The past two years have changed how businesses operate. Hybrid cloud strategies and secure remote access were important enablers to turbocharge the digital transformation of the business landscape. We weathered the pandemic, and even expanded businesses, due to the freedom afforded to us by the Internet, cloud technologies, and secure remote access solutions.

It’s not just the privileged few that are working remotely anymore.

In today’s reality we need secure access, to anywhere, from anywhere. With many systems moving to the cloud, the security perimeter is rapidly changing, and traditional security solutions are becoming less appropriate.

Enter Zero Trust.

Zero Trust is an emerging security paradigm intended to address the weaknesses in ‘traditional’ secure remote access. In Zero Trust all networks are considered equal and untrusted, there is no internal or external space, and security must therefore be achieved on the endpoint and on the server without requiring a VPN. Zero Trust is being adopted by leading thinkers like Google in their own security strategy, as well of course as businesses like Perimeter 81.

But the Zero Trust security journey needs to start with reliable user identification and strong, multi-factor authentication. Thus, the traditional network perimeter slowly disappears, but is replaced with a new ‘perimeter’ – the authenticated identity of the user requesting access.

Having learned from the lessons of the past, new generation solutions are increasingly enforcing strong, Multi Factor, or even Passwordless Authentication. These improved new forms of authentication are overwhelmingly being implemented via the mobile phone, which is in many ways ideally suited to the task, and so the user’s mobile phone is gradually becoming a integral part of our network security architecture.

Mobile phones have on the whole presented a wholly more robust security posture and have largely remained immune to many of the security problems that have plagued traditional ‘desktop’ PCs. They’re still just computers, however, and with a multitude of sensors, interfaces and connections, actually present a rich attack surface.

In this presentation we explore the history of remote access security, the fundamental shifts toward ‘Zero Trust’ that are taking place right now, the emergent new role that identity, authentication and mobile phones play, and the implications this has for how we will manage our security vulnerabilities in the years that come.

Charl van der Walt is Head of Security Research for Orange Cyberdefense, where he now leads a specialist security research unit that identifies, tracks, analyses & communicates significant developments in the security landscape that may impact customers. Previously Charl was a co-founder of SensePost – a penetration testing company that has made a mark on the industry globally for two decades now. Charl and his team are globally recognized and frequently showcased at international security events such as Black Hat, RSA & BSides. Orange’s access to authentic security data as an operator, and their deep focus on intelligence and research, place Charl in a unique position to understand and comment on the fundamental dynamics of the security landscape.