As the COVID pandemic wears on, the hybrid workplace has become widely implemented. However, for cybersecurity professionals, this poses singular challenges as the network boundary grows to include workers in diverse locations.
Traditionally, IT teams tightly control the network architecture—including the endpoints, software and internet connections. In a hybrid work environment, that construct is upended—users themselves determine which internet provider to use, and they might use personal rather than corporate-issued devices and software to perform their work.
Granted, bring your own device (BYOD), where personal devices are used within the business setting, has been a trend for some time, but BYOD endpoints are connected to the corporate network, rather than an unknown internet provider, which can improve security. The IT team can also mandate policies and software on personal endpoints (mobile device management) to further protect against malware and other threats on employees’ personal devices.
The Wild, Wild West?
In many ways, today’s hybrid workplace represents a chaotic new frontier for IT security teams. For example, a shared network in the home increases the odds of a man-in-the-middle (MitM) or eavesdropping exploit, and home network devices such as digital assistants, televisions and even thermostats can pose a security risk due to their inherent vulnerabilities. Authentication becomes far more complicated in a hybrid work environment because multiple personal and corporate-owned devices may be in use as well as variable Internet Protocol (IP) addresses and simultaneous logins from multiple devices.
The home network environment introduces new attack vectors and creates a vast attack surface, posing challenges in enforcing security policies and assuring proper authentication. Plus, security measures must have minimal impact on user experience and productivity.
Issues in Threat Detection and Response
The hybrid workplace complicates detection and mitigation of threats, attacks and anomalies. Because it is heterogeneous, security controls may be lacking or subpar, leading to absent or sporadic threat detection and reporting. Key threat indicators may be completely overlooked because of the lack of adequate threat detection, especially on personal devices connecting remotely to the corporate network.
Adding to these challenges, home networks and internet connections usually carry personal and business traffic—and personal traffic may not be inspected adequately for potential threats. This results in yet another possible attack vector that can cross over to the corporate network. Worse yet, valuable forensic information may be difficult or impossible to retrieve, thwarting incident investigation.
The goal of IT has become post-breach mitigation and building in cyberresiliency that will allow the infrastructure to recover quickly whenever threats and attacks arise. Mitigating threats across multiple, disparate endpoints is infinitely more difficult than inside a controlled corporate campus. And although it can be done, without automation, it creates an enormous workload for security teams. The lack of visibility and control over remote endpoints can effectively obstruct efforts toward cyberresiliency.
Where Virtual Private Networks Fall Short
You may be thinking, “But wait! What about virtual private networks (VPNs)?” Certainly, SSL and IPsec virtual private networks were in widespread use long before the pandemic, allowing many IT teams to quickly support remote workers during the lockdowns. But now that the hybrid workplace has become an enduring trend rather than an urgency, several key issues with VPNs have become readily apparent relating to cost, scaling and visibility.
Regardless of product form (physical, virtual or the cloud), licensing is typically a large cost component for enterprise-class SSL VPNs. A license is usually required for each user, though a single license may allow more than one device per IP address. In addition, the solution is typically licensed for a set capacity. Thus, scaling can require additional user and capacity licenses, adding cost, complexity and staff labor to the overall equation.
Visibility is another key concern. Although many SSL VPNs offer endpoint policy compliance checking, these safeguards focus simply on compliance rather than on threat detection. This leaves detection and mitigation solely to the endpoint’s antivirus and other security software, which may not catch the subtle signs of advanced persistent threats. The lack of granular visibility compounds the difficulties security teams face in consolidating and analyzing threat information across all devices connected to the network. Taken together, the cost, scaling and visibility concerns surrounding VPNs have prompted many IT leaders to explore other options.
A New Generation of Secure Remote Access
Recent advances in security concepts have rendered a generation of solutions that have the potential to address the hybrid workplace. Among them is zero trust network access (ZTNA), which operates from the premise of never trust, always verify.
This means that any user or device that attempts to connect to the network and its resources is automatically untrusted, and must be authenticated across several dimensions (identity, integrity, etc.) before access is granted. This multiphase, multilevel authentication verifies not just the user, but also the device and its integrity. The integrity of the device is continuously monitored so that any deviation from security policy (turning off antivirus) results in a repeal of trusted status. If it is executed correctly, ZTNA can elevate security controls for the hybrid workplace while diminishing any impacts for user experience and productivity.
The Flip Side: Threat Detection and Response
While ZTNA can offer improved prebreach security by enforcing strong authentication and policy adherence, IT teams must still cope with the flip side of security—the inevitable breaches and attacks. Here, too, advances in security concepts yield a potential solution: extended detection and response (XDR).
Historically, breach detection and mitigation have been byzantine operations hindered by a lack of coordination of threat data among point security devices, large numbers of false security alerts and the absence of a means to synchronize threat response throughout the network.
XDR integrates log data from a wide variety of sources in the hybrid network, then standardizes and analyzes it to provide broad visibility into security events and potential threats. Leveraging machine learning, XDR can identify and characterize indicators of attack or threat and then, using pre-configured playbooks, orchestrate a mitigation response that spans multiple security devices such as next-generation firewalls and web application firewalls.
Navigating a Sea Change
Although the shift to the hybrid workplace has been a sea change for IT and security teams, new advances in security concepts and solutions hold the potential to smooth out the transition. By attaining greater control over endpoints and expanding visibility and automation of security responses, cyber teams can facilitate the hybrid workplace while maintaining a secure network environment.
Editor’s note: For further insights on this topic, read Tim Liu’s recent Journal article, “Reducing Security Vulnerabilities in a Hybrid Workplace?” ISACA Journal, volume 3, 2022.
ISACA Journal turns 50 this year! Celebrate with us—and do not forget you can still receive the print copy by visiting your preference center and opting in!