Hybrid Workplace and the challenge of Information Security (Prof. G V Muralidhara)

When the COVID 19 pandemic hit the world in 2020, many corporates shifted to the practice of ‘Work from Home (WFH)’ for their employees. Many organisations also announced that they are likely to continue the policy of WFH even after the pandemic receded. As 2021 progressed, many organisations realised that a complete WFH arrangement is not an appropriate alternative. Many roles required physical presence and interaction at the office. Also, the absence of social interactions was affecting the health and productivity of employees. Many organisations are now thinking of a hybrid arrangement by which employees alternate between WFH and working in a physical office for varying periods depending upon the nature of jobs. Companies are also thinking of providing flexibility to employees to choose between the two options or combine the two. These work arrangements and extensive use of cloud technology have brought into sharp focus emerging concerns about information security. Organisations are looking at employing the Zero Trust Model to address these concerns.

What is the Zero Trust Model?

The Zero Trust model is based on the principle of “never trust, always verify.” In a significant departure from the earlier models by which we assumed that everything is safe behind a corporate security firewall, in the Zero Trust Model, every access request is strongly authenticated and authorised according to policy parameters, and inspected for anomalies before access is granted. The guiding principles of this model are detailed verification, providing access only when needed (Just-In-Time) to areas of the network based on the role and its associated requirements (Just-Enough-Access) and preventing lateral movement by defining boundaries of access. A Zero Trust Maturity Model is used to assess an organisation’s readiness for implementing the Zero Trust architecture. Organisations are categorised as Traditional, Advanced and Optimal based on where they are on this journey. Many progressive organisations like Microsoft are progressing on their Zero Trust journey.

<aside> 🔑 A recent IBM-sponsored study demonstrated that the average cost of a single data breach is over $3 million. Considering that figure, it should come as no surprise that many organisations are now eager to adopt a zero-trust security policy.

</aside>