Zero Trust Security for Remote Work

Written by Zach DeMeyer on December 30, 2020

Share This Article

The state of IT security has changed drastically over the course of 2020. Prior, many IT security approaches were built around the assumption that the vast majority of network traffic comes from within the physical confines of the network. Networks were structured with a firewall at the edge, and then a collection of servers, switches, and Wi-Fi access points made up the rest of the network. Employees would arrive on campus, connect to the corporate network, and authenticate using their employee credentials. 

In response, security measures were designed assuming that the employee presence could be assumed as a part of the checks and balances for authentication. But, what happens if the vast majority of employees do not connect to corporate resources from within the internal network?

Now that remote work is reality for more organizations, it’s now time to rethink how the corporate security looks and how it works. How do you design IT security in a world where you have no control over where employees are? A remote work world means it’s time to redesign your corporate security around a Zero Trust security model.

Zero Trust for Remote Work

If you’re not familiar with Zero Trust as a concept, it’s the idea that IT admins and security personnel must inherently trust nothing, verifying all attempts made to access critical organizational data and resources. Zero Trust does not assume that there are traditional security measures like firewalls at the location of the end user, so alternative arrangements must be made to ensure the right users get access to the right resources in a way that meets IT security requirements. Instead of layering a security policy with location, it assumes that almost all sites are insecure, and with that mindset, information security takes a new approach.

In a remote work scenario, end users could be connecting from a coffee shop, their home, co-working space, or a hotel. Unlike with the corporate network, IT won’t be able to control how or where the connection occurs, so they must rely on technology such as directory credentials and multi-factor authentication, VPNs, and cloud services to ensure security protocols are met. 

Adapting to a Remote Work Future

Remote work isn’t going away. Even after the COVID-19 pandemic recedes, remote work will remain an option for many organizations. Organizations have seen the benefits of remote work for productivity, employee morale, and an expanded hiring pool. As you can see from the Google Search trend below, over the past five years, interest in remote work has been steadily increasing over time. 

The pandemic didn’t create interest in remote work, but it accelerated the trend. Remote work was always going to be the future, but COVID-19 sped that future up by many years.

Employees would instead work from a place that they find comfortable and enjoy the flexibility of the hyper-connectivity we have today instead of being expected to sit in a cube from 8-5 and then be available after hours for Slack messages and emails, etc. The key for IT is to create an environment where the security of resources is everywhere on all devices.

A critical rethinking of a zero trust security model is where the data is stored. As organizations leverage the cloud for file sharing and application resources, ensuring these services have the at least the same security level, if not greater, that the on-premises servers have today is a must. These widely popular cloud and web solutions are a struggle for traditional, legacy solutions such as Active Directory to manage for user access. In fact, it doesn’t stop with modern cloud solutions, but also extends to devices and servers including many non-Windows operating systems such as macOS and Linux. What’s needed is a solution that bridges the gap between end user devices and corporate cloud services that assume no security due to a person’s physical location. 

Using JumpCloud for Remote Zero Trust

JumpCloud’s Directory Platform establishes device trust via device-based agents and certificates tied to specific end users, ensuring that only managed and trusted devices can access corporate resources. IT administrators can also enable network trust across organizations by leveraging granular IP allow/deny lists to ensure that only users on trusted networks can gain access to critical applications containing sensitive data. Through JumpCloud, end user identities are further secured through the requirement of multi-factor authentication (MFA) upon entry to devices and other resources, ensuring that identities have developed trust as well.

Even as we get back to a facsimile of normal after the pandemic ends, a lot of things won’t go back to the way they were before, and remote work is one of them, so IT has to evolve to meet the needs. Is your organization ready to build a network designed for remote work?

JumpCloud offers a no-credit-card, free trial for 10 users and devices, so sign up today to begin your journey to zero trust security for remote work.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter