COVID-19 has accelerated digital transformation efforts for many organizations. One of the major changes was sudden support for telework and a mostly or wholly remote workforce. While supporting remote work was essential for organizations to continue operating during the COVID-19 pandemic and provides a number of benefits long-term, it also creates new security issues and challenges.
One of these challenges is an evolution of insider threat. While insider threats are a long-standing cybersecurity challenge, the transition to remote work has made many traditional methods of managing them ineffective. Organizations require new solutions, such as software defined perimeter and zero-trust network access, to minimize the risk of this new potential attack vector.
Insider Threats are a Major Issue for a Remote Workforce
Many of the cybersecurity impacts of the COVID-19 pandemic are yet to be discovered. However, the impact of remote work on the number of data breaches that companies have fallen victim to has already become apparent.
Since the beginning of the COVID-19 pandemic, 20% of organizations have experienced a data breach caused by a remote worker. Employees’ responses to the transition to work from home and the insecure devices that they use to work remotely have placed organizations at much higher risk of data breaches caused or enabled by a malicious or negligent employee.
Where Traditional WAN Solutions Fall Short
Traditionally, many organizations have used virtual private networks (VPNs) to provide secure, remote access to their network for teleworkers. VPNs are designed to provide an encrypted, point-to-point connection between a remote worker and the corporate network. This encrypted connection provides protection against eavesdroppers and a user experience similar to being connected directly to the corporate network.
Despite these advantages, VPNs also have their problems. One of the major problems – from an insider threat perspective – is that VPNs are designed to provide their users with the same level of access that they would have with a direct connection to the corporate network. A VPN doesn’t include any built-in security functionality or the ability to limit employees’ access to corporate resources based upon need-to-know or role-based access controls.
These limitations of VPNs make them an imperfect solution for enterprise remote access. An organization needs the ability to limit their employees’ access to corporate resources to decrease the probability that a malicious or negligent employee will put the organization, its network, and its data at risk.
Zero-Trust Network Access is the Solution
The solution to the insider threat problem is fairly simple. Organizations need to implement – and enforce – a zero-trust network access and security policy.
Zero trust states that an employee’s access to corporate resources should be limited to what is necessary to do their job. This required level of access can be defined as a collection of roles and responsibilities so that the combination of roles that an employee holds grants them the ability to access everything required for their job but nothing more.
Zero trust network access (ZTNA) – also known as a software-defined perimeter (SDP) – is designed to enable an organization to easily enforce a zero trust policy for a remote workforce. All traffic passing through the ZNTA/SDP solution is evaluated based upon the organization’s defined access policies. If the request is determined to be legitimate, then it is permitted to continue on to its destination.
ZTNA/SDP provides an organization with a much greater level of protection against insider threats than a VPN. Unlike a VPN, which provides full access to an organization’s network to its users, ZTNA/SDP limits access based upon the employee’s job role and need to know.
SASE Enables Efficient, Scalable ZTNA
On its own, ZTNA/SDP is not a complete solution to an organization’s remote networking problem. While ZTNA/SDP will limit network access to traffic passing through it, it does not provide a solution for efficiently and scalably routing traffic over the corporate WAN or protection against other cybersecurity threats.
In order to take full advantage of ZTNA/SDP, an organization should deploy secure access service edge (SASE) to implement its corporate WAN. SASE integrates software-defined WAN (SD-WAN) – which provides optimized network routing over multiple transport links – with a full security stack – including integrated ZTNA/SDP functionality – and deploys as a cloud-based virtual appliance.
This combination of features and form factor makes SASE an ideal solution to an organization’s remote networking and insider threat management needs. The combination of SD-WAN and a full security stack enables truly optimized network routing since traffic does not need to be sent through a perimeter-based security stack for inspection and policy enforcement. Deployment as a cloud-based virtual appliance makes the solution scalable and enables SASE appliances to be deployed geographically near its users (including on-premises and remote workers and cloud-based infrastructure), minimizing network latency. Finally, integrated ZTNA/SDP functionality minimizes the insider threat by enforcing a zero-trust security policy, both on-premises and in the cloud.