Cybersecurity: Remote work needs a Zero Trust bulwark


With regularisation of remote work, rapid digitisation and the diminishing effect of corporate firewalls, identity has become the new perimeter. Balancing security and flexibility at workplaces hinges on the convergent inclusivity of people and data. And cybersecurity has become an imperative in the journey of adapting to a hybrid work culture.

“Enterprises must bolster their cybersecurity postures and embrace zero trust architecture on a priority basis to thrive in today’s digital world,” said Vishal Salvi, chief information security officer & head of cyber security practice – Infosys.

Adopting a cloud-first strategy or zero trust paradigm helps enterprises follow a holistic cyber resilience approach to improve the scalability and simplicity of business contingency operations while enabling secure collaborations across digital functions. Enterprises can follow some key practices to safeguard their businesses in the era of hybrid working:

Secure by design: CXOs must work with business and technology leaders to design security into systems, processes, and people from the start. “Infosys has adopted the Security by Design (SbD) principle that has a security-first approach across all lifecycle stages of business imperatives. This helps us establish a secure and flexible workplace while mitigating cybersecurity risks,” added Vishal.

Adoption of Zero Trust as a core security construct: Most organisations are on an ambitious quest to drive digital transformation through cloud and SaaS models. This architecture allows for policy-driven privileges with automated protection and visibility to enable a frictionless digital experience for users.Managing third party risks: Security by design must extend beyond the gates of the enterprise and must include privacy policies. It is critical to ensure that all third parties are adequately secured.

Holistic identification of attack vectors: There is an increasing need to institutionalise cyber and security best practices to prevent evolving cyberattacks.Cyber awareness: This is a key line of defence against threats. Enterprises must spread awareness about cybersecurity best practices and the need to maintain cyber hygiene among their employees.

Integrated view of cybersecurity: Integration of tools, controls and telemetry across enterprise functions will enable enterprises to apply and enforce policies with consistency, delivering a more robust enterprise security framework.

Establish identity-based trust: Enterprises must have a well-defined process for identification wherein the user asserts information about their identity while creating an account, which is then verified and authenticated.

Risk based authentication: Incoming authentication requests must be evaluated for risk based on composite event data, determined from the context.Unified policy enforcement: Remote working requires convergence of identity, device and network data, which can allow security managers to apply uniform access policies for users.

Automation in threat intelligence and response: It is essential to correlate event data from across multiple functions and prioritise responses. Security solutions like extended detection and response (XDR) help provide holistic visibility across events and leverage automation.