Networking isn’t what it used to be, therefore understanding how today’s networking complements modern working practices is vital to maintaining cyber resilience, says Tim Downs, Director of Bitwise-IT
If we were to look back a decade, we would see that most organisations were heavily reliant on office-based workforces, with, typically at that time, a firewall between the internet and their internal network (and servers). If a business had two remote offices they were connected via a VPN or SD-WAN, usually via a dedicated, leased internet line. The public internet for the most part did not boast the speeds accessible today so remote working was a lot less common. If someone wanted to work from home, they would copy files to their laptop, edit them offline and bring them back to the office when they return. This network design of the firewall protecting the perimeter of the company was ideally suited to the way we worked back then.
Fast-forward a few years and along came the covid pandemic, and the need for everyone to work from home. The IT teams at the time needed to quickly adjust their networks to allow remote workers to VPN in, or to run remote connection tools to control PCs in the office from home. Due to the urgency this was in most cases, rushed. This in turn left security weaknesses into many businesses. The issue was that if VPN connection details were obtained by cyber criminals, they could connect directly to the company network and gain unrestricted access to everything inside the firewall – scary stuff!
Likewise, remote connection tools like Splashtop, TeamViewer, and LogMeIn were also creating their own issues. A simple phishing campaign could allow criminals to gain the log-in credentials of these tools and similarly breach company networks. Along with the enforcement of the GDPR in 2018, companies in the EU could face hefty fines for data breaches of customer data, along with the many other costs which come along with a data breach.
Now, nearly five years on from covid, the need for secure remote working remains. Business networks are more distributed than ever before, with workers connecting to a mix of on-premises and cloud services from anywhere in the world. Clearly, the old school design of protecting the company perimeter with a firewall just won’t cut it anymore. Small and medium-sized businesses (SMBs) can be especially vulnerable.
Enter Zero Trust Network Access
Zero Trust Network Access, or ZTNA acts, in a way, like a traditional VPN, connecting remote networks – think your laptop to the office, or your laptop to the cloud, or even the cloud to your office. The difference between a ZTNA connection and a traditional VPN connection is that the traditional VPN connection will allow the connected device or network to access everything on the other side of the connection, whereas ZTNA by default allows no connectivity to destinations on the other side of the connection, unless rules are specifically specified by the IT administrator. This allows a much greater control over connectivity and plays a big part in preventing data breaches in modern networks.
ZTNA also provides additional features such as device restrictions, so unless the device (e.g. a laptop) is on the allowed list it will not be able to connect at all. This prevents any rogue devices from connecting the company networks and further protects them.
This level of protection is now essential for businesses with remote workforces, and many financial institutions and other regulated businesses already utilise ZTNA. Most ZTNA products, such as Zscaler or NordLayer support authentication (log-in) via Single Sign On (SSO), meaning companies can control access to their networks via Azure’s Entra ID (Office 365 logins). With the correct licencing businesses can add additional Conditional Access rules to ensure connections remain secure. For example, log-ins are only allowed from a certain list of countries. (Of course, providers other than Microsoft can also be utilised for SSO.)
Furthermore, and 100% recommended by us, is to utilise cloud account monitoring, to ensure no account breaches ever take place, and if they do, your security team will instantly take care of the issue and protect your business. Combined with ZTNA these extra security measures mean your business will be a lot better protected.
A partner to keep your business safe
Modern working requires modern network connectivity and security. Ensure your business uses ZTNA and your security team is monitoring your cloud login activity at the very least. Configuring and monitoring these technologies requires experience and expertise. Ensure your IT team are trained on this or pick an IT partner who can confidently deliver this setup for you.
IT Security is an ever-evolving landscape. Ensure your business stays ahead of the curve and keep the bad guys locked out.
Further information
bitwise-it.co.uk
[email protected]