The unprecedented COVID-19 pandemic affecting Malaysia and rest of the world has resulted in the workforce adopting to the work-from-home (WFH) policy.
Though on paper the concept looks relatively easy where employers and employees work from their respective homes, the execution has proven to be slightly challenging in many areas such as having an effective communication channel with employees, lack of integration as well as data security and confidentiality.
According to Kaspersky and the World Health Organisation, the sudden but necessary switch to WFH has seen a spike in cybercrime.

Cybercriminals apparently target WFH employees with spam and phishing emails, including malicious file attachments.
Employers therefore need to be on their toes on issues of data security and confidentiality because employees on WFH arrangement may be more vulnerable to such attacks. The WFH policy should complement existing data protection policies implemented in compliance with the Personal Data Protection Act 2010, and fill any gaps that may exist.

Employees may also need specific training on their data protection and confidentiality obligations, the procedures which they must follow, and what is considered as an authorised use of data.

Before getting into the specifics, it is pertinent that one understands what cybersecurity is.
Cybersecurity is making sure your organizations’ data is safe from attacks from both internal and external factors. It can encompass a body of technologies, structures, and practices used to protect networks, computers, and data from unauthorized access or damage.

With cybersecurity, actual attacks often cost far more than an investment in prevention programs or the critical hardware and software needed to protect IT infrastructure. In this current climate, investing in cybersecurity technologies, tools and training – without cutting costs – is utterly crucial for both employees and the business itself.

At the recently concluded webinar, SASE vs Zero Trust organised by Indonesian CIO Network (ICION) and sponsored by Bitglass, with ESPC MEDIA as the official and exclusive media partner, the webinar shed light on how the Secure Access Service Edge (SASE) and Zero Trust Network Access functions as well as how they can contribute to protecting a company from cyberattacks.

At the Keynote Address delivered by Dr. Pratama Dahlian Persadha, the Chairman of CISSReC (Communication and Information System Security Research Center), he said that with more and more people working from home and using multiple devices, therefore accessing the system from more than one location could leave it vulnerable to risks and threats.
“In the age of convenience and technology, business owners and employers encourage the use of various tools to improve productivity but that also opens up the issue of security becoming vulnerable and easier to breach since everyone is allowed access the system and information from anywhere. In this new age, data is the new oil and we must protect it at all means,” said Dr. Pratama.

In his address, he also said that a Gartner, Inc. survey revealed that nearly half (47%) said they intend to allow employees to work remotely full time going forward. For some organizations, flex time will be the new norm while 42% will provide flex hours.

For many organizations with employees working both onsite and remotely, adapting to a new, more complex hybrid workforce is the challenge as how people work together to get their job done evolves.

A panel consisting of Dr. Prio Utomo (ICION Advisory), Arivuvel Ramu (CTO, Tonik), Frankie Lim (Regional Director, Asia), and Anthony Lim (Director, Research & Alliance, CSCIS) were in attendance at the webinar and they brought their expertise to the webinar by weighing both the SASE and ZTNA and which is better equipped to serve the needs of the current climate.
Secure Access Service Edge (SASE) vs Zero Trust Network Access (ZTNA)

At the webinar, it was agreed that SASE which is a convergence of wide area networking and network security services like CASB, FWaaS, and Zero Trust into a single, cloud-delivered service model is rapidly becoming an emerging cybersecurity concept.

While ZTNA according to paloaltonetworks.com is a security strategy that completely eliminates the concept of trust from a network and requires content inspection before granting access to a company’s network and data.

Though both these services help to secure access no matter where their users are located, there are some substantial benefits to employing the SASE security mode as more and more people are opting for the cloud-based system.

Among the benefits are flexibility, reduced complexity, increased performance, threat prevention and data protection. In addition to these, the SASE is also cost effective which might make it more attractive to business owners.

sumber:espc2go.com