Security Magazine – by Sam Rehman
With millions of people working from home at present, and likely into the future, the enterprise perimeter has all but dissolved. In the process, organizations are struggling to ensure security in this "zero-trust" and remote era. The concept of zero trust was introduced by Forrester in 2014, demonstrating that forward-thinking organizations shifted to a zero-trust framework well before the pandemic. Now, with vulnerabilities laid bare for nearly every business with a dispersed workforce, operating under the assumption that one’s network is already comprised is imperative. And it's understandable considering the increase in BOTs, fake social media accounts and the impersonation of privilege accounts, not to mention the fact that employee access and connections have become increasingly dynamic.
Today's enterprise touchpoints include a wide range of SaaS and cloud services, all of which provide opportunities for nefarious actors to take advantage of the network. That's why a holistic strategy should include a "never trust, always verify" approach that requires validation of devices, users, apps and networks, as well as a process for detecting and remediates threats—before access is granted.