The pandemic introduced many changes to how we go about our work life. From an employer’s perspective, many office spaces closed down and enabled employees to work from home, some who were adamant not to entertain remote access were forced to enable remote access without any other options. Some had to hastily allow employees to use their own devices to connect to corporate networks due to the inability of providing resources.
One area that gained a lot of focus during the pandemic is the cyber security readiness of organizations. If you have been following the news closely you would have noticed that there has been a drastic increase of cyber security related incidents within the country and across the world. One main reason for this development is that the new working arrangements have forced enterprises to drift into uncharted territories making them even more vulnerable to ever evolving cyber security threats. A simple example would be enterprises opening their doors to employees connecting through remote VPNs, these could be users who use their own devices to carry out official duties. These arrangements in return expand the attack surface of the organization. With no proper controls in place a seemingly harmless user could get compromised and unknowingly let a malicious party through the front door into your enterprise network
Developments such as these have accelerated the need to adopt the concept of zero trust. In simple terms zero trust is rooted on the principle “Never Trust, Always Verify”. The zero-trust model throws away the traditional castle-andmoat mentality which made organizations focus on defending their perimeter assuming everything within the perimeter didn’t pose a threat. As a matter of fact the traditional castle-and-moat mentality is what made the attack in the previous example possible.
Another factor that has accelerated the requirement of adopting the zero-trust model is the fact that the digital drive has made it hard to exactly pinpoint the perimeter of an organization. Many organizations have moved to cloud or use hybrid setups which are accessed by various parties such as users, employees, partners who might be physically located all around the globe.