As a result of the prolonged pandemic, various companies are forcing themselves to digitally transform and implement a more flexible work system. IDC data shows that since the start of the pandemic, cloud usage has increased by 40%. As a result, many security holes arise from the use of cloud services and collaboration technologies such as Microsoft 365, Webex, Zoom, Teams or Slack.
The research institute Gartner through its study estimates that as a result of the increased use of these cloud services, as well as the increasing number of digital platform touch points used, by 2022, 31% of professionals worldwide will work remotely, and by 2024, at least 40 % of access to enterprise networks will be dominated by Zero Trust Network Access (ZTNA), increasing rapidly from 5% at the end of 2020. The presence of ZTNA will shift the existing VPN technology so far.
VPN Just Isn’t Secure Enough
According to the GlobalWebIndex survey in the “Global VPN Usage Report 2020” report, last year Indonesia was the country with the largest number of Virtual Private Networks (VPN) users in the world for both private and corporate users. However, in fact the level of cyber security in Indonesia is still very concerning compared to other countries, judging from the National Cyber Security Index (NCSI), which shows the level of security of a country as a whole, Indonesia is ranked 77th out of 160 countries. In addition, even government institutions and services that in fact have a high standard of security are not spared from cyber attacks as seen in the case of the recent eHAC data leak involving more than 1.3 million user data in Indonesia.
This global concern has also prompted several other countries, for example Singapore, to become the first country to implement a government-level policy to change its national cybersecurity system to use Zero Trust in February 2021.
This proves that even though it is popular as a way of securing technological devices from cyberattacks and hacking, a VPN is not the absolute answer to deter cybercriminals from committing their crimes. Along with the increasing popularity of work-from-home or work-from-anywhere carried out by various companies in Indonesia, VPNs are vulnerable to overload and traffic which ultimately makes their defenses weak and their performance declines. Zero Trust Network Access is one of the technologies that is predicted to complement and strengthen VPN technology, especially for organizations and companies that can no longer rely on VPN for their security due to cyber threats that continue to evolve.
Zero Trust Concept and Implementation
Zero Trust is not a new concept, and has long been a topic of industry discussion. The basic concept of Zero Trust is to make data as the beginning of all decisions related to trust or trust, and no longer based on restrictions on the level of access of its users.
McAfee announced the availability of a Zero Trust-based cybersecurity solution that is part of the McAfee MVISION Private Access technology. Zero Trust Network Access (ZTNA) is positioned to answer the company’s need to secure today’s IT systems, driven by the trend of working remotely, and WFH (Work From Home), and the emergence of various new security threats that arise due to changing patterns. the work.
“Zero Trust is changing our mindset to no longer restrict access based on users, or use passwords that are harder to guess (and remember). Companies need to review everything from a data perspective: critical digital assets, application data, as well as data from various services, and all of this needs to be segmented more specifically to determine who needs access to that data, and how to protect each. -each of these data access points,” explains Jonathan Tan, Managing Director, Asia, McAfee.
“However, the implementation of Zero Trust security must also be flexible, because sometimes a company’s cybersecurity posture must be able to provide access to devices that may not have been authorized, but are important for the continuity of the process. These kinds of things can be addressed with a complete Zero Trust technology that protects enterprise IT from upstream to downstream.”