Zero Trust Security for Remote Employees

Now that we’ve talked about what Zero Trust networks are, how to architect one, and how to maintain your Zero Trust setup with a Zero Trust policy, let’s talk about why Zero Trust security is ideal for remote employees.

The good news about Zero Trust security is that it helps combat the many cybersecurity issues that a WFH setup creates. We’re talking about all those unsecured or minimally secured Alexas, WiFi Roombas, smart dog collars, smart kids toys, and Nest home security cameras that now share a network with your critical business data… not to mention the outdated routers and malware-riddled apps that your employees are using.

Scared? Don’t be. As we already said, there’s a way to fix all this: Zero Trust security.

How to Set Up Zero Trust for Remote Employees – 2 Ways

If you’ve been reading along with all the articles in this series, you already understand that Zero Trust requires additional and continuous authorization to enable access for your most sensitive business data stored in your “protect surface.” (If this is all new to you, check out the “What Is a Zero Trust Network?” blog.) [link to Blog 1]

So, how do you continuously authorize access to your protect surface? There are 2 easy methods:

1. Issue a bunch of company-owned devices

First off, let’s address that this option simply isn’t possible for many organizations. If you can’t afford to issue company-owned devices, skip to #2. If you may possibly be able to achieve this step, read on. It’s truly the easiest way to manage access to your protect surface.

All that said, let’s talk about why this is the easiest method for managing remote employees using a Zero Trust security model.

In essence, you control company-owned devices. That means you control the software updates, you control the downloads, you control what they can do, how quickly they’re patched, etc. Plus, you can get complete and total insight into what the devices are doing and you can install endpoint protection like EDR antivirus and MDR on them to keep them secure (we’ll talk more about that in a bit).

When you’re in control of the device, you can be reasonably confident that it’s secure because you secured it yourself.

In a Zero Trust setup, that level of control helps because you can certify that the devices accessing your network are protected from the majority of opportunity-seeking cybercriminals. This means you can reasonably trust the devices to access your data worry free.

2. Set up solid security for employee-owned devices

If purchasing and issuing company-owned devices simply isn’t in the cards for you at this time, that’s okay. You can still achieve great Zero Trust security for your sensitive business data. You just have to be a little bit choosier about which devices you allow to access your digital holdings.

Microsoft Intune can help because it’s a Mobile Device Management (MDM) and Mobile Application Management (MAM) tool that helps you control security and access on mobile devices and their applications. Here’s the really cool part: Intune empowers you to control and track access to your company’s data on your employee’s personal devices, without infringing on their personal privacy.

With Intune, employees can choose to “enroll” their devices, which gives you more control over their updates and security settings, or they can choose not to enroll and to manage their own settings.

Enrolling gives employees full authorized data and company WiFi access.  Unenrolled devices face the tradeoff of less data access, no company WiFi access, and more onerous reauthentication requirements.

For both enrolled and unenrolled devices, you can control:

  • What data can be accessed by each user / device
  • How that data can be treated (view only, no copy-pasting, etc.)
  • Granular security settings for your data and assets
  • Security measures that must be fulfilled prior to access

How does Intune protect your business data? Basically, it springs into action automatically when someone (or something) tries to access your data on Microsoft 365 or Azure.

At that point, Intune instantly ensures that:

  1. The person accessing the data is actually allowed to access the data (no cybercriminals allowed!)
  2. The device accessing the data is running a properly secured operating system, with no known security loopholes
  3. The person is allowed to do what they’re requesting to do with the data (e.g. no downloading to their personal device)

Pretty cool, right?


As an important note: Whether you use company-owned devices or employee-owned devices, you may want to consider endpoint protection tools such as next-level EDR antivirus or MDR to better secure each and every device that you allow to log in to your network.

  • EDR Antivirus (or “next-gen” antivirus) can identify and report on suspicious activity and, in some cases, can freeze or shut down things that look weird. It can also take the computer off the network, so the “weird” thing can’t potentially infect other computers on the network. (Cost: $5-10 per month per device)
  • MDR (Managed Detection and Response) flags network-level attacks and reacts to them in record time. The speed of MDR is due to the fact that alerts are monitored by real human beings in a Security Operations Center who escalate the bad alerts for fast remediation. (Cost: ~$15 per device)

Don’t Forget About Basic Security!

One of the most important benefits of a Zero Trust security methodology is that it helps you control and gain insight into who or what is accessing your data and apps, and when they’re doing so.

However, using a Zero Trust strategy doesn’t mean you can ignore basic cybersecurity tactics like multifactor authentication and building a phishing-resistant workforce.

Security experts report that they saw a 667% increase in phishing attacks immediately after WFH operations started, so training your staff to identify and avoid falling victim to phishing scams is super important right now.

Help Your Remote Work Team Work Safely with Zero Trust Security

Right now, with so many members of the global workforce working from home in an unprecedented situation, your sensitive business data is everywhere. Cybercriminals know this, and they’re on the lookout for any way to break in and steal your digital assets.

Zero Trust security methodologies provide the layered security stance your business needs to combat the cybercriminals – so you may as well get started on setting up your Zero Trust network as soon as possible.

The steps in this 4-part guide to Zero Trust networks should help you get started on your own Zero Trust setup but as soon as you need help, we welcome you to reach out and just ask the awesome IT experts at Interplay. As you know, we’ve spent the last nearly-20 years helping to improve cybersecurity here in Seattle, while making everyone’s business tech run faster and better.


Get in touch with Interplay as soon as you need a helping hand with Zero Trust (or anything else IT-related).