Intelligent CISO Issue 43 - Page 27

editor ’ s question

HOW HAVE CISOS HAD TO

RE-EVALUATE THEIR CYBERSECURITY STRATEGIES TO PROTECT HYBRID WORKFORCES ?

? ecent report by Menlo

A

Security , a leader in cloud security , highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain . The new report – which surveyed 500 + IT decision-makers in the US and the UK , including a third at C-level – looks at attitudes to securing remote access to applications and resources and the adoption of Zero Trust solutions . While most respondents ( 83 %) say they are confident in their strategy for controlling access to applications for remote users , three-quarters are re-evaluating theirs in the wake of new ways of working and the growth in cloud application use . While half of employees are currently working remotely or adopting a hybrid approach , around two-fifths ( 42 %) are expected to continue in 12 months ’ time .
According to the findings , three-quarters ( 75 %) of organisations continue to rely on VPNs ( Virtual Private Network ) for controlling remote access to applications , which rises to 81 % for organisations of 10,000 + employees . For around a third ( 36 %) of organisations , a Zero Trust approach also forms part of their remote access strategy .
“ It seems that most businesses are confident in their remote access security yet are still relying on a traditional and inherently insecure way of doing things using VPNs , which give access to everything on a network ,” said Mark Guntrip , Senior Director , Cybersecurity Strategy at Menlo Security . “ With only a third currently using Zero Trust network access , there ’ s a real opportunity to provide users with access to only those applications and resources needed to do their job . When you start to adopt this approach across everything you do then your whole security mindset changes .”
The top reason for implementing a Zero Trust solution is improved security , according to 60 % of respondents , regardless of whether they are using it or not . One-third ( 32 %) point to ease of use , while speed of access and scalability are both more widely recognised among those already adopting a Zero Trust approach . Significantly , 40 % of respondents believe that implementing a Zero Trust solution places less pressure on IT . Despite overall confidence by global IT decision-makers in the robustness of their strategy for controlling application access for remote users , Menlo Security ’ s research also shows that :
• Three-quarters of respondents believe that hybrid and remote workers accessing applications on unmanaged devices poses a significant threat to their organisation ’ s security . Despite this , around a fifth still allow unmanaged devices – laptops , desktops and mobile devices – to connect to corporate applications and resources .
• While the majority ( 79 %) of respondents have a security strategy in place for remote access by third parties and contractors , there are growing concerns about the risks they present , with just over half ( 53 %) planning to reduce or limit third party / contractor access to systems and resources over the next 12 – 18 months .
“ As the Internet becomes the new corporate network , controlling user access to private applications has become more important than ever ,” said Guntrip . “ Organisations need to evolve their thinking from providing connectivity to the entire network , to segmenting access by each individual application . The right Zero Trust approach will ensure seamless access between users and the applications they are authorised to use , while all other applications are invisible , preventing lateral discovery across the network .” www . intelligentciso . com
27