After embarking on a second unforeseen year of mass remote work, everyone is now accessing corporate resources through the cloud. To help enable this, organizations are introducing new technologies into their standard workflows. The COVID-19 pandemic presented a new realm of unmarked territory as businesses quickly, and almost haphazardly, shifted all employees offsite. Corporate networks were unprepared to handle this new caliber of remote access, and significant security gaps were created along the way. But, organizational and individual data access to corporate and personal information began to evolve long before the pandemic.
We want access to anything, from anywhere, on any device. To securely enable that desire, security teams already needed visibility into every device that accessed their corporate infrastructure and data. However, the pandemic catapulted this need to the top of every business leader’s mind, and the ability to block unhealthy devices that put an organization’s security at risk has never been more necessary. Now, with operations shifting almost entirely to the cloud for many, mobile workers have access to much more than just email. This access, however, comes with significant risks.
Zero trust, which is rooted in the idea that no device is secure until proven otherwise, has become a widely accepted technical framework as businesses strive to monitor and maintain networks’ health with widely distributed endpoints. This philosophy should be applied to any device that interacts with your network, the most precarious of which are our mobile phones and tablets. With work increasingly being conducted outside the reach of legacy perimeter systems, there is no effective way to determine who or what device you can trust.
To implement an effective zero-trust strategy, organizations must first accept three key factors:
- Your network is now in every home office
- Legacy and traditional security technologies do not apply.
- Mobile devices cannot be trusted.
Zero Trust and Personal Devices
Bring your own device (BYOD) is another factor of remote work triggered long before COVID-19 uprooted the global workforce. In fact, Gartner predicted in 2018 that at least “80 percent of worker tasks” would shift to mobile devices by 2020. As this shift took place, mobile users and the organizations that support them must become acutely aware of the added risks posed by reliance on their smartphones and tablets.
The mobile device that an employee uses to access their corporate data in platforms such as Google Workspace or Office 365 might be used later to browse social media or download a new app for personal use. These actions present new opportunities for the employee to be phished or introduce malware into their network. Many consumer-focused applications can be easily compromised, leaving the user’s data, and the corporate data they access from that same device, exposed. A robust approach to combating this risk is to deploy a zero-trust security model.
Zero Trust and Cloud Security
At this point, most organizations are embracing the benefits of cloud services to better enable the workforce and modernize their infrastructure. In doing so, they’re also enabling access to sensitive data from any device regardless of whether they manage it or not. This paradigm shift means legacy security strategies that rely on securing the four walls of the office are aging out, and security and mobility teams need to modernize their security strategy to include mobile zero trust if they want to keep up.
Embracing Zero Trust
Mobile devices are the cornerstone of what makes remote work so practical. They also present a new challenge to security teams that haven’t modernized their security strategy to include mobile devices. Since traditional perimeter security is outdated, security teams must move their critical functions to the mobile endpoint and secure data from wherever it is accessed. Zero trust strengthens and modernizes endpoint security by ensuring any device with access to corporate information is routinely evaluated for risk before being trusted. Mobile needs to be part of that.
Hank Schless, is senior security solutions manager at Lookout.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.