Why zero trust is the gold standard in secure hybrid work

The IT pendulum has been swinging towards flexible work models for years, and the pandemic has accelerated the velocity, according to John Grady, senior analyst at Enterprise Strategy Group. This rings true to me each day, no matter where I’m working.

Businesses operating in today’s hybrid world need the ability to quickly scale up or down their employees’ access to IT systems at a moment’s notice. Whether it’s a health crisis, geopolitical events or a weather warning, the last two years have shown us that keeping workers safe and productive, from anywhere, is critical to business continuity.

We’ve experienced the rapid transformation of business operations attempting to maintain continuity, with many organisations completing two years’ worth of digital transformation in two weeks.

And this pace of transformation is likely to continue. The Australian Government is now further incentivising businesses to transform over the next year, with the Treasurer announcing tax deductions for businesses to invest in technologies such as cloud computing, cybersecurity and web design.

While the arrival of digital workspaces has created opportunity and flexibility, it’s also highlighted a new set of challenges for IT managers — a tension between effective security and employee experience. As employees prioritise the need for information from any source over safety, cybersecurity hygiene can often be overlooked.

Enter zero trust, an IT security framework founded on the principle to never trust, always verify. The architecture represents a shift from the old ‘handing-over-the-keys-to-the-castle’ approach of VPNs, to requiring all users to incrementally earn trust over time.

Let’s take a look at why zero trust is the gold standard in balancing security standards with employee experience in a hybrid world.

Enabling secure hybrid work

Employees and the applications used to support them have become highly distributed. IT leaders are looking to cloud-delivered solutions that incorporate zero-trust principles along with centralised policy management to enable employees to work in a secure, reliable and productive manner.

A zero-trust network access solution provides contextual access to IT-sanctioned applications whether they’re deployed on-prem or in the cloud. It uses adaptive authentication to continually evaluate access based on end-user roles, locations, device posture and user risk profiles. Trust is never assumed, never an afterthought, but instead is always verified for appropriateness and carefully measured dependent on a user’s risk level.

As people continue to work away from the office, this is especially important when it comes to protecting access to apps and data from managed, unmanaged and bring-your-own (BYO) devices. Traditional VPN solutions require end-user devices to be managed, provide access at the network level, and enforce static access control policies. New Zero Trust solutions like Citrix Secure Private Access give IT a set of security controls to protect against threats from BYO devices, giving users the choice to access their IT-sanctioned applications from any device, whether it’s managed or BYO.

Enhancing the digital workspace experience

Businesses need a modern and secure desktop, application and data delivery strategy that reflects how users work, and can keep up with the rapid change of business applications. That is, without amplifying the security burden that weighs heavily on the IT team.

Desktop as a service (DaaS) has ridden the cloud surge to enable companies to improve security and keep sensitive data off devices as workforces continue to become increasingly distributed. Three-quarters of IT and security leaders view DaaS as a key enabler of secure work within their organisation, and more than 50% plan to implement it in the year ahead.

DaaS offers the combination of attributes that organisations across all sectors are looking for — improved time to value, cost reduction and enhanced security.

When I speak to customers, it’s clear that DaaS business needs are different for every organisation. That’s why it’s important to select a DaaS solution that complements your business. For example, one organisation might be looking to balance existing data centre resources with cloud expansion goals, while another might be new to DaaS and embarking on a cloud-first initiative with their hyper scaler of choice.

No matter which solution fits your business, it’s important for DaaS users to embrace the zero-trust security model. With zero-trust principles, organisations can use security analytics to determine whether a DaaS-powered device has been compromised and block the user from accessing their environment.

Looking ahead

Working securely while working remotely will be an ongoing requirement. Now is the time to ensure you have zero-trust principles in place to provide consistent, simple access to the apps and data employees need to get work done. Businesses who fail to build a zero-trust architecture that optimises their security strategy in a way that doesn’t compromise employee experience will be left behind.

Image credit: ©stock.adobe.com/au/wachiwit