How To Ensure Hybrid Workplace Network Security

By Graham Walker

More organizations than ever rely on VPNs, especially in the lingering wake of the COVID-19 pandemic. Virtual private networks (VPNs) allow remote employees to become a safe extension of their organization’s network while still granting the same benefits of security and connectivity.

But security experts believe VPNs leave organizations vulnerable to malicious threat actors and cyberattacks; improperly configured VPNs can give users unrestricted access to the corporate network.

To defend against potential vulnerabilities, organizations are adopting alternative remote access methods such as zero-trust network access (ZTNA) to establish hybrid workplace network security. To that end, let’s dive into some of the most effective best practices for hybrid workplace security.

Adopt zero-trust network security models

A zero-trust model is one of the most popular integrated approaches to security, and with good reason. These models separately authenticate access requests and sessions to prevent authentications from moving forward with sessions or users to additional requests. Zero-trust security frameworks impose network-wide device and user authentications, treating access requests identically, whether made inside or outside a network.

Rather than divide devices and users into two camps - typically “outside the perimeter” and “inside the perimeter” - an integrated approach to security, like a zero-trust framework, doesn’t automatically grant access to resources for inside users and devices. Unsurprisingly, the adoption of zero-trust models has been rising since the COVID pandemic began. As of 2021, more than 40% of respondents to a Statista survey said they were beginning to adopt zero-trust strategies.

Cultivate an identity-centric architecture

At the heart of a ZTNA security framework is identity. Zero-trust models grant designated users access to resources depending on identity, meaning strict identity management is essential to securing access to network resources.

Typical remote access security models rely on secure perimeters and force outside users to access corporate networks through an encrypted tunnel (usually a VPN). But conventional VPNs only provide encrypted connectivity; they do not identify the user. Without user authentication, the network doesn’t know who’s connected and can’t control the user’s access to resources.

That’s where an identity-centric architecture comes in: rather than base a user’s access to resources on their ability to log into a VPN, identity-centric architecture bases resource access on—you guessed it—the user’s identity. Fortunately, Unified Threat Management (UTM) Firewalls, such as the ones from Allied Telesis, integrate VPN connectivity with multi-factor authentication (MFA) for strong identity-based access control.

Cultivating an identity-centric architecture that prioritizes a zero-trust approach is more important than ever, especially considering that more than one-third of data breaches result from internal users. The bottom line: An identity-centric architecture can prevent external threat actors from sneaking into networks and moving unnoticed while they compromise sensitive data.

Place a greater focus on endpoint security

Any enterprise cybersecurity program worth its salt includes a strategy for endpoint security. As ZTNA models gain popularity, it’s more important than ever to properly secure a network’s endpoints. In addition, once you’ve adopted an identity-based architecture whose users are authenticating themselves, you’ll need a way to address potentially compromised user devices and systems.

A good place to start is by acknowledging endpoint diversity. From tablets and laptops to smartphones and wearable devices, endpoint diversity is as diverse as ever. Therefore, we recommend using endpoint security solutions that offer data loss prevention, endpoint & email encryption, endpoint detection and response, and privileged user control. The Self-Defending Network offers powerful protection from threats and is an ideal way to automate endpoint protection in large networks.

You’ll then want to implement multi-factor authentication and account for endpoint-based data loss prevention (DLP). MFA can go a long way toward protecting your network’s entry points from unauthorized access, and an endpoint-based DLP can safeguard the growing number of data assets stored on endpoints.

Strengthen your collaboration security

Finally, it’s worth your time to beef up your hybrid workplace’s collaboration security. In response to the pandemic, collaboration applications have become commonplace as organizations accommodate more employees working from home. But as more companies adopt these collaboration tools, the security challenges associated with them become more apparent.

Consider some of the most popular collaboration apps like Slack, Microsoft Teams, and Zoom: it can be tempting to assume that these tools are inherently secure, but that’s not always the case. Security is not built-in into these tools, and an absence of security integration can lead to a fragmented security policy—in other words, a policy that’s not completely zero-trust.

Fragmented policies may have rules that apply to some collaboration apps but not others, which can cause security vulnerabilities. When enacting collaboration security, it is also important to supplement the cybersecurity protections of collaboration apps that are often inherently insufficient. If you’re establishing network security for a hybrid workplace, don’t forget to consider the different collaboration security platforms and tools within your organization. Vista Manager offers a centralized view of your network’s security policy and can ensure that all VPN gateways have the same settings for a consistent security posture across the organization.