As the global crisis around COVID-19 continues, security teams have been forced to adapt to a rapidly evolving security landscape. Schools, businesses, and healthcare organizations are all getting work done from home on a variety of devices and locations, extending the potential security attack surface.
While we continue to help our customers enable secure access to apps in this “new normal,” we’re also thinking about the road ahead and how there are still many organizations that will need to adapt their security model to support work life. This is especially important given that bad actors are using network access solutions like VPN as a trojan horse to deploy ransomware and the number of COVID-19-themed attacks has increased and evolved.
Microsoft and Zscaler have partnered to provide a glimpse into how security will change in a post-COVID-19 world.
“We’ve seen two years’ worth of digital transformation in two months.” – Satya Nadella
With the bulk of end users now working remotely, organizations were forced to consider alternate ways of achieving modern security controls. Legacy network architectures route all remote traffic through a central corporate datacenter are suddenly under enormous strain due to massive demand for remote work and rigid appliance capacity limitations. This creates latency for users, impacts productivity, and requires additional appliances that can take thirty, sixty, or even ninety days just to be shipped out.
To avoid these challenges many organizations were able to enable work from home by transitioning their existing network infrastructure and capabilities with a zero trust security framework instead.
The zero trust framework empowers organizations to limit access to specific apps and resources only to the users authorized to access them. The integrations between Microsoft Azure Active Directory and Zscaler Private Access embody this framework.
For the companies that already had a proof-of-concept underway for their zero trust journey, COVID-19 served as an accelerator, moving up the timelines for adoption. The ability to separate application access from network access, and secure application access based on identity and user context, such as date/time, geolocation, and device posture, was critical for IT’s ability to enable remote work. Cloud-delivered technologies such as Azure Active Directory (Azure AD) and Zscaler Private Access (ZPA) have helped ensure fast deployment, scalability, and seamless experiences for remote users.
Both Microsoft and Zscaler anticipate that if organizations are not already moving toward a zero trust model, they will accelerate this transition and start to adopt one.
While some organizations have had to support remote workers in the past, many are now forced to make the shift from a technical and cultural standpoint. As social distancing restrictions start to loosen, instead of remote everything we’ll begin to see organizations adopt more flexible work arrangements for their employees. Regardless of where employees are, they’ll need to be able to securely access any application, including the mission-critical “crown jewel” apps that may still be using legacy authentication protocols like HTTP or LDAP and reside on-premises. To simplify the management of protecting access to apps from a now flexible working style, there should be a single policy per user that can be used to provide access to an application, whether the user is remote or at the headquarters.
Zscaler Private Access and Azure AD help organizations enable single sign-on and enforce conditional access policies to ensure authorized users can securely access the apps they specifically need. This includes their mission-critical applications that run on-premises and may have SOC-2 and ISO27001 compliance needs.
Today, the combination of ZPA and Azure AD is already helping organizations adopt flexible work arrangements to ensure seamless and secure access to their applications.
With remote and flexible work arrangements becoming a norm, organizations will need to consider how to best onboard or offboard a distributed workforce and ensure the right access can be granted when employees join, change or leave roles. To minimize disruption, organizations will need to enable and secure Bring Your Own Devices (BYOD) or leverage solutions like Windows Autopilot that can help users set up new devices without any IT involvement.
To ensure employees can access applications on day one, automating the provisioning of user accounts to applications will be critical for productivity. The SCIM 2.0 standard, adopted by both Microsoft and Zscaler, can help automate simple actions, such as creating or updating users, adding users to groups, or deprovisioning users into applications. Azure AD user provisioning can help manage end-to-end identity lifecycle and automate, policy-based provisioning and deprovisioning of user accounts for applications. The ZPA + Azure AD SCIM 2.0 configuration guide shows how this works.
Security and IT teams are already under strain with this new environment and adding an impending economic downturn into the equation means they’ll need to do more with less. The responsibility for selecting the right technology falls to the security leaders. Together, Microsoft and Zscaler can help deliver secure access to applications and data on all the devices accessing your network, while empowering employees with simpler, more productive experiences. This is the power of cloud and some of the industry’s deepest level of integrations. We look forward to working with on what your security might look like after COVID-19.
Chris Hines is Director of Product and Solution Marketing at Zscaler and Jimmy Lin is Microsoft Sr. Product Marketing Manager for Microsoft 365