{"id":96906,"date":"2021-10-27T09:00:46","date_gmt":"2021-10-27T16:00:46","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=96906"},"modified":"2024-09-12T13:50:12","modified_gmt":"2024-09-12T20:50:12","slug":"new-insights-on-cybersecurity-in-the-age-of-hybrid-work","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/10\/27\/new-insights-on-cybersecurity-in-the-age-of-hybrid-work\/","title":{"rendered":"New insights on cybersecurity in the age of hybrid work"},"content":{"rendered":"

As we approach the last week of Cybersecurity Awareness Month<\/a>, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the move toward a hybrid workplace, with 31 percent of those surveyed already fully adopted. As the public and private sectors continue to enable hybrid work, the attack surface for cyber threats has expanded, and threat actors have been quick to exploit any vulnerabilities. In response, organizations have enforced various security controls to revamp their security postures. For example, the number of Microsoft Azure Active Directory (Azure AD) Conditional Access policies<\/a> deployed has more than doubled over the last year.<\/p>\n

\"Timeline<\/p>\n

Figure 1: Rate of onsite versus remote work at Microsoft (Jan 2020 to Aug 2021).<\/em><\/p>\n

Organizations that don\u2019t maintain basic security hygiene practices in the new workplace\u2014applying updates, turning on multifactor authentication<\/a> (MFA)\u2014are placing their data, reputation, and employees\u2019 privacy at much greater risk. On October 7, 2021, we published the 2021 Microsoft Digital Defense Report<\/a> (MDDR) with input from thousands of security experts spanning 77 countries. In the report, we examine the current state of hybrid work and recent trends in cybercrime. You\u2019ll also get actionable insights for strengthening defenses across your entire organization.<\/p>\n

Hybrid work requires a Zero Trust strategy<\/h2>\n

Along with basic security hygiene, adopting a Zero Trust<\/a> security strategy protects your digital estate by applying a \u201cnever trust, always verify\u201d approach. The prevalence of cloud-based services, IoT, and the use of personal devices (also known as bring your own device or BYOD) in hybrid work environments has changed the landscape for today\u2019s enterprise. Unfortunately, security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to resources won\u2019t cut it for a workforce that operates beyond traditional network boundaries.<\/p>\n

There is no one-size-fits-all approach to Zero Trust implementation<\/a>, and that\u2019s a good thing. It means you\u2019re free to start anywhere. Organizations of all sizes begin in different areas, based on their immediate needs and available resources. Most organizations approach Zero Trust as an end-to-end strategy that can be completed over time.<\/p>\n

\"Graph<\/p>\n

Figure 2: Zero Trust implementation areas (from the Microsoft Security Zero Trust Adoption Report<\/a>).<\/em><\/p>\n

6 pillars for securing your hybrid workforce<\/h2>\n

Zero Trust controls and technologies are deployed across six technology pillars. Each pillar in a control plane is interconnected by automated enforcement of security policy, correlation of signal and security automation, and orchestration:<\/p>\n

1. Identities<\/h3>\n

Identities can represent people, services, or IoT devices. As companies adapt for a hybrid workforce, we\u2019ve seen more than a 220 percent increase in strong authentication usage (like MFA) in the last 18 months. Still, in Azure AD<\/a> for the calendar year to date, we\u2019re observing 61 million password attacks daily. Strong authentication can protect against 99.9 percent of identity attacks, but even better is passwordless authentication<\/a>, which can provide the most usable and secure authentication experience. Legacy protocols<\/a>, such as IMAP, SMTP, POP, and MAPI, are another major source of compromise. These older protocols do not support MFA; for that reason, 99 percent of password spray and 97 percent of credential-stuffing attacks exploit legacy authentication.<\/p>\n

2. Endpoints<\/h3>\n

Once an identity has been granted access, data can flow to different endpoints<\/a>\u2014from IoT devices to smartphones, BYOD to partner-managed devices, on-premises workloads to cloud-hosted servers\u2014creating a massive attack surface. With the Zero Trust model, enterprises can reduce provisioning costs and avoid additional hardware purchases for work-from-home use. For example, an administrator can grant access only to verified and compliant devices while blocking access from a personal device that\u2019s been rooted or jailbroken (modified to remove manufacturer or operator restrictions) to ensure that enterprise applications aren\u2019t exposed to known vulnerabilities.<\/p>\n

3. Applications<\/h3>\n

Modernized applications and services require users to be authenticated prior to having access. However, thousands of applications and services still remain heavily reliant on network firewalls and VPNs to restrict access. These traditional architectures built for legacy applications were designed for lateral connectivity (CorpNet) rather than micro-segmentation. They violate the fundamental Zero Trust principle of \u201cleast-privilege access\u201d and are more vulnerable to lateral movement across the network by an adversary. To modernize your applications, deploy one of these three solutions:<\/p>\n