Organizations are increasingly adopting models which allow working from home, a process now highly accelerated by COVID-19.
One approach organisations are taking is increasing the SSL VPN capacity, a quick way to allow workers access to the organization’s internal assets and networks.
But such an approach introduces a new security threat. In practice, it redefines the external perimeter, one which organizations worked hard to protect, to include the home networks and private devices of all employees.
Once an employee establishes an SSL VPN session to the internal network, any malicious malware/software on their private devices or network is granted access and becomes part of the internal network.
This shift introduces a huge risk associated with lateral movement, by radically increasing the probability of such to the most extreme end of the organisational risk matrix.
The mitigation of such risk requires a mind shift in security architecture and the way you both define and defend your IT perimeter: the perimeter now is a micro-perimeter for each and every workload and for each and every application.
The trust of an Internal Network versus External Network has diminished, and to mitigate the risk associated with that, a Zero-Trust Framework should be adopted sooner than later.
"The attack surface for malicious actors has increased since some parts of an organization's infrastructure that were only used internally are now exposed to the Internet,"