The threat posed by malware or spyware has been on the rise consistently. A recent study by a multinational professional services firm on cyber-crimes found that there has been a 67% increase in the number of cyber-attacks between 2015 and 2019 and a total value of USD 2.5 trillion is at risk due to cyber security issues over the next 5 years. Another study conducted by Ponemon Institute states that insider related data breaches alone, cost a company USD 8.76 million per year. The existing lockdown situation has made things easier for malicious forces to carry out powerful cyber-attacks through malware and ransomware on enterprise networks accessed through un-managed devices by a large number of employees working remotely.
Existing security models
The recent ransomware attack on Cognizant is one unfortunate high-profile illustration of the absence of secure remote access. The negative impacts on an organization because of one such attack takes many forms like loss of data and revenue, legal issues, loss of reputation and goodwill among employees, clients, and shareholders. Often, the consequences reveal themselves slowly over a long period of time.
Unfortunately, most enterprises, even large MNCs, seem content with L4/L3 VPN for enabling remote access, which are not secure enough to keep all cyber threats at bay (since they expose the corporate network beyond the firewalls).
The problem is that most of the solutions that are available today are not complete end-to-end solutions, and thus, unable to prevent attacks that originate at remote endpoint devices and enter corporate networks through insecure connections. Most of those solutions provide VPN or Virtualization or MFA alone, leaving companies in want of more. Sometimes organizations seek solutions from multiple vendors to meet their requirements. But such complex and confusing combination of solutions do not always solve the problems faced by the enterprises.
Requirements from a security solution
Making a network secure, should not essentially result in hindrance of operations by rendering the resources inaccessible or improper functioning of critical systems. The security must exist with such grace that it does not even get noticed and must be flexible and fluid enough to go hand-in-hand when integrated with the existing business processes – much like a fish breathing water. Except in certain situations and processes like enrolment, authentication, and identification of users and endpoints, every other process involved in providing a secure remote access to corporate resources must happen behind the screens and the user should not even be aware that he is being taken care of by the guardian angel – security solution.
Zero-trust model to mitigate all security issues
The need of the hour is a single product that provides an L7-based VPN, Virtualization, Identity and Access Management, Data Loss Prevention, and Multi-Factor Authentication. In other terms, a product based on Zero-Trust Architecture is what is needed. Such a product which approaches the problem in hand, in totality and serves as a holistic solution is what enterprises need to mitigate the risks posed by evolving security threats.