The concept of hybrid work existed before COVID-19. What nobody expected is for hybrid work – digital transformation – to become a permanent setup for organizations. Some will have many people in the office, some just a few, and every combination in between. As home offices turn into forever offices, organizations will have to rethink network-level security policies for remote workers.
There are several ways to secure home networks today. First, using firewalls, which have a high operational cost of equipment, setup, and onboarding. Second, using consumer-grade routers, which are cost-effective and easy to set up but aren’t very secure. Third, using antivirus software on laptops, which can easily be disabled and doesn’t protect the Internet of Things (IoT) and smart devices connected to home networks.
Now, there’s a fourth option introduced by Palo Alto Networks–an enterprise-grade secure router system that safeguards every user and device on a home network. I recently interviewed two Palo Alto executives to discuss the newly launched system, Okyo Garde, and why home networks need the same protection as enterprise networks in this hybrid work era.
What follows is a Q&A with Palo Alto Networks’ executive vice president Mario Queiroz and senior director of product management Mayuresh Ektare.
What are you hearing from customers regarding hybrid work?
Queiroz: I really can’t think of a single customer we’ve talked to that said they’re going back to exactly what they had before. There’s definitely going to be a hybrid world. Most companies are likely going to have employees in the office two to three days a week. Employees are going to do some of their non-collaborative work at home, and work that benefits from people being together at the office. Work at home used to be more of a casual thing for people, maybe 30 minutes a day checking email.
Now they’ll be working from home 20 hours a week or more. Fundamentally, the kind of work that gets done at home will be different from the kind of work that was done before. Organizations have to consider how they secure work from home since it has changed.
How does working from home change security more?
Ektare: The shift is becoming more permanent and sensitive work is getting conducted from home. This creates a very predictable behavioral pattern for the employees, which can be exploited for targeted attacks. For example, if someone wants to target an employee, it’s very easy to hack into their home network, which currently isn’t protected with enterprise-grade security.
So, employees are at a higher risk of a targeted attack, now that they’re working from home, have access to sensitive data, and perform sensitive tasks like creating financial reports.
Queiroz: Because of the nature of the work being done at home, you need a much more robust setup. You want network segmentation to separate all the personal stuff that happens at home from work. The most robust way to protect the home is with the same security policies that protect employees when they’re at work. That’s not to say those endpoint solutions are not effective, but enterprises are realizing they want home networks protected in a way that’s similar to the corporate environment.
Palo Alto recently announced a security solution called Okyo Garde. What is it?
Queiroz: Okyo Garde is a new cybersecurity offering from Palo Alto Networks that combines enterprise-grade cybersecurity with consumer simplicity through a premium mesh WiFi system. It strikes a perfect balance between enterprise-grade security and the simplest interface, so you have the best of both worlds. It utilizes constantly updated threat intelligence, the largest and the most comprehensive catalog of good, bad, and suspicious internet addresses.
The initial product can be pre-ordered now by small businesses and people working from home. On top of that, we’re building the Enterprise Edition, which provides network segmentation and integration into Prisma Access, a Palo Alto Networks solution, for corporate policy enforcement.
Why hasn’t anybody built a solution like this yet?
Queiroz: There are routers on the market with third-party software integrations, so they don’t provide enterprise-grade security. The difference between what Palo Alto Networks is offering and what’s available today is built-in security from the ground up. We didn’t build a router and then integrate a security subscription into it.
If you compare Okyo Garde with the most premium mesh Wi-Fi systems, one of the differences is that we have more memory. This hardware choice enables you to get the same throughput, in terms of network access, for running the security stack that we built into it.
Ektare: I look at it from two perspectives: the consumer angle and the enterprise angle. On the consumer side, the solutions that are available today provide Wi-Fi, and then security becomes an afterthought.
Our approach puts more emphasis on security with an adequate level of sophistication in networking that is needed for making sure that the consumer can actually adopt enterprise-grade security with ease of use. On the enterprise side, Okyo Garde is the only solution that blends secure access service edge (SASE) with the device by default. It’s an end-to-end platform.
How big a risk is having employee devices connected alongside other devices at home?
Ektare: When devices are connected to the home network, and you have unmanaged, unsecured devices (personal computers, surveillance cameras, smart TVs), you’re in a situation of unknown risk. Without segmentation, many CIOs and CISOs are not comfortable with their employees accessing sensitive data or corporate data on local networks. Cybersecurity is only as strong as the weakest link.
When it comes to enterprise security, the weakest link is often the employee’s set-up. When security software is running on laptops, the protection is strong. But if it’s not updated or disabled, there are gaps in security. That’s why having an additional layer of security is important.
Does Zero Trust security extend into working from home?
Queiroz: Yes, it does. Never trust and always verify users, devices, apps, and data. With this additional layer of protection, we’re providing an additional layer of verification of users and devices, and therefore, the apps and the data that those users and devices access. If one potential failure point is compromised, there is another layer of security and protection. If someone tries to connect to an address on the internet that might compromise their account or take control of their device, we don’t allow those connections.
Ektare: Palo Alto Networks has had a strong presence in campus requirements. We have great solutions for the branch and remote/mobile users. What was missing until now was the small office/home office footprint, which did not have coverage from a network perspective. Okyo Garde fills that gap and extends Zero Trust security and networking to the home.
No one can fathom the thought of not having network security as an additional layer of protection on campus or in the branches. As employees are now permanently working from home, this additional layer of security is absolutely needed.
What are some other benefits of adopting Okyo Garde?
Queiroz: In addition to improved security, the other benefit is better connectivity and network performance compared to any existing router an employee has in the home. Employees also get the simplicity of the solution if they decide to upgrade their home network with segmentation and enterprise-grade security. Their only other option is to use a low-end firewall, but it’s not something the average person is just going to do.
Who are the early adopters of Okyo Garde?
Queiroz: The early adopters are our Prisma Access customers, who are already familiar with this level of security. Okyo Garde Enterprise Edition will be sold as an add-on to Prisma Access. The enterprise version of our product is not a standalone device. It ties back to Palo Alto Networks security. On the small business front, we see companies with 25 or fewer employees as early adopters.
The research we’ve done shows that small businesses in professional services that handle very sensitive customer-client information can lose a lot if that information is compromised. Also, there are always early adopters in the home, the “prosumers.” There hasn’t been a solution like this, so we see the prosumers as early adopters of Okyo Garde.
What responsibility should companies have in ensuring that home networks are secure?
Queiroz: Companies aren’t responsible for the home network since that’s the employee’s domain, their private life. With that said, companies should offer the capability for the employee to protect their personal network.
Do companies have the responsibility for their employees to get the flu shot? They don’t, but they can give employees incentives for getting one. The healthier the employee, the more productive they are. Similarly, in the home, protecting the employee’s network creates a better work-from-home experience. Okyo Garde delivers home protection plus segmentation and integration with corporate security policies. If the office is coming to the home, you have to protect the home. That’s the approach we’ve taken.