Enforcing Zero Trust in a Hybrid Work Environment

Enforcing Zero Trust in a Hybrid Work Environment

The effects of the pandemic have rippled across the business world like a meteor hitting a pond, creating a new plethora of challenges that incorporated into MBA curriculum for years to come. One of the many unforeseen challenges that has emerged for large organizations implementing return to work initiatives is the emergence (and widespread acceptance) of the hybrid workforce model.

As a new “perk” cherished by most employees and despised by most employers, it appears that the hybrid workforce model is here to stay, despite efforts by some organizations to end this practice. The reality is that most organizations will continue to maintain some semblance of a hybrid workforce model for the near future to help attract and retain top tier talent.

Hybrid Work Highlights the Need for Zero Trust
Hybrid work is just one example of how the security landscape has changed in recent years in ways that demand new security and assurance solutions. Other examples include the sharp increase in international commercial competition – particularly with the use of state-sponsored organizations to support that competition, the rise of Hacking as a Service and Ransomware as a Service, and new applications of AI to support Social Engineering and even fake interviews, to name a few.

All of these changes present significant challenges for organizations relative to physical and logical security, workforce management, facility planning and management, and of course, health safety. Consider the challenges from hybrid work arrangements alone – which can result in employees, contracted workers, customers, and visitors frequenting facilities at all hours of the day, and possibly every day of the week. In such circumstances, it becomes significantly more difficult for organizations, and their security teams, to maintain physical control of the workplace. Moreover, without complete physical control, other risks rise exponentially – from safety to cybersecurity.

It is essential for organizations to maintain physical control as just the first vital step to manage overall risks and the operation of business processes. The consensus in the security industry is quickly moving toward the application of a new set of physical security policies built on zero trust.

Implementing Zero Trust for Today’s Workforce
What do physical security policies built on zero trust look like? The simple answer is that no identity, physical or logical access or IP device/endpoint is to be trusted by default. Instead, every entity – no matter if they are inside or outside the organization’s network – must have strong authorization, be authenticated, and be continuously validated before being granted any access to physical or network assets. In zero trust environments, having access in the past is not enough to warrant access now.

Creating a zero-trust hybrid workforce model enables organizations to protect the integrity, security and safety of an organization. By combining data, this is accomplished from relevant systems such as HR, facilities and workforce planning software into a Physical Identity and Access Management (PIAM) platform. Based on policies you set in the PIAM platform, it will in turn set and revoke access for employees, contractors and visitors on an as needed basis.

Here is an example of how an implementation would work: In the past, an access card might be all that was needed to enter a facility through an employee entrance. In a zero trust environment, the access system would be integrated with other relevant systems to confirm, for example, that the person requesting access was in fact that person, was still employed, had the authority to enter at that time and place, had the required training or certifications to enter, and possibly was confirmed to be wearing the required PPE.

To confirm those answers, the access control system would require confirmation from, perhaps, the HR staffing system, training records, management approvals, and biometric confirmation systems. Such integrations are not only possible today, but are quickly becoming much more common.

Taking Zero Trust to the Next Level
For higher-security environments or locations with a greater proportion of workers that may not know each other well, it is now possible to go one big step further. In these situations, teams can complement the zero trust PIAM platform with the addition of security wearables to automate the validation of security permissions and safety requirements for everyone present.

Security wearables are a new, powerful idea that are really getting traction. Leading providers offer compact badge holders that are equipped with wireless communication capabilities as well as LED-powered status displays. Because these devices can link to local wireless access points, they not only know the identity of the badge, but they also know where in the facility the person is presently located.

This combination lets the device display an easy-to-see “green” validation status that the person represented by that badge is authorized to be in that area at that time, and has the required safety and/or regulatory certifications. If the person goes into an area where any one of those factors is not sufficient, then the visible validation status changes to ‘red’ and it is easy for anyone present to know that there is an issue. This is especially valuable when hybrid workforce arrangements make it harder for workers to know who should be on site, and who should not.

Zero Trust: The Right Approach
In today’s hybrid-workforce environment, organizations can greatly improve their safety, security, and regulatory postures by implementing zero trust solutions. Integrating zero-trust systems with leading security wearables is becoming the newest best practice to manage the emerging physical security challenges of hybrid workforces.

Featured

  • Until We Meet Again

    A short three years ago we were all pondering whether to attend any tradeshows all thanks to COVID-19. Sorry to bring that nightmare up again, but it seems that little pandemic is in the rear-view mirror, and it’s time to meet again. Read Now

    • ISC West
  • Cyber Hygiene: What it Looks Like for IoT Devices

    Cyber Hygiene: What it Looks Like for IoT Devices

    For our second pillar about the Industrial Internet of Things (IIoT) Pillars of Security, we are going to discuss what cyber hygiene looks like for IoT devices. Read Now

  • ISC West Announces 2023 Keynote Series Speaker Lineup

    The International Security Conference (ISC), in collaboration with premier sponsor Security Industry Association (SIA), announced five of this year’s ISC West Keynote Series speakers. ISC West will kick off its annual conference on March 28 (SIA Education@ISC: March 28-30 | Exhibit Hall: March 29-31) at the Venetian Expo in Las Vegas, Nevada. Read Now

    • ISC West
  • Accelerating Security Modernization

    In recent years, the term “digital transformation” has been one of the most frequently used buzzwords across industries. On its most basic level, it refers to the reimagining of how an organization leverages its technology systems to improve business processes. Read Now

Featured Cybersecurity

New Products

  • Pivot3 Surety

    Pivot3 Surety

    Pivot3 has announced Surety, a new intelligent software framework to simplify the management and monitoring of physical security environments. 3

  • LiftMaster Garage Door Opener

    LiftMaster Garage Door Opener

    LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3