Security Parameters with a Remote Workforce
By Jim Garrity
Over the last decade, the Zero Trust security model, originally developed by John Kindervag, has become increasingly popular with corporate executives. Diamond Technologies, a systems integration, support, and consulting company based in Wilmington, advocates that all their clients utilize this model.
However, Zero Trust hit a serious roadblock in early 2020 with the advent of the global COVID-19 pandemic. Before that point, many companies maintained security primarily by restricting network access to on site-computers and coupling that with “direct observation” of employees. With one in four employees working remotely in 2021, companies found it almost impossible to continue doing either with 100% effectiveness.
Yet, Diamond Technologies notes that shifting to a remote workforce doesn’t have to mean giving up on the Zero Trust model. Again, new challenges simply demand new thinking. Instead, they advocate buttressing internal security with a range of cutting-edge technologies.
Cybersecurity Ventures recently predicted cybercrime will inflict $6 trillion worth of damages on us globally in 2021, a number that will increase to $10.5 trillion by 2025. Those are extraordinary figures by any measure, and they demand we take cybercrime seriously.
Earlier security approaches focused on threats from outside a company. Zero Trust argues that companies must protect against threats from inside as well. In some ways, the problem is that those earlier security fixes worked too well. Over the last fifteen to twenty years, most companies found effective ways to lock down their networks. In response, hackers shifted their tactics, concentrating on employees as potential weak links that might lead hackers back inside. Zero Trust was an adaptation the business world embraced to fight these new tactics. The field has shifted once again. A remote workforce demands new adaptations.
As a starting point for dealing with a remote workforce, Diamond Technologies recommends implementing multi-factor authentication. Multi-factor authentication means that before they can access the network, an employee must establish their identity using at least two or more distinct authentication methods. They might be asked for something they know, such as a password or PIN, then asked for something they have, such as a text message, authenticator app, or key card. These tokens can be additionally combined with biometric authentication—something the user is. For instance, biometric authentication can include a fingerprint, a handprint, a retinal scan, or a voice match. When used in combination, these independent credentialization components provide significant additional security.
Behavioral analytics is yet another cutting-edge tool in the fight to secure corporate networks. In simplest terms, behavioral analytics relies on the collection of massive amounts of data from an individual, in this case, an employee. That data is then analyzed using sophisticated algorithms to make predictions about that person.
In its commercial form, behavioral analytics is utilized by companies like Google to make predictions about your search patterns or Amazon to determine what new brand of coffee you’d most like to try. The same technology is being employed by smart homes and the Internet of Things to help our devices become more responsive to our needs.
As a security mechanism, behavioral analytics can be used as yet another means of authenticating a user’s identity. If your credit card company has ever flagged one of your purchases because you were overseas, you will know how this works. By doing something unusual, like buying coffee in Lisbon, you triggered the credit card company’s software to give your transaction extra scrutiny.
Behavioral analytics can also take place in the background, though, without an employee even knowing it’s happening. Over time, the system learns when the employee normally logs on each day, where they typically log on, and other characteristics about their network usage. Just like your Lisbon coffee, it can flag unusual behaviors and give that user extra security scrutiny.
Where Do We Go From Here?
The battle between businesses and thieves has been going on for far longer than there have been computers. Each new technological advance offers the potential for greater security, but it also brings with it the potential for new forms of theft. The computer helped protect assets by digitizing them. Hacking undid those protections. Cryptography provided system-wide protections, so hackers began going after employees. Zero Trust evolved to address these individual attacks, and the COVID-19 pandemic undid the Zero Trust mechanisms we had put in place.
No matter. We adapt again, using cutting-edge technology like multi-factor identification and behavioral analytics to remain one step ahead. After all, that’s what companies like Diamond Technologies were designed to do: identify new threats and develop new strategies for neutralizing them.