Risk Factors in a Remote Access Era
Nearly half of federal employees now work remotely, according to a July survey from Eagle Hill Consulting. and many anticipate some degree of telework in the future. This requires access to applications outside the traditional perimeter, often from personal devices.
While security is top priority for all of us, we are never done. Adversaries continue to improve their strategies, and legacy security architectures are falling behind.
For example, adversaries use malware only 49 percent of the time., according to a 2019 report from CrowdStrike. This means that even with strong compliance and the best anti-malware products, organizations may stop only 49 percent of cyberattacks.
However, 51 percent of the time, adversaries use malware-free attacks through phishing or stolen credentials. Once attackers get in and start making lateral movement, they can take action on objectives within minutes or hours.
Agencies need the visibility to prevent and detect a threat in just one minute, investigate within 10 minutes and respond within 60 minutes — a standard made possible only by digital transformation.
Zero-Trust Architecture for Network Access Anywhere
Agencies need secure, scalable, cloud-based solutions that can accommodate the expanding mobile workforce.
In a zero-trust architecture, agencies can provide precise access to these cloud-based applications. Zero trust means an organization does not inherently trust any user. Trust must be continually assessed and granted in a granular fashion. This allows agencies to create policies that provide secure access for users on any device, in any location.
This is not a new idea for either civilian agencies or Defense Department organizations. Zero-trust momentum has been building.
The Jericho Project, for example, was an early model for zero trust. It proposed moving the security perimeter and developing a standard space approach to data access, and then controlling access to the data itself (not the underlying infrastructure).
In 2009, the Pentagon was looking at a model that provided encryption and application traffic segmentation, rather than traditional network segmentation. Segmentation has been a best practice for years, but zero-trust solutions give a deeper level of control.
Cloud and Endpoint Security for Protection, Detection and Remediation
Zero-trust architectures are based on three key components that every agency can integrate into their security environments.
First, agencies should have continuous real-time security posture attributes and response, which translates into some form of responsibility on the endpoint to assess its security posture. This provides agencies with real-time situational awareness, threat detection and response at scale across all enterprise and remote assets/users. Solutions can operate for extended periods, simplifying operations without the typical overhead of legacy solutions, such as VPNs. And those with application programming interface integration accelerate remediation as well.
The next component needed for a zero-trust architecture is strong identity and access management. Zero trust facilitates a dark network, or “inside-out” connectivity. This means that applications are invisible to unauthorized users.