Mar 17 2023

Zero Trust Is a Natural Fit for Hybrid Work Security

First, however, agencies must ensure that they have the policies and processes in place for successful deployment.

Hybrid work presents unique security challenges that can put data and systems at risk. Devices may be more easily compromised off-premises, and agencies can face major breaches if those devices are then connected to their networks. Hybrid work also increases reliance on cloud-based applications, which provide a much larger attack surface for bad actors if not properly secured.

A zero-trust approach provides added security in networks with cloud-based assets and remote users. As the General Services Administration explains, zero trust shifts the focus away from protecting the network perimeter and prohibits access until the access request, user’s identification and requested resource are validated. When a request is granted, security teams continuously monitor how the organization uses and distributes the data.

Click the banner below to get Insider access to exclusive articles about federal IT security trends.

As the name suggests, there’s no implicit trust in a zero-trust environment; data and resources are granted on a per-session basis. The rigorous enforcement of authentication and authorization makes this a natural fit for hybrid work.

Before adopting zero trust, agencies need to analyze their environments to ensure they have policies and processes in place to make deployment successful. According to the GSA, that starts with identifying a “protect surface,” or the most valuable data, assets, applications and services. 

The GSA also emphasizes subject provisioning, an identity and access management process in which users receive appropriate rights and permissions to access resources. The GSA recommends that strong subject provision and authentication policies be in place before moving to a zero trust–aligned deployment. This means agencies need to implement comprehensive security practices for a zero-trust approach to be effective. 

LEARN MORE: Why the DOD is looking to adopt zero-trust security architectures faster.

“When balanced with existing cybersecurity policies and guidance, identity and access management, continuous monitoring and best practices, a [zero-trust approach] can protect against common threats and improve an organization’s security posture by using a managed risk approach,” the National Institute of Standards and Technology notes.

Many organizations already have these elements in their enterprise infrastructure, so this strategy may not require wholesale changes to an agency’s cybersecurity posture, NIST states.

vm/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT