Zero Trust Security: What The Strategy Means For Employees

 

Zero trust security is delivering strong protection for organisations battling a rising tide of cyber threats. However, less attention is given to the impact it will have on employees.

Zero trust is a holistic approach to security based on the principle that no user or application should be inherently trusted. It starts with the assumption that everything is hostile and only establishes trust based upon user identity and context.

The approach is gaining in popularity because of how corporate IT infrastructures have changed. Rather than existing within a walled perimeter, they now reach out to include remote workers and resources held on cloud-based platforms. This trend has accelerated even further in the wake of the COVID-19 pandemic.

Zero visibility

From an employee’s perspective, zero trust must not become a technical impediment to getting work done. Once a zero-trust architecture is deployed, users can be confident that the rules and policies under which they operate are operating within this architecture.

This invisibility means zero trust can offer significant protection without the need for user attention or input. It simply allows them to work from anywhere, on any device, and remain protected at all times.

Zero trust also protects employees if they happen to make a mistake, such as visiting an infected website or opening an email attachment containing malicious code.  Even if their device becomes compromised, an attacker will only be able to access a subset of the organisation’s IT infrastructure.  Before zero trust, gaining access to one system often allowed the lateral movement to others.

Beyond the VPN

Because it doesn’t interrupt the working habits of remote staff or require them to constantly log in before connecting to corporate IT resources, zero trust is a significant step up from more traditional Virtual Private Network (VPN) links.

VPNs can often be clunky to establish and frustrating to use. There are instances where staff find them so limiting that they refuse to use them and connect via insecure networks. This can result in gaping security holes and opens the door for malicious attacks.

Having a zero trust architecture will ensure that user access only occurs in alignment with stated business policies. Each staff member can only see and interact with applications to which they have been given access rights.

All other IT resources are hidden from their view, further increasing security. If they don’t have authorised access to a particular application or database, they won’t even be able to see it.

Zero trust can also improve network performance for remote workers. Rather than connecting to cloud-based resources by going through a corporate data centre and then out to the internet, they can instead go directly to the cloud. The result will be faster speeds and lower latency.

For employees, zero trust delivers significant benefits. It removes complexity, increases performance, and raises IT security to a new level. Moreover, now that legacy networks are increasingly being replaced by the public internet, putting such a strategy in place has never been more critical.

Steve Singer
Steve Singer is Regional Vice President and Country Manager - Australia and New Zealand for Zscaler.