Great news! By the time you reach this third and final stage of your zero-trust network access (ZTNA) journey, the biggest challenges are already behind you. You started by securing high risk users, including third-party vendors and users connecting to critical infrastructure and applications. Then, in step 2, you secured remote users with zero-trust access and began to reduce your reliance on your VPN.
Now, the time has arrived to extend identity-based Zero-Trust Network Access (ZTNA) to all remaining users. It’s your moment to pass out secure access like it’s swag at a security conference.
Even as we move beyond the covid era, many workers prefer a hybrid work arrangement, where they split their time between remote and on-site worksites. Where people work is ultimately decided by their employer, but employee preferences are clear:
32% prefer exclusively remote work
59% prefer a hybrid work arrangement
9% prefer exclusively on-site work
The Problem with On-Prem Access
Many organizations maintain the belief that on-premises users are inherently secure. After all, employees are literally sitting at their desks inside the office; what is the harm in giving them full network access? Unfortunately, in the world of advanced cyberthreats, even traditional office workers are a tempting target for bad actors.
On-premises users are generally only verified once, based on their being connected to the corporate network with their approved device. This validation practice presents the same problem as a remote worker connecting through a VPN: once the user is inside the network, they have broad access that is difficult to control or monitor.
As we discussed in the previous blogs in this series, authentication based purely on network connection provides a wide avenue for bad actors to breach your network. If an employee device with unfettered network access is compromised, the potential for damage is nearly unlimited.
How Cyolo Solves Helps You Secure On-Prem and Hybrid Access
For on-prem users, return-to-office users, and on-prem services or applications, most zero-trust platforms require the access path to route through the cloud and then back to the site (also called tromboning), which adds latency to the workflow. Cyolo removes this latency by sitting on-premise to handle the routing of on-prem requests to give those users the same speed and access as someone who is remotely connected.
Cyolo also empowers organizations to enforce the principle of least privilege for all users, whether they are working remotely, at the office, or in a hybrid fashion. Administrators can easily tailor permissions to include only the necessary applications, and public network access is never granted.
Moreover, Cyolo can retrofit all on-prem and legacy applications without massive costs or disruption to business operations. We create a single point of access and identity validation that extends to legacy tech stacks and architecture, modern cloud environments, and homegrown on-prem applications. This single point of access creates a seamless and agile experience for both internal (remote, hybrid, or on-prem) and external users.
Step 3, the securing of hybrid access through Cyolo, is the culmination of your zero-trust journey. Your organization no longer needs to rely on a legacy VPN to secure the access of employees or vendors and, for the first time, you have supervisory controls to monitor and record the activity of all users.
With internal and external users connecting to the systems they need via identity-based zero-trust access, your organization’s security posture is significantly strengthened. However, there is still no room for complacency when it comes to defending against cyber threats. Even after completing step 3 of your zero-trust implementation initiative, it is crucial to build processes for adding and removing users and applications from your organization as they come and go over time. These processes will ensure your ability to maintain your zero-trust program and keep access for your high risk, remote, and hybrid users secure for the long term.
Samuel is the Director of Product Marketing at Cyolo. Before cybersecurity, he spent 7 years working in the ER and loves to tell stories. He is the husband to one, father to four, lives in Bozeman, MT, and would rather be outside. He holds an M.A. in Strategic Leadership from Life Pacific University.
