Enforcing Zero Trust in a Hybrid Work Environment

Enforcing Zero Trust in a Hybrid Work Environment

  • By Bart Vansevenant
  • Feb 07, 2023

The effects of the pandemic have rippled across the business world like a meteor hitting a pond, creating a new plethora of challenges that incorporated into MBA curriculum for years to come. One of the many unforeseen challenges that has emerged for large organizations implementing return to work initiatives is the emergence (and widespread acceptance) of the hybrid workforce model.

As a new “perk” cherished by most employees and despised by most employers, it appears that the hybrid workforce model is here to stay, despite efforts by some organizations to end this practice. The reality is that most organizations will continue to maintain some semblance of a hybrid workforce model for the near future to help attract and retain top tier talent.

Hybrid Work Highlights the Need for Zero Trust
Hybrid work is just one example of how the security landscape has changed in recent years in ways that demand new security and assurance solutions. Other examples include the sharp increase in international commercial competition – particularly with the use of state-sponsored organizations to support that competition, the rise of Hacking as a Service and Ransomware as a Service, and new applications of AI to support Social Engineering and even fake interviews, to name a few.

All of these changes present significant challenges for organizations relative to physical and logical security, workforce management, facility planning and management, and of course, health safety. Consider the challenges from hybrid work arrangements alone – which can result in employees, contracted workers, customers, and visitors frequenting facilities at all hours of the day, and possibly every day of the week. In such circumstances, it becomes significantly more difficult for organizations, and their security teams, to maintain physical control of the workplace. Moreover, without complete physical control, other risks rise exponentially – from safety to cybersecurity.

It is essential for organizations to maintain physical control as just the first vital step to manage overall risks and the operation of business processes. The consensus in the security industry is quickly moving toward the application of a new set of physical security policies built on zero trust.

Implementing Zero Trust for Today’s Workforce
What do physical security policies built on zero trust look like? The simple answer is that no identity, physical or logical access or IP device/endpoint is to be trusted by default. Instead, every entity – no matter if they are inside or outside the organization’s network – must have strong authorization, be authenticated, and be continuously validated before being granted any access to physical or network assets. In zero trust environments, having access in the past is not enough to warrant access now.

Creating a zero-trust hybrid workforce model enables organizations to protect the integrity, security and safety of an organization. By combining data, this is accomplished from relevant systems such as HR, facilities and workforce planning software into a Physical Identity and Access Management (PIAM) platform. Based on policies you set in the PIAM platform, it will in turn set and revoke access for employees, contractors and visitors on an as needed basis.

Here is an example of how an implementation would work: In the past, an access card might be all that was needed to enter a facility through an employee entrance. In a zero trust environment, the access system would be integrated with other relevant systems to confirm, for example, that the person requesting access was in fact that person, was still employed, had the authority to enter at that time and place, had the required training or certifications to enter, and possibly was confirmed to be wearing the required PPE.

To confirm those answers, the access control system would require confirmation from, perhaps, the HR staffing system, training records, management approvals, and biometric confirmation systems. Such integrations are not only possible today, but are quickly becoming much more common.

Taking Zero Trust to the Next Level
For higher-security environments or locations with a greater proportion of workers that may not know each other well, it is now possible to go one big step further. In these situations, teams can complement the zero trust PIAM platform with the addition of security wearables to automate the validation of security permissions and safety requirements for everyone present.

Security wearables are a new, powerful idea that are really getting traction. Leading providers offer compact badge holders that are equipped with wireless communication capabilities as well as LED-powered status displays. Because these devices can link to local wireless access points, they not only know the identity of the badge, but they also know where in the facility the person is presently located.

This combination lets the device display an easy-to-see “green” validation status that the person represented by that badge is authorized to be in that area at that time, and has the required safety and/or regulatory certifications. If the person goes into an area where any one of those factors is not sufficient, then the visible validation status changes to ‘red’ and it is easy for anyone present to know that there is an issue. This is especially valuable when hybrid workforce arrangements make it harder for workers to know who should be on site, and who should not.

Zero Trust: The Right Approach
In today’s hybrid-workforce environment, organizations can greatly improve their safety, security, and regulatory postures by implementing zero trust solutions. Integrating zero-trust systems with leading security wearables is becoming the newest best practice to manage the emerging physical security challenges of hybrid workforces.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3