Enforcing Zero Trust in a Hybrid Work Environment

Enforcing Zero Trust in a Hybrid Work Environment

The effects of the pandemic have rippled across the business world like a meteor hitting a pond, creating a new plethora of challenges that incorporated into MBA curriculum for years to come. One of the many unforeseen challenges that has emerged for large organizations implementing return to work initiatives is the emergence (and widespread acceptance) of the hybrid workforce model.

As a new “perk” cherished by most employees and despised by most employers, it appears that the hybrid workforce model is here to stay, despite efforts by some organizations to end this practice. The reality is that most organizations will continue to maintain some semblance of a hybrid workforce model for the near future to help attract and retain top tier talent.

Hybrid Work Highlights the Need for Zero Trust
Hybrid work is just one example of how the security landscape has changed in recent years in ways that demand new security and assurance solutions. Other examples include the sharp increase in international commercial competition – particularly with the use of state-sponsored organizations to support that competition, the rise of Hacking as a Service and Ransomware as a Service, and new applications of AI to support Social Engineering and even fake interviews, to name a few.

All of these changes present significant challenges for organizations relative to physical and logical security, workforce management, facility planning and management, and of course, health safety. Consider the challenges from hybrid work arrangements alone – which can result in employees, contracted workers, customers, and visitors frequenting facilities at all hours of the day, and possibly every day of the week. In such circumstances, it becomes significantly more difficult for organizations, and their security teams, to maintain physical control of the workplace. Moreover, without complete physical control, other risks rise exponentially – from safety to cybersecurity.

It is essential for organizations to maintain physical control as just the first vital step to manage overall risks and the operation of business processes. The consensus in the security industry is quickly moving toward the application of a new set of physical security policies built on zero trust.

Implementing Zero Trust for Today’s Workforce
What do physical security policies built on zero trust look like? The simple answer is that no identity, physical or logical access or IP device/endpoint is to be trusted by default. Instead, every entity – no matter if they are inside or outside the organization’s network – must have strong authorization, be authenticated, and be continuously validated before being granted any access to physical or network assets. In zero trust environments, having access in the past is not enough to warrant access now.

Creating a zero-trust hybrid workforce model enables organizations to protect the integrity, security and safety of an organization. By combining data, this is accomplished from relevant systems such as HR, facilities and workforce planning software into a Physical Identity and Access Management (PIAM) platform. Based on policies you set in the PIAM platform, it will in turn set and revoke access for employees, contractors and visitors on an as needed basis.

Here is an example of how an implementation would work: In the past, an access card might be all that was needed to enter a facility through an employee entrance. In a zero trust environment, the access system would be integrated with other relevant systems to confirm, for example, that the person requesting access was in fact that person, was still employed, had the authority to enter at that time and place, had the required training or certifications to enter, and possibly was confirmed to be wearing the required PPE.

To confirm those answers, the access control system would require confirmation from, perhaps, the HR staffing system, training records, management approvals, and biometric confirmation systems. Such integrations are not only possible today, but are quickly becoming much more common.

Taking Zero Trust to the Next Level
For higher-security environments or locations with a greater proportion of workers that may not know each other well, it is now possible to go one big step further. In these situations, teams can complement the zero trust PIAM platform with the addition of security wearables to automate the validation of security permissions and safety requirements for everyone present.

Security wearables are a new, powerful idea that are really getting traction. Leading providers offer compact badge holders that are equipped with wireless communication capabilities as well as LED-powered status displays. Because these devices can link to local wireless access points, they not only know the identity of the badge, but they also know where in the facility the person is presently located.

This combination lets the device display an easy-to-see “green” validation status that the person represented by that badge is authorized to be in that area at that time, and has the required safety and/or regulatory certifications. If the person goes into an area where any one of those factors is not sufficient, then the visible validation status changes to ‘red’ and it is easy for anyone present to know that there is an issue. This is especially valuable when hybrid workforce arrangements make it harder for workers to know who should be on site, and who should not.

Zero Trust: The Right Approach
In today’s hybrid-workforce environment, organizations can greatly improve their safety, security, and regulatory postures by implementing zero trust solutions. Integrating zero-trust systems with leading security wearables is becoming the newest best practice to manage the emerging physical security challenges of hybrid workforces.

Featured

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3