In this first of a two-part blog, Thorsten Kurpjuhn, Security Market Development Manager Europe at Zyxel, explains why, with more people now working from home and remotely, it is important to be sure you know that you know exactly who is logging onto your network from the outside.
Would you let a stranger into your home? Of course, you would not do this, unless perhaps they were from a government agency, the police, or a utilities company. Even then, you would want to see proper identification before you allowed them over the threshold.
Similarly, you would not let just anyone join your internal business network. You’d want to make sure you know who they are and that they have a valid reason for accessing applications and data and making use of resources.
In both cases, it’s a matter of trust. If you know someone or they have an official position, you will feel confident about letting them inside. If you don’t know them and can’t be sure who they are – and therefore what their intentions might be – you won’t risk letting them through the door.
When everyone worked in the office and connected through either a wired Ethernet cable or an internal wireless network, it was easier to monitor and control who was joining the network. You could be fairly sure that there would not be any unwanted visitors logging on.
Anyone with criminal or malicious intentions would first have to gain entrance to the building – or at least be within range of the WiFi. They would then need either to make use of someone’s workstation, or hack into the in-house wireless network, which – if the security is properly set-up – should not be easy. Even then, they would need to be close enough to the hub or access point to connect without being suspected of subterfuge.
But the network today goes far beyond the physical limits of the office. It is highly probable that in the future, at least half of the people on the network will be connected remotely, either from home, or from a remote location or while they are on the move.
This makes authentication much harder. There are no physical barriers to overcome and the remote user just needs to be online and know how to log-on. As far as the network administrator is concerned, they could be anyone.
Then there is the problem of not knowing whether or not the device that is being used to log-on is properly safeguarded and secured. This is important since, even though you may trust and are able to authenticate the individual user of that device, you don’t know if the device itself is sufficiently protected. That it has anti-virus and an active firewall installed, for example.
This is all about assessing the degree to which you can trust someone who is attempting to accessing your network. It is just like inviting someone into your home. First of all, you either have to know them, or be able to authenticate that they are who they say they are beyond any serious doubt. It’s only then that will you open the door and let them in.
Whereas you might have 100 percent trust in your family and friends, neighbours and official representatives of public agencies or services organisations, if a complete stranger turns up at your door one day, your level of trust in them will be zero.
But if there is someone on your doorstep, you can at least see them. If a remote user is trying to access your network, you can’t. They could be anyone and even if they are genuine, they could be inadvertently leaving a back door open that would allow those with less worth intentions to infiltrate the network.
It is this dilemma that we are talking about when we use the term “zero trust”. It’s the idea that you must start from the position that whoever is trying to log onto your network is a complete stranger. And before you let them in you need to do everything possible to make sure that they have good intentions and genuine reason to be there.
In the next blog, I will explain how Zyxel is addressing the zero trust challenge with the latest release of our firmware for the USG Flex series of security appliances.