How can hybrid workplaces be protected with a Zero Trust approach?


Although technology giants such as Twitter and Facebook have announced that some of their employees will continue to work from home permanently, this is not really possible for many employees. More than 60 percent of companies plan to implement the hybrid workplace. In this working style, employees will work at home on some days of the week and in the office on some days. However, this situation related to security challenges in the hybrid workplace will also bring new cyber risks. ESET experts have looked at what to watch out for and why.

The challenges of protecting the hybrid workplace

Information security managers today are under immense pressure to protect customer data from theft and critical internal systems from service disruptions. Despite increasing security spending, security breaches continue to increase. With the increase in remote working and the emergence of the concept of the hybrid workplace today, threat actors are in an advantageous position. Elements that pose risks for organizations;

Distracted, home-based workers who are more likely to click on phishing links
Remote workers working from potentially unsecured personal laptops, mobile devices, networks and smart home devices
Vulnerable VPNs and other unpatched software on home systems
Weakly configured RDP endpoints that can be easily compromised by previous leaks or easy-to-crack passwords.
Cloud services with weak access controls (weak passwords and no multiple authentication)


Why Zero Trust Approach

In 2009 Forrester developed a new information security model. This model, called the Zero Trust Model, has been widely accepted and adopted since its inception. It was designed for a world where the old concept of trusting everything inside this safety net is no longer valid, using all available security resources. We live in such a world now, thanks to the spread of distributed work and the cloud. Contrary to this old understanding, the Zero Trust model is based on the philosophy of “never trust, always verify” to reduce the impact of leaks. There are three basic principles in practice.

All networks should be considered unreliable


This includes even home networks, public Wi-Fi networks (e.g. airports and coffee shops), and in-house corporate networks. Threat actors are determined to convince us that safe places exist.

least privilege

If we cannot trust any network, therefore users are also unreliable. We cannot guarantee that an account has not been compromised or that a user is not a malicious internal threat. That’s why it’s important to give employees enough privileges to perform their jobs properly, then regularly review their access rights and remove privileges that are no longer employee-related.


Assume there is a leak

Every day we hear news about a new security leak. Being on constant alert, organizations must continue to develop their defenses with sound Zero Trust logic and remain vigilant. Leaks are inevitable, but their impact can be mitigated.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

What is the Intersection Sign and How Is It Made? Where is the Intersection Sign Used in Mathematics and Geometry?What is the Intersection Sign and How Is It Made? Where is the Intersection Sign Used in Mathematics and Geometry?

class=”cf”> Although Mathematics and Geometry are separate courses, in fact, geometry is a sub-branch of mathematics. In this branch of science, the relations and properties between surfaces, lines, points and