Skip to main content

A Zero Trust framework for the new hybrid workforce

Sep

08

2022

Time to read

Read so far

Written by: 

Rohan Ramesh

Time to read

Written by: 

img-zerotrust-blog-1000x420 (1)

In the past two years the working landscape has shifted and changed completely. Some changes have increased productivity beyond expectations while introducing gaps that leave organizations more vulnerable than ever. Protecting an organization’s data has become increasingly challenging as resources are spread across both multiple cloud and on-premises environments[1]. Employees and third-party users need access from any device, at any time, from anywhere. It is no longer possible to simply impose access controls at the perimeter of the organization’s network and assume that it can be trusted.

65% of companies in the United States expect that at least some of their employees will continue working remotely indefinitely. 83% of employees[2] consider the hybrid work model optimal for the future. A hybrid workforce, however, has opened the door to an immense increase in phishing attacks. In the first quarter of 2022 alone 1,025,968 phishing attacks were recorded by APWG and the trend is on the rise as organizations would hope[3]. When 81%-100% of employees work remotely the average cost of a breach at organizations is $5.54 million. Furthermore, it takes 10.6% longer than average to identify and contain threats for companies with more than 50% of their workforce remote[4].

What is Zero Trust?

Zero trust is a framework based on the principle - Never trust, always verify

Implementing a Zero Trust framework is critical, in order to ensure organizations can reduce the threat of a cyberattack while allowing for greater flexibility in where their employees work.

Zero Trust focuses on protecting data and resources by continuously monitoring in real-time and verifying that a user and their device is authenticated and authorized to access a particular resource. Every request is assessed using contextual data at time of access, including the requesting device’s health and credentials, the requester’s identity and role, and the sensitivity of the resource[1].  A secure session is created if the organization’s defined access policy is met, to protect all information transferred to and from the resource.

Zero Trust supports secure authorized access to business resources that are allocated across multiple cloud environments and on-premises. With Zero Trust you can reduce the risk of remote work and insider threats, manage cloud, and mitigate third-party risk for the new hybrid workforce.

43% of nearly 1,300 network security professionals place “identity and access management” as the first task to address to implement a Zero Trust framework in their organization[5].

Challenge in implementing Zero Trust

Let’s look at some of the challenges organizations struggle with in implementing a Zero Trust approach. First and foremost, when employees bring their own device, security measures are barely in place to protect sensitive data, or appropriate user authentication and authorization is missing or cannot withstand a phishing attack. Organizations may have many existing technologies in place with varying degrees of maturity that do not communicate with each other. Or they even have technology gaps to properly integrate a Zero Trust approach. However, a lack of time or resources makes it even more difficult for businesses to figure out what combination of Zero Trust would work best for them. Explicit policies need to be drafted and the organization needs to understand what data flows when and where.

While organizations face many challenges in implementing a Zero Trust approach, having a mature Zero Trust framework in place not only produces considerable advancements in security, but also lowers costs and complexity while offering more peace of mind for cybersecurity teams, business and IT leaders, and end-users. It is advantageous for organizations to invest now, and the path to implementing a robust Zero Trust framework is made easier than ever by adopting solutions such as identity and access management from Entrust that include world-class multi-factor authentication (MFA) capabilities among many other features. The hybrid workforce was quickly adapted, but now it is time for organizations to catch up with Zero Trust security frameworks.

28% (U.S. & Europe) of businesses indicated that multi-factor authentication for endpoints and servers is among the information security protocols their company has prioritized to better secure a hybrid workforce[6].

At Entrust we can help your organization.

The Entrust Identity for Workforce solution helps lay the foundation for implementing a robust and secure Zero Trust framework within your organization:

  • Simplified Identity and Access Management
  • High Assurance PKI based Passwordless Authentication
  • Adaptive risk-based authentication
  • MFA with passwordless access + SSO
  • Passwordless support for other IDPs
  • Easy out of the box integrations across apps, portals, and enterprise platforms

Download 2 Free eBooks


[1] Kerman, A., Souppaya, M., Grayeli, P., & Symington, S. (2022). Implementing a Zero Trust Architecture (Preliminary Draft) (No. NIST Special Publication (SP) 1800-35 (Draft)). National Institute of Standards and Technology.

[2] https://thenewstack.io/the-future-of-zero-trust-in-a-hybrid-world/

[3] https://www.securitymagazine.com/articles/97788-phishing-at-all-time-high-1-million-attacks-in-q1-2022

[4] https://www.softwareone.com/en-si/blog/articles/2021/12/10/zero-trust-security-in-a-hybrid-workplace?gs=Security

[5] https://purplesec.us/resources/cyber-security-statistics/#ZeroTrust

[6] https://www.statista.com/statistics/1276705/eu-us-remote-work-information-security-protocols/