Zero Trust: Best Practices for Preventing Misunderstandings and Mistakes
Zero Trust can be perplexing when it devolves into just another marketing buzzword. Let’s clarify what it really means.
The way we work has changed.
No longer tied to our desks, our laptops, tablets and smartphones let us do our job from wherever we want – at the office, at home or even while on-the-move. We can also freely chat and collaborate with colleagues, customers or suppliers one-to-one or in groups using an array of cloud-based productivity apps.
As the business world increasingly turns to cloud technologies, mobile security exploits and scams become more frequent and inventive. Malware detection and software patching techniques simply cannot keep pace. When it comes to mobile, the conventional security model is broken.
If mobile defense is not already a central pillar of your company’s overall security strategy, then now is the time to act.
Adopting mobile VPN is a simple first step towards keeping sensitive proprietary data safe.
Security of mobile devices is one of the trickiest things for corporate IT departments to manage effectively.
A Tech Pro Research survey of enterprise IT executives reveals how mobile technology is a top cause for concern. Among the respondents, 45% regarded mobile devices as the weakest link in company defenses. They expressed fears over employee data (37%), wireless network access (34%) and BYOD (29%).
A Washington-based policy research group in conjunction with security company McAfee recently published a study of employees that shows such fears are justifiable. Many in the report admitted risky habits like using the same password for different work applications (23%), writing down passwords (17%), working while connected to public Wi-Fi (16%) and accessing social media at work (15%).
Such casual disregard for basic security practice is just what hackers hope to exploit in the mobile world. A good example is the recent WhatsApp Gold scam where popular mobile apps were targeted with malware.
Many employers actively encourage BYOD (Bring Your Own Device) as a staff policy. It’s a low-cost and convenient way to boost productivity.
But there’s a trade-off.
Workers love their apps. Many of the most popular apps can access the phone’s camera, track its location or share data and contacts. In addition, as people frequently use the same password for multiple accounts, companies quickly find themselves exposed to risks that are entirely outside their control.
In a recent study, cybersecurity firm Imperva asked a banking client to guess how many apps its staff were using. They thought it was between 75 and 100 in total. In fact, the true figure proved to be closer to 800.
The lesson is stark. Enterprises must provide users with the tools to make their job easier. If not, users will think nothing of downloading one or more apps that promise to do just that. Users select most apps on the basis of convenience and functionality. Little thought is given to security.
To prevent mobile productivity gains from being offset by new security gaps and the prospect of data loss, it is imperative IT departments strike the right balance between improvements in user experience and control over mobile data security.
Over the years, companies have deployed a variety of technologies that allow authorized users to have remote access to corporate applications and data. This typically involves support for a mix of secure virtual private networks (VPNs) that allow data to be transmitted privately over the public Internet as well as on-premise guest Wi-Fi access points.
The task now is to deliver an equally strong mobile security strategy.
Failure to adequately secure mobile data has led to a data breach according to 70 percent of respondents in a recent Ponemon Institute study. Sixty-seven percent also claimed they were sure or fairly sure a data breach was the result of employees using their mobile devices to access confidential company information.
That’s why there is no substitute for mobile VPN.
Mobile VPNs keep data secure by transferring information via a secure IP address. Employee mobile data stays private regardless of their location, even if they are connecting via an unsecured public access point such as at an airport or coffee shop.
In summary, the world of mobile technology and cloud-based apps moves so fast traditional patch and update security methods are broken.
It is a combination that, while providing enormous productivity benefits, takes security away from the control of IT professionals and places it in the hands of ordinary individuals.
In doing so, the number of threat vectors greatly increases.
A mobile VPN has many benefits but most importantly, it secures a device’s internet connection to keep data safe, even when connecting to unsecured networks outside the organization regardless of whether Wi-Fi is accessed via private or public access points.