Remote and hybrid work is more permanent among many organizations nowadays. However, with it comes more concerns regarding security. It makes sense, given the increased use of personal devices as well as an increased use of public Wi-Fi.
This has prompted security teams to find ways to address these security challenges. First emerging among the possible strategies was the principle of zero trust with secure access service edge, or SASE, being a means of achieving it.
The reason is that zero trust requires all users to be authenticated, authorized and continuously validated before accessing resources while SASE combines network security and access control in a single cloud-delivered service that offers secure connectivity and access to applications from any device or location.
“Verification of everything has become the new normal to defend the business,” said Victor Okorie, Senior Research Analyst at Info-Tech Research Group. "Zero trust introduces a more security-focused strategy that mitigates most risks and eliminates traditional VPN limitations, and SASE is a way to achieve zero trust maturity by consolidating security and networking to better secure a hybrid workforce.”
So, good. The framework of a strategy that works is there. But chief information security officers still have trouble implementing it. CISOs need to ensure employees have the necessary access to company resources while maintaining security, and CISOs need to educate those same employees on the principles of zero trust and how it applies to their work.
To help CISOs overcome these challenges and better secure their organizations, global IT research and advisory firm Info-Tech Research Group released a new blueprint, “Secure Your Hybrid Workforce.”
Info-Tech's blueprint highlights the obstacles that security teams face when embarking on a zero-trust journey, aligned with what was previously mentioned. The report outlines the difficulties of comprehending zero-trust principles and determining where to begin, given the absence of a standardized path. The lack of a uniform definition of what constitutes a SASE solution is another challenge, which is dependent on vendors.
With those challenges in mind, the blueprint recommends a three-step approach.
The first step involves analyzing existing technological capabilities and identifying challenges in the current hybrid infrastructure. After that, priorities should be set to address the challenges.
Next, security leaders should gain insights into zero-trust and SASE concepts and understand how they are used as mitigation, control or as tools to address the identified challenges.
Finally, the report suggests that security leaders should identify specific SASE features that are most relevant to their organization's needs and procure a SASE vendor's source guide.
Following this blueprint to secure a hybrid workforce is a step in the right direction to start a zero-trust journey. By realizing the essential features needed to achieve this goal, organizations can determine the best fit for their needs.
Edited by Alex Passett