Why Ending WFH Might Make Security Worse

As COVID-19 vaccine rollouts pick up steam, it’s time to start thinking about the day after, and how a possible mass return of employees to their offices might affect corporate network security.

At first glance, it would seem that the end of ‘Work From Home’ would strengthen the security posture of most organizations. After all, employees would be returning to the safety and comfort of the corporate network perimeter.

But is working within the perimeter really more secure? Has it ever been? Unfortunately, we are finding that hackers consistently find ways to bypass perimeter security controls and breach the network. The recent SolarWinds supply chain attack demonstrated that threat actors were able to compromise more than 10,000 networks, without ever having to breach a firewall. Be it supply-chain attacks, zero-days in Internet-connected devices, or plain old brute-force attacks, there are many ways to gain access to the network and penetrate the perimeter.

Furthermore, the return of WFH devices to corporate offices can introduce a significant risk, since they have been exposed to multiple threat vectors. Such devices may have been used by family members for unsafe activities, or used over unprotected networks. Since in many organizations internal network traffic is not inspected, some of these devices may well have been exposed to malware. Such malware may be waiting for the device to connect to a high-value corporate network and exploit stolen credentials to move laterally across the network and access sensitive infrastructure and data.

Why Enforcing Zero Trust Only on Cloud Apps Falls Short

Many security-conscious organizations have adopted a Zero Trust approach to protect their cloud applications from unauthorized access. With this approach, any device, including a device used for working from home, is considered untrusted, and requires verification before allowing it to access sensitive corporate resources. But all too often, a Zero Trust approach is only enforced on cloud applications. This leaves on-premise systems, administrative interfaces, infrastructure, IoT devices and endpoints exposed to access from compromised devices within the network.

Limited Adoption of Zero Trust Security

While organizations understand the value of a Zero Trust security model and agree that it’s a necessary part of their cybersecurity strategy, we still don’t see widespread adoption. Implementing micro-segmentation with proxies, or adding protections that require software agents, is a very difficult task in today’s diverse networks. Many organizations resort to implementing the model on a small subset of the organization’s applications, rather than adopting a full network-wide Zero Trust security model.

Best Practices for a Safe Return to the Office

Here are several security best practices to consider as employees start heading back to their workplaces:

• Monitor access from all devices, especially those used for WFH and over unsecured environments
• Use identity-based segmentation policies to prevent unauthorized usage of administrative interfaces of sensitive systems
• Enforce risk-based authentication for all access requests to both on-premises and cloud resources
• Implement and enforce network-wide identity-based Zero Trust policies

With the right architecture and tools, it’s possible to implement Zero Trust policies across both on-premise and cloud infrastructures. Focusing on identity as a control plane is a good place to start. With hybrid WFH and in-the-office policies likely to remain in force for the foreseeable future, “never trust, always verify” has never been more important. To learn how Silverfort can help you reach these goals, feel free to reach out.

The above is excerpted from the RSA Conference library. To read the full article, click here.