Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Navigating Zero Trust Security in the Remote Work Era: Guidance for Fortune 500 Companies

January 24, 2024

By Kyle Kappel, US Cyber Leader at KPMG

The surge in remote work prompted by the COVID-19 pandemic has underscored the critical importance of robust security measures for companies. One security model gaining traction is the Zero Trust framework.

Zero Trust operates on the assumption that no user or device is inherently trustworthy, necessitating verification for every attempt to access a network or application. While this approach enhances security by minimizing the attack surface, implementing Zero Trust poses challenges, requiring significant deviations from traditional security practices and potential impacts on user experience.

A primary hurdle in Zero Trust implementation is its potential effect on user experience. The verification process can be time-consuming, introducing additional steps for users to access resources. However, strategies such as employing single sign-on (SSO) solutions and integrating adaptive multi-factor authentication (MFA) can mitigate these impacts and streamline the verification process.

Tools and Technologies for Zero Trust Implementation in a Remote Work Setting

Effective deployment of Zero Trust in a remote work environment demands a blend of technology capabilities that must all work together to enforce Zero Trust principles:

  1. **Identity and Access Management (IAM) solutions:** These manage user identities and resource access, integrating with other security solutions for a comprehensive security framework.
  2. **Zero Trust Network Access (ZTNA) solutions:** Enforces security policies on a conditional basis, evaluating signals such as device authorization, identity, and other contextual information on whether access should be permitted, denied, or granted with exception.
  3. **Endpoint Detection and Response (EDR) solutions:** EDR solutions detect and respond to security threats on endpoints, covering laptops and mobile devices.
  4. **Data Protection:** Data protection solutions are utilized to help classify, label, and encrypt corporate information. Effective data protection policies are another factor utilized to determine if/when access should be permitted.
  5. **Application and Infrastructure Protection:** These solutions protect individual workloads, such as applications and cloud infrastructure, integrating with the rest of a Zero Trust security stack to provide adaptive and secure access.

Measuring Success

Assessing the success of a Zero Trust implementation involves a blend of technical metrics and business outcomes. Key metrics include a reduction in security incidents and breaches, a decrease in time to detect and respond to incidents, and an improvement in user productivity and satisfaction.

Regularly reviewing and adjusting the security strategy is vital to ensure continued effectiveness against evolving threats and challenges.

As remote work becomes more prevalent, the need for robust security measures grows. Anticipated trends and challenges for Zero Trust in remote work environments include integration with cloud-based applications, increased use of automation and artificial intelligence, and balancing security with user experience to avoid negative impacts on productivity.

Advice to Businesses

For businesses contemplating Zero Trust implementation in a remote work setting, consider the following advice:

  1. Conduct a comprehensive security assessment: Identify vulnerabilities and risks to tailor a security strategy to specific needs.
  2. Utilize a platform approach: Avoid point technology solutions that are difficult to integrate and develop a strategy based on a platform security provider. Zero Trust must simplify the security technology stack, not further complicate it.
  3. Develop a clear and phased implementation plan: Outline steps and timelines for significant changes to traditional security practices.
  4. Communicate with employees: Clearly communicate changes, offer training, and provide support to help employees adapt.
  5. Stay up to date: Remain informed about emerging trends and technologies to ensure an effective security strategy.

By following these guidelines, businesses can successfully implement Zero Trust in their remote work environments, bolstering their security posture.

The bottom line

Zero Trust is a potent security model for enhancing security posture in remote work environments. While implementation requires significant changes and may impact user experience, leveraging effective tools, measuring success, and staying ahead of future trends enable Fortune 500 companies to make informed decisions about their security strategies.

close
Contributors
close
Media contacts

Explore more

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline