Home » Technology » advocacy for network segmentation in home offices Nathan Howe, Zscaler

advocacy for network segmentation in home offices Nathan Howe, Zscaler

During the pandemic, the issue of internet security in home offices took on a new dimension. Before the Covid-19 crisis, the idea of ​​compartmentalizing online activities was deeply rooted in the minds of users. During the occasional few days of teleworking here and there, Internet access was via the secure corporate network, while the home Internet connection was reserved for relaxation and entertainment, such as electronic games, shopping. online or watching movies. But after nearly a year of mass teleworking, teleworkers and businesses alike need to pay even greater attention to secure internet use at home.

The more work and personal life become intertwined in times of confinement, the more important security becomes when teleworkers use the same network to surf the web and perform their professional duties.

A real window on the outside world during the successive phases of social distancing, the Internet is at the heart of professional activities, home schooling, news consumption and relaxation, and the various members of the family s ‘connect to it more than ever. The overall security of the home network must now benefit from a level of identical monitoring to that exercised by parents over their children’s online activities, whether it is their use of social networks, the websites they visit, the games they play or the movies they they are looking.

The weakest link in the chain

The users and human error have always been viewed by cybercriminals as the weakest links in the attack chain. The malware authors have therefore adapted their vectors to take advantage of the various containment measures implemented during the pandemic.

In today’s environment, malware targets the need for information and exploits the neglect of lone teleworkers. A quick click on an attachment or a download on a work computer of an infected game application from the Internet represents an open door on the company network for malware authors. The home network is therefore also of new importance for business security.

In addition to Smart TVs and iPads, home offices are now home to many other Internet-connected devices, all of which are potential vulnerabilities. A single laptop is often used by several family members for various purposes. It is therefore more important than ever to monitor a wide variety of applications, while establishing a clear line between professional and private use of the Internet.

Network segmentation, an essential technique

Responsible use of the internet at home should ideally be accompanied by segmentation, or isolation, of the different needs. For example, if parents have access to sensitive data, such as development environments, financial information, or medical data, that sensitive content should be protected from access by other family members. In addition, each household must consider the relevance of connecting a Smart TV and a business laptop to the Internet via the same network.

To counterbalance the use of the network for both professional and private purposes, top priority should be given to putting in place a few simple security measures in home offices. Fortunately, it is easy to segment the private network according to different business areas and needs.

Most modern wireless routers allow you to create two separate networks separating work and private life on the home network. One of them will be dedicated to Smart TVs and other smart home equipment, children’s iPads or laptops used for home education. In this way, the TV connected to the Internet will not be able to transmit malware to the laptop reserved for work.

It is generally recommended that you turn off Universal Plug and Play to prevent the TV from communicating with the Internet. In addition, it is easy to implement DNS filtering using different tools.. This technique prevents access to malicious websites, blocks unwanted advertisements and prevents the theft of cookies when accessing the Internet.

Ease of use versus safety: an impossible choice

After some time, it became clear that working from home was going to be long-lasting and the urgency was to provide high-performance access to applications in order to guarantee business continuity. On the business side, application owners have pressured the company to give employees access to their critical applications. The first lockdown clearly shed light on which companies are well prepared for digital transformation and which are not..

However, migrating applications to the cloud is only one piece of the puzzle.. The pandemic showed what was happening when the underlying infrastructure dedicated to the network and that dedicated to security were not both ready for the cloud. If the professional activity takes place outside the trust network and the traditional perimeter, a new infrastructure is necessary to guarantee the productivity of the staff. It is out of the question to choose between network speed on one side and security on the other. Prioritizing performance over security is not an acceptable solution. Access must be both secure and efficient.

The Internet is just as vulnerable as the corporate network and can be exploited by malware authors. In professional environments, the ZTNA (Zero Trust Network Access) is a security strategy that allows you to establish a direct connection to individual applications without being completely networked.

After a year of teleworking, it is worth asking again how each employee can make their private environment a little more secure with the help of appropriate routine security measures. This is only part of the equation, however, and businesses have a role to play as well. They need to take a closer look at the means used to connect their employees to the applications they need, and ensure that these are efficient and secure methods.
___________________

By Nathan Howe, Director and EMEA Head of Transformation Strategy at Zscaler

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.