Last year’s shift to work-from-home (WFH) was unplanned and hectic. Organizations scrambled to react to what can only be thought of as ‘the world’s largest controlled experiment in remote access.’ The initial response was predictably tactical – get as many WFH employees up and running as quickly as possible. No surprise that IT security was elevated to an even higher status within the enterprise, particularly as demand for VPNs and multi-factor authentication increased – in many cases sharply – all with an eye on short-term tactical needs rather than long-term strategic objectives.
Early survey data (March 2020) by 451 Research, part of S&P Global Market Intelligence, showed that just over one-third of respondent organizations believed WFH strategies would become long-term or permanent. A subsequent June 2020 survey showed that percentage had climbed to more than two-thirds, with recent 2021 data essentially unchanged. Clearly, WFH is here to stay.
However, approaching the midpoint of 2021, enterprises are now beginning the process of sorting through what a return to the office may look like. Plans will vary for organizations and individuals weighing the pros and cons of the ‘old way’ versus the ‘new normal.’ A mixed model of remote and in-office work is most likely, which complicates matters further for enterprise security.
So, what will this new working world look like, and what will be the implications for security practitioners?
Additional 451 survey data shows that the pandemic and WFH are helping sustain the momentum of cloud migration, and also helping accelerate digital transformation. In another recent study, 57% of organizations said they expected the majority of their workloads to be executed in public cloud environments in the next 2 years (33% in SaaS and 24% in IaaS/PaaS). While the cloud certainly offers many benefits (agility, flexibility, scalability, etc.), it also complicates security requirements since most enterprises continue to also run workloads in on-prem datacenters and in private clouds (on-prem and hosted).
It’s no surprise that this survey data also points to increased readiness to embrace new forward-looking security approaches, particularly emerging zero trust security principles and supporting zero trust network access (ZTNA) offerings. The combination of cloud migration, mobility and WFH – along with lingering concerns about the performance and security of legacy VPNs – have collectively accelerated the obsolescence of a model based on a trusted perimeter and helped pave the way for the emergence of zero trust. Indeed, zero trust is one of the most-planned security projects in the next 24 months, according to 451 Research’s Voice of the Enterprise service (49% either have zero trust pilots underway or plan to deploy within the next 6-24 months). And ZTNA is one of the top three security technologies to be deployed directly due to WFH.
Not all ZTNA offerings are created equal
With a wide variety of architectural options currently available, choosing the right approach will depend to a large extent on your current IT estate, as well as available resources. Most enterprises today operate in a hybrid mode and will likely do so for the foreseeable future.
Some ZTNA offerings can meet the bar at securing remote access and web apps, which is sufficient for smaller and cloud-native organizations. However, for complex, hybrid organizations, full-featured ZTNA products are available to secure all users (remote and in-office) and all workloads (cloud and on-prem) with a unified access and policy model.
I recently discussed the role of ZTNA in the post-pandemic world with Appgate’s chief product officer, Jason Garbis, and invite you to watch the discussion to get more insights and guidance.
_____________________________________________________________________________________
Garrett Bekker is a Senior Research Analyst in the Information Security Channel at 451 Research, a part of S&P Global Market Intelligence. Garrett started his career in security as an equity research analyst at several investment banking firms, where he covered information security, infrastructure software and networking companies. Garrett has focused on a wide variety of subsectors within enterprise security during his career and is now focusing primarily on identity and access management (IAM), cloud security and data security. Garrett is also a member of 451 Research's Center of Excellence for Quantum Technologies.