capabilities that reduce the chances of stored<br />
data - whether on-premise or in the cloud -<br />
being compromised.<br />
THE REWARD<br />
Adopting a zero-trust framework and applying<br />
it across all elements of the IT estate offers a<br />
variety of security benefits. Zero-trust<br />
presumes all applications and services are<br />
malicious and are denied access from<br />
connecting until they can be positively verified<br />
by their identity attributes. Therefore, this<br />
model reduces risk because it closely<br />
scrutinises what is on the network and how<br />
those assets are communicating. Further, as<br />
baselines are created, a zero-trust model<br />
reduces risk by eliminating overprovisioned<br />
software and services and continuously<br />
checking the 'credentials' of all devices -<br />
whether they are printers, laptops, desktop<br />
computers, mobile phones or any other<br />
internet-enabled technology.<br />
THE FUTURE<br />
Functioning efficiently and safely in a hybrid<br />
work environment all boils down to risk<br />
management. This means getting better<br />
visibility and understanding of the way people<br />
work, and by association, the way they interact<br />
with business systems and sensitive data.<br />
Zero-trust doesn’t have to be a complete<br />
change in the business working model or<br />
mean that existing security architectures need<br />
to be replaced. It simply provides a solution to<br />
gain more control within the network, creating<br />
an even stronger shield and barrier. It is the<br />
way forward for organisations that want to be<br />
confident that they have the necessary tools<br />
and support to combat evolving threats. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2021</strong> NETWORKcomputing 19