Incorporating Zero-Trust Model Approach can Strengthen Endpoint Security

32
Incorporating Zero-Trust Model Approach can Strengthen Endpoint Security

With sophisticated cyber-attacks becoming increasingly commonplace, it’s clear that organizations need to integrate holistic cybersecurity solutions and management tools into their technologies stacks to adapt to hybrid and remote work,” says Nigel Seddon, Vice President of EMEA West, Ivanti, in an exclusive interview ITSecurityWire.


ITSW Bureau: What are the new cyber threats that organizations are likely to face with remote working for their endpoints?

Nigel Seddon: One of the greatest cyber threats that organizations are likely to face when adapting to remote working is securing remote access from both company and private devices. Remote working has caused the lines between personal and professional life to become increasingly blurred, escalating the risk that sensitive information falling into an insecure environment.

A recent Ivanti EMEA CISO survey, looking into how the pandemic has shifted CISO priorities, revealed that 87 percent of CISOs across EMEA said that securing mobile devices is now the focal point of their cybersecurity strategies. This is partly due to the rise in mobile-specific threats. For instance, 52% rise in SMS delivery scams in the UK over the last 12 months, where cyber actors would dupe people into divulging their credentials like usernames and passwords.

Eliminating passwords in favor of multifactor authentication (MFA) is one of the easiest things CISOs can do now to help remote workforces stay productive while minimizing security threats. By requiring biometrics or other factors for authentication, IT can reduce the “phishability” of login credentials.

CISOs now see employee password security as an urgent remote workplace risk. They know that remote working has created a whole new array of cyber security threats concerning endpoint access. Therefore, a comprehensive and “always-on” mobile-security approach that can detect and prevent mobile threats without affecting employee access should be at the top of every CISO’s to-do list.

Also Read: Top 3 Significant Barriers to Monitoring and Minimizing DCS Cybersecurity Risk

ITSW Bureau: What cybersecurity solutions should organizations integrate into their portfolio since remote work is here to stay?

Nigel Seddon: With sophisticated cyber-attacks becoming increasingly commonplace, it’s clear that organizations need to integrate holistic cybersecurity solutions and management tools into their technologies stacks to adapt to hybrid and remote work.

These solutions need to be grounded in zero-trust principles and should be focused on cybersecurity modernization. Zero-trust security is important as it allows businesses to continually verify each asset and data transaction before permitting any access to the network. The zero-trust verification process includes, but is not limited to, strong authentication of users, posture checks for devices, and networks’ micro-segmentation.

Thanks to a zero-trust model, businesses can effectively defend against the leading causes of data breaches, such as stolen credentials, password reuse, and user impersonation.

ITSW Bureau: Given the dynamic nature of today’s organizations’ business operations, do you think data privacy will change?

Nigel Seddon: The adoption “everywhere workplace”   has become an increasingly popular option for businesses. This is largely thanks to the technological developments that enable employees to stay connected and productive anywhere and at any time. It is important to remember that remote working is, for many, no longer an option but a necessity. Because of this new remote working setup, businesses face many new challenges, including the way they protect their data. Data privacy and security must, therefore, be a top priority during the hybrid working era.

It is undeniable that to protect work laptops and devices from misuse or risk of breach, businesses will need greater visibility, control, and governance and some may be tempted to implement software to track how employees use the device. However, this poses problems with the GDPR (General Data Protection Regulation) compliance.

In addition, those employees working remotely may work irregular hours and use the same device for both personal and professional, so it is near enough impossible for IT teams to differentiate between employee’s work and private life. In this instance, it is very difficult to monitor employee devices without violating your employees’ right to privacy.

However, Unified Endpoint Management (UEM) platforms allow employees to retain complete privacy over personal applications and data. UEM separates the digital workplace from personal activities on a device. This is done by containerizing and protecting data and applications through application sandboxing. Device encryption can also be deployed so only authorized users can access crucial data. For instance, when banking staff returns to work, a corporate scanning app allows managers to scan a customer’s ID and passport with a smartphone camera.

ITSW Bureau: What trends do you think will emerge in the endpoint security industry?

Nigel Seddon: The endpoint security industry witnessed a positive increase in demand and market growth. The market is projected to grow from 13.99 billion dollars in 2021 to 24.58 billion dollars in 2028 at a CAGR of 8.3% in the 2021-2028 period. This is because it is seen as cybersecurity’s frontline defense to secure various enterprise networks.

Accounting for this increase in demand for heightened cybersecurity across all industries, the endpoint security market has seen its key players moving towards 3 key trends.

Firstly, the pandemic, the enforced original work from home policy, and the rise of the “everywhere workplace”, have overseen another rise in bring-your-own-device (BYOD) policies. This trend/policy provides greater flexibility to employees and saves employers the cost and hassle of providing staff with additional devices.

Also Read: Why Mergers and Acquisitions Boom Might Be a Data Security Disaster

However, the growing use of remote location servers, smartphones, and connected devices has increased the number of endpoints in business. Ultimately, this increase in remote entry points will increase the chances of attacks and data breaches. As the number of endpoints continues to grow, with the sophistication of attacks, the solutions providers will need to adapt to prevent breaches. Thus, the rising implementation of the BYOD policy is likely to drive the development of endpoint security solutions.

AI-powered tools, such as hyper-automation, are being considered as potential solutions in protection against external threats and data breaches. Hyper automation can be an incredibly useful tool in its ability to improve security, enhance IT performance, reduce response times and human error, and, ultimately, boost productivity.  While standard automation may have already liberated employees from many monotonous tasks, hyper-automation has taken this a step further.  Although AI (Artificial Intelligence) technology will not prevent an attack on its own, it can instantly detect and respond. Therefore, AI is expected to play an essential role in detecting zero-day attacks.

Nigel Seddon serves as Vice President of EMEA West at Ivanti, the automation platform that helps make every IT connection smarter and more secure. Nigel has been with Ivanti for more than 10 years and has held the position of VP of EMEA West since 2016, managing Ivanti’s sales team across UK, Middle East and Africa. Previous to his time at Ivanti, Nigel worked with a variety of Enterprise Hardware and software companies in several managerial and directorial positions bringing over a decade of experience and success to Ivanti. Nigel is highly skilled in Sales, Partner Relationship Management, Go-to-market Strategy, Professional Services and Management.