In this new COVID-19 world, Zero Trust is paramount

Paul Barker | Mar 25, 2020 | The News

With the entire globe in a virtual shutdown as a result of COVID-19, senior executives have more than the health of their employees to worry about.

The health of a company’s corporate data conceivably could also be at stake. Findings from several studies paint a severely grim picture, one that is likely to get worse before it gets better now that the majority of the world's workforce has been ordered to work from home.

The bottom line is this: There has been a sharp rise in the number of cyber security threats and phishing scams since the pandemic erupted.

The remote workforce has escalated by 400% in the past decade, according to a recent GetApp report and with the arrival of COVID-19 it will accelerate even more. 

The answer, experts say, lies with remote data access and collaboration technologies, that conform with an information security framework called Zero Trust processes. Once deployed, they are designed to ensure remote access and shared data and collaboration are safe for these new workforce norms.

Tom Ward, vice president of marketing with Qnext Corp., developer of the Fileflex Enterprise, a hybrid point-to-point software-only service that addresses the inherent issues of cloud sync and share via edge technology, says having the tools to enable a distributed workforce has introduced issues with security and privacy.

“Because of the significant productivity gains and demand workers have for workplace flexibility – particularly from millennials – we have accepted the security and privacy compromises that are inherent with the new technologies.”

The entire landscape changes; however, when those same workers are banned from entering a corporate office and must spend all their time working out of a home office or on the dining room table.

It’s akin to the wartime expression “loose lips, sink ships” with the only difference being that lax security measures may end up sinking entire organizations.

“When you start getting phishing and spear fishing, then you could be facing billions of dollars in additional costs overall to the whole economy from ransom ware and phishing malware attacks,” says Ward.

“How you mitigate against that is to try and reduce your exposure to clicking bad attachments and links.”

An example of how a typical phishing attack might work, he says, is as follows: An employee receives what he or she thinks is an email from a me that asks, ‘here are some financial statements I want you to take a look at.' 

“But it's really not me. It's a bad guy sending you an e-mail, pretending to be me and getting you to click that link. As soon as you do or as soon as you open the attachment link then it downloads the malware onto your computer.”

The solution? “Trust nobody and verify everything,” says Ward. “There are two ways of doing that: You can have end-to-end encryption and you can have Zero Trust.”

In a blog written last year, Gerry Grealish, former head of product management for Symantec’s network security product line, likened Zero Trust to a scene in the movie The Untouchables. “When the the street-smart cop played by Sean Connery instructs Kevin Costner's character about the realities of Prohibition-era Chicago, his first lesson regarding the ways of the world was simple: Trust Nobody.

“The security world should apply a similarly blunt approach, particularly when it comes to rethinking dated assumptions about trust. The old school approach to security was to authenticate and determine trust of users at the edge of the network. If they were found to be trustworthy, they got in. If not, they got blocked. Unfortunately, you can never really, truly establish complete trust.

“Meanwhile, the once-popular castle-and-moat approach was found wanting when intruders were able to work their way inside of perimeter-based security through hacks and cracks in the walls. In response, the industry started to look for a new way to tackle enterprise security, one that was data-centric and comprehensive.”

In a Zero Trust network, wrote Grealish, “nobody gets a free pass anymore - even if they are located inside the network perimeter.  In fact, there is not really an overall network perimeter.  The network has been segmented, and then segmented again.  The result?  A micro-segmented network, with lots of tiny perimeters.”

Another key is the so-called distributed workforce, which may end up softening the severity of COVID-19’s impact on every nation’s economy.

“They can do anything from anywhere,” says Ward. “What’s given rise to that is software-as-a-service products like as well as virtual private networks.”