Enforcing Zero Trust in a Hybrid Work Environment

Enforcing Zero Trust in a Hybrid Work Environment

The effects of the pandemic have rippled across the business world like a meteor hitting a pond, creating a new plethora of challenges that incorporated into MBA curriculum for years to come. One of the many unforeseen challenges that has emerged for large organizations implementing return to work initiatives is the emergence (and widespread acceptance) of the hybrid workforce model.

As a new “perk” cherished by most employees and despised by most employers, it appears that the hybrid workforce model is here to stay, despite efforts by some organizations to end this practice. The reality is that most organizations will continue to maintain some semblance of a hybrid workforce model for the near future to help attract and retain top tier talent.

Hybrid Work Highlights the Need for Zero Trust
Hybrid work is just one example of how the security landscape has changed in recent years in ways that demand new security and assurance solutions. Other examples include the sharp increase in international commercial competition – particularly with the use of state-sponsored organizations to support that competition, the rise of Hacking as a Service and Ransomware as a Service, and new applications of AI to support Social Engineering and even fake interviews, to name a few.

All of these changes present significant challenges for organizations relative to physical and logical security, workforce management, facility planning and management, and of course, health safety. Consider the challenges from hybrid work arrangements alone – which can result in employees, contracted workers, customers, and visitors frequenting facilities at all hours of the day, and possibly every day of the week. In such circumstances, it becomes significantly more difficult for organizations, and their security teams, to maintain physical control of the workplace. Moreover, without complete physical control, other risks rise exponentially – from safety to cybersecurity.

It is essential for organizations to maintain physical control as just the first vital step to manage overall risks and the operation of business processes. The consensus in the security industry is quickly moving toward the application of a new set of physical security policies built on zero trust.

Implementing Zero Trust for Today’s Workforce
What do physical security policies built on zero trust look like? The simple answer is that no identity, physical or logical access or IP device/endpoint is to be trusted by default. Instead, every entity – no matter if they are inside or outside the organization’s network – must have strong authorization, be authenticated, and be continuously validated before being granted any access to physical or network assets. In zero trust environments, having access in the past is not enough to warrant access now.

Creating a zero-trust hybrid workforce model enables organizations to protect the integrity, security and safety of an organization. By combining data, this is accomplished from relevant systems such as HR, facilities and workforce planning software into a Physical Identity and Access Management (PIAM) platform. Based on policies you set in the PIAM platform, it will in turn set and revoke access for employees, contractors and visitors on an as needed basis.

Here is an example of how an implementation would work: In the past, an access card might be all that was needed to enter a facility through an employee entrance. In a zero trust environment, the access system would be integrated with other relevant systems to confirm, for example, that the person requesting access was in fact that person, was still employed, had the authority to enter at that time and place, had the required training or certifications to enter, and possibly was confirmed to be wearing the required PPE.

To confirm those answers, the access control system would require confirmation from, perhaps, the HR staffing system, training records, management approvals, and biometric confirmation systems. Such integrations are not only possible today, but are quickly becoming much more common.

Taking Zero Trust to the Next Level
For higher-security environments or locations with a greater proportion of workers that may not know each other well, it is now possible to go one big step further. In these situations, teams can complement the zero trust PIAM platform with the addition of security wearables to automate the validation of security permissions and safety requirements for everyone present.

Security wearables are a new, powerful idea that are really getting traction. Leading providers offer compact badge holders that are equipped with wireless communication capabilities as well as LED-powered status displays. Because these devices can link to local wireless access points, they not only know the identity of the badge, but they also know where in the facility the person is presently located.

This combination lets the device display an easy-to-see “green” validation status that the person represented by that badge is authorized to be in that area at that time, and has the required safety and/or regulatory certifications. If the person goes into an area where any one of those factors is not sufficient, then the visible validation status changes to ‘red’ and it is easy for anyone present to know that there is an issue. This is especially valuable when hybrid workforce arrangements make it harder for workers to know who should be on site, and who should not.

Zero Trust: The Right Approach
In today’s hybrid-workforce environment, organizations can greatly improve their safety, security, and regulatory postures by implementing zero trust solutions. Integrating zero-trust systems with leading security wearables is becoming the newest best practice to manage the emerging physical security challenges of hybrid workforces.

Featured

  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3