Insider threats have always been a challenge for corporate cybersecurity. Most organizations’ cybersecurity deployments have been designed to identify and address external threats, leaving them largely blind to potential attacks performed or enabled by trusted employees.
With the growth of remote work in the wake of COVID-19, the insider threat landscape has only grown more complex. Many of the assumptions upon which organizations base their cybersecurity programs have broken down, and employees are placed in a position where it is much easier to attack the organization or take a negligent action that places the company at risk.
Managing the risk of insider threat requires a zero-trust security strategy and solutions capable of enforcing it for a remote workforce. Understanding what is SASE and how it can transform an organization’s corporate WAN is essential to implementing such a solution both effectively and scalably.
Remote Work Exacerbates the Insider Threat
While insider threats have existed for a long time, the move to remote work has made them much more of a concern than when employees were all located on-site. Telework presents a number of challenges for an organization’s cybersecurity and insider threat prevention strategies.
- Insider Threats are on the Outside
With the transition to telework, many of the assumptions that traditional cybersecurity strategies are based upon have broken down. A perimeter-based security model is based on the assumption that the majority of an organization’s trusted employees and sensitive data and functionality will be inside the corporate network, while all threats to the organization will be on the outside.
With the shift to a remote workforce – and the growth of cloud computing – these beliefs are no longer true. Employees are outside the organization’s network yet need the ability to access sensitive data and functionality located inside it.
In many cases, organizations have been unprepared to provide this remote access in a way that minimizes the insider threat. The use of virtual private networks (VPNs) provides an employee with secure access to the corporate network but doesn’t limit access within it. A malicious or negligent employee could access and compromise any and all of an organization’s sensitive data.
- Endpoints are Untrusted and Unsecured
Many organizations have strong policies governing the security of their servers, employee workstations, and other endpoints. These endpoints should be kept up-to-date, are running the corporate antivirus, etc.
With the shift to telework, many employees are now working from personal devices to which these policies and cybersecurity protections do not apply. This increases the probability that an employee’s computer will be compromised and used by an attacker as a stepping stone to access and attack the corporate network.
- Network Monitoring is More Complex
Traditionally, most or all of an organization’s network traffic passed through the perimeter of the corporate LAN. Either the source or destination of the traffic was inside the corporate network, making it easy to maintain visibility and security for all of an organization’s business traffic with a perimeter-based security deployment.
With remote work, this is not always the case. Remote workers may wish to connect to cloud-based resources, placing both the source and destination of the traffic outside of the corporate network perimeter. Unless the organization explicitly routes all traffic through the corporate network for security inspection and policy enforcement, the company maintains only partial visibility into its network traffic.
This exacerbates the insider threat by making it easier to carry out a data breach without detection. If cloud-based resources are accessible directly over the public Internet, an organization may not be aware that they have been breached until stolen data shows up for sale on the Dark Web or as part of a competitor’s service offering.
- Improving Productivity Can Compromise Security
Many organizations have struggled to scale their existing infrastructure to meet the needs of a mostly or wholly remote workforce. Traditional VPN infrastructure designed to support less than a third of the organization’s employees does not scale well to support constant use by over 90% of the organization’s workforce.
Companies and their employees have adopted different solutions to address these issues and improve worker productivity. These include the use of split-tunnel VPNs (which route some of an employee’s traffic directly to its destination) and making a local copy of data that an employee uses regularly to eliminate the need to request it regularly from the organization’s servers.
However, both of these approaches to increasing employee efficiency do so at the cost of degrading enterprise cybersecurity and increasing the risk of insider threats. Split-tunnel VPNs, while improving network performance, remove an organization’s ability to inspect and secure traffic routed directly to the cloud (making data breaches easier to perform and harder to detect). Local copies of sensitive data may make an employee more efficient but are easier for an attacker to compromise or an employee to misuse or steal without detection.
Enforcing Zero Trust with SASE
Zero trust security is commonly hailed as the solution to the insider threat problem. Instead of providing an employee with full access to an organization’s network and the resources that it contains, zero trust states that an employee should only be able to access the resources required to perform their job role.
Enforcing zero trust is more complicated than it sounds, especially with a remote workforce and infrastructure scattered over on-premises and cloud environments. This is why secure access service edge (SASE) is the logical choice for the evolution of the corporate WAN.
SASE takes a secure SD-WAN solution – incorporating optimized network routing and an integrated security stack – and deploys it as a virtual appliance within the cloud. Part of this integrated security stack is zero trust network access (ZTNA) functionality, which limits an employees’ access to corporate resources based upon predefined and centrally-managed security policies. Since all traffic flows through at least one SASE appliance between its source and destination, this makes SASE the perfect solution to implementing zero trust and mitigating the insider threat for the modern, remote organization.