This post also appeared on LinkedIn.
My favorite science-fiction author, William Gibson, once said, "The future is already here—it's just not evenly distributed." The same can be said for zero trust.
The rapid expansion of remote work due to the pandemic has forever changed the face of enterprise cybersecurity, and the effects are still rippling across the business landscape. Even as users return to the office, we’ll still need to secure a sizable work-from-anywhere (WFA) population. This new hybrid workforce is here to stay: some people work remotely, some go into the office, and some toggle between the two as needs dictate. As a result, there is no better time than now to implement a zero trust strategy.
A rebalancing act
The massive move to WFA during the pandemic eroded the foundations of network-centric, castle-and-moat legacy architecture through shifting patterns and sheer volumes of traffic. To compensate, many organizations invested heavily in virtual private network (VPN) technology. As users return to the office, those same VPNs are over-provisioned, depreciating in value, and don’t support ongoing network and security transformation. VPNs lack the necessary flexibility to follow users, devices, and applications to new virtual perimeters. The net is that security costs and complexity increased, but granular visibility didn’t.
Forward-looking IT teams, in turn, are seizing the opportunity to overcome the challenges of VPNs by turning to new cloud-native secure access solutions to help drive innovation both within IT and for the business.
Modern cloud-native security solutions extend zero trust principles to enable and secure WFA access to applications, without requiring public exposure or complex network segmentation. Security, simplicity, and user experience go hand-in-hand in this new model, which allows for seamless access across all the permutations of the hybrid workforce.
Regaining your footing with zero trust
Zero trust initially envisioned context-based controls for least-privilege access for on-premise users accessing internally hosted apps. But as the pandemic demonstrated, IT teams also require a solution that offers seamless access for remote workers. By extending these tenets to the new hybrid workforce, IT teams can provide secure access to any application or asset without publicly exposing the application, asset, or even the infrastructure that supports access. A zero trust architecture provides security, granularity, and visibility no matter where users, applications, or assets live.
At Zscaler, our cloud-delivered zero trust solution, Zscaler Private Access (ZPA), allows IT teams to deliver a consistent, frictionless user experience for employees, third parties, and B2B communication. Access is seamless regardless of whether the user is "off-network" or "on-network"—the network doesn't matter anymore. The policy environment is simplified, becoming user- and app-centric rather than network-centric, and consistent across cloud and data center application environments. Granular policies for context-based access ensure least-privileged connections, combining user and device attributes to permit access only by authorized users on compliant devices.
Since zero trust connects users to specific applications rather than allowing endpoints access to the entire network, yesterday’s "virtual private network" evolves into today's secure access service edge (SASE). Public service edges provide transport to remote applications, while private service edges support local and on-premises access.
Moreover, by incorporating industry-leading endpoint detection and response (EDR) solutions from CrowdStrike, Carbon Black, Sentinel One, and others, IT can detect and stop dirty devices. Browser isolation enables BYOD and unmanaged devices to access applications without the data ever touching the device. API-driven integration with security orchestration, automation, and response (SOAR) solutions frees up expensive human attention to focus on more critical security considerations and priorities.
The capabilities above work together to greatly reduce dependency on network perimeter security, increase visibility, and minimize cost and complexity.
Furthermore, while ZPA connects users to an enterprise's internal applications, Zscaler Internet Access (ZIA) connects users to internet and SaaS applications on the internet. Backhauling everyone’s traffic to a few internet egress points just to send it through a stack of security appliances no longer makes sense: WFA users can leverage the same Zscaler Zero Trust Exchange and access public resources via direct internet connections protected by ZIA.
Application of the fundamental zero trust principles of context-based, least-privileged access beyond their initial narrow scope of on-premises users connecting to internally hosted applications is on the rise. Protection of outbound as well as inbound traffic, identity-based access controls for machine-to-machine as well as user-to-machine traffic, and integration of additional context all combine to offer more granular and adaptive access decisions.
But nobody does this overnight. Solutions need to work seamlessly across hybrid use cases to protect both legacy resources and infrastructures as well as modernized workflows.
The path forward
The past year rapidly accelerated existing cloud migration and remote work trends. Traditional security models struggled to accommodate the huge change in traffic flows when the global digital workforce went home en masse. Companies that had already embraced digital transformation absorbed the change and adapted more easily. In the space of a couple of months, we helped many companies use zero trust to transition their entire workforce to WFA.
Now we have the luxury of thinking and planning more strategically for how to best support the evolving hybrid workforce post-pandemic. A continuing theme in 2021 will be the importance of flexible, resilient solutions that adapt to ongoing change. It’s time to seize the zero trust moment! Modern cloud-delivered zero trust architectures apply security functions consistently across an ever-evolving landscape, and will remain a critical component to accommodating and securing the new hybrid workforce.
