Here’s How to Achieve Zero Trust Endpoint and IoT Security
*This post originally appeared on the Pulse Secure blog prior to the acquisition in December 2020, when Pulse Secure became part of Ivanti.
In less than one year, the world has witnessed the effects of a global pandemic and had to rapidly adapt. Redefined business processes, shifts in mobile workforces, and changes in consumer behaviors have created a new remote world norm. Less than a quarter of employees worked from home in late 2019 but that number surged to over 75% by May of 2020. During this time, the single, most important priority was enabling millions of employees to work from home and continue their job functions without disruption. IT teams were given the task of a decade and had to successfully execute within a matter of just a few weeks.
As businesses moved rapidly to deploy remote work programs, security considerations sometimes took a backseat. Here are few areas that fell to the wayside:
- Unprotected network access
- The use of unmanaged personal devices
- Keeping the same security controls and policies in place before massive shifts to remote work
The New Norm of 2020 and Its Impact on Security
With priorities focused first on preventing the disruption of business productivity, the question has to be raised: Does an organization really know the security posture of every single device that is connected to the corporate network? In a recent 2020 survey conducted by Cybersecurity Insiders, more than 325 IT decision-makers ranging from technical executives to IT security practitioners of organizations of varying sizes provided insights on key issues, considerations, initiatives, and investments regarding how enterprises are advancing Zero Trust endpoint and IoT security capabilities within their individual organization. Here are some of the report findings:
- 42% of organizations are unable to efficiently identify, classify and monitor endpoint and IoT devices
- The increase in remote work has impacted a 72% increase in security issues over the last 12 months
- The most significant negative impact of security issues was a reported loss of user productivity (55%), followed by loss of IT productivity (45%) and system downtime (42%).
- The biggest endpoint and IoT security challenges reported by organizations is the high complexity of deployment and operations (57%)
The data reveals that it’s not surprising then, that organizations believe the top three endpoint and IoT device threats are the following:
- Insecure network access
- Compromised credentials
Preventable Threats Are Not Going Away
Are the top three endpoint and IoT security concerns preventable? Absolutely, but like many issues, security professionals need to assess the root of the problem. Strategies and tools need to be in place in order to detect anomalies on all endpoints but also strategies must be re-assessed and adjusted to align with the influx of all the unmanaged devices coming onto an organization’s network. In addition, all network sessions, whether they’re remote or local, must be authenticated and have authorization applied to them at connection. Compliance policies have to be checked, not only when a user connects, or before a user connects, but also throughout the connection/session.
With the influx of devices coming on and off the network, whether local or remote, there must be visibility and awareness of when, where, and how these devices are connecting. There is a Golden Rule in security and that is that all users should only be given the minimal amount of or least privileged access required for them to do their job function.
How to Handle Unmanaged Devices
Roughly half of organizations have only moderate means to discover, identify, and respond to unknown, unmanaged, or insecure devices that attempt to access or operate within their networks and cloud infrastructures. How can organizations get a better handle on managing these unknown devices?
A network access control solution that provides profiling allows visibility into devices that come on and off the network. The exponential growth of Internet of Things makes this more important than ever because IoT devices may come on board by users and are not necessarily IT managed. Ironically, IoT smart devices are not really at all smart and often times come with a low-end form of security. The pressure is placed onto IT teams to ensure full visibility of all of these devices on the network, what they are, how many exist, and so on.
The good news is that organizations are putting more resources behind their security posture. 53% anticipate investments to increase over the next 12 months. As businesses look to 2021 and prepare their security strategies, vendors like Pulse Secure are here to help improve security posture so organizations can be more resilient against the expanding threat landscape.