How do we manage cybersecurity in the COVID-19 remote work era?
March 16, 2021
Article by Timothy Sim, Identity Practice Director, Versent & Simon Morse, Security Practice Director, Versent.
What’s been the biggest impact of COVID-19 on the way your enterprise does business?
Over the last twelve months, industry surveys consistently found that between 70% to 90% of companies have radically expanded their work-from-home programs. If your organisation is like the majority, some major challenges arose from the global shift toward team decentralisation. One prominent issue exposed by the remote work surge is the need to re-examine cybersecurity: specifically how security and IAM (Identity & Access Management) needs to evolve to encompass the change.
Why doesn’t old-school cybersecurity protect remote workers?
Ubiquitous work-from-home has thrown up some new cybersecurity challenges for IT teams and magnified some older ones as well. Having whole teams out-of-office has redefined BYOD (Bring Your Own Device) culture. When working inside offices was the norm, cybersecurity plans were built from a “perimeter” blueprint. Devices and data used inside the office were fenced, and that was adequate protection. But remote work has swept the last traces of viability away from perimeter security models.
Many organisations have responded to the sudden growth in their remote workforce by cranking up the security measures on their employees’ devices. Early in the pandemic, companies scrambled to increase their VPN (Virtual Private Network) protection. As social distancing and lockdowns bit into the workplace in 2020, organisations were increasingly leaning on VPN. But, for a variety of reasons – not least cost and efficiency – it was never going to be a sustainable solution on its own.
Working remotely, team members access their work platforms through a wide variety of networks and services provided by a wide range of unvetted vendors. Consequently, IT teams have limited control over their network security. This situation has precipitated a massive movement toward cloud-based, Zero Trust security solutions that provide protection regardless of the network environment.
Better cybersecurity solutions.
Better cybersecurity is a top priority for forward-looking companies. Security vendors worldwide have reported that 2020 was the biggest year for cybercrime on record; following a steeply growing trend. Remote work has also contributed to an explosion in unforced data breaches from poorly protected IAM and BYOD programs.
So, what’s the answer to the decentralised workforce cyber-conundrum?
There are a few ways your enterprise can improve your security posture to manage remote work.
Step one is to have an updated emergency and risk management plan. Surprisingly few companies were fully prepared, it seems, for the seismic shifts COVID-19 wrought in their teams’ work situations.
Critically, as new security protocols are put in place, they need to be properly recorded and communicated effectively across the broader IT team and to end-users, as well. Clear documentation is vital, not only to handle situations where there is rapid change in IT team structure but also to promote swift communication in times of rapid change. The way crisis messaging is handled with IT staff will be much different from the language that’s accessible to the broader workforce, and that tiered messaging needs to be prepared ahead of time.
It can’t be overstated how important it is to address the skills gap in cybersecurity. Most companies don’t have cybersecurity specialists on their teams, and that’s a massive vulnerability, especially when huge changes are happening in the security environment. Partnering with a specialist consultant or security MSP (Managed Service Provider) is a vital strategic move. Cybersecurity specialists are a scarce resource, so by partnering with an MSP, your company can avoid the almost impossible task of getting your internal team up to speed with the cyber challenge. You’ll also avoid diverting your internal IT resources away from delivering better services to your customers and workforce.
Embrace the future and shift to the cloud.
Investing in strategic cloud transformation is probably the most important step any organisation can take to secure its data systems.
For the new remote work economy, device and user-level security are paramount. Identity and Access Management has never been more important. Sustainable solutions have to maintain strict security around who is allowed to get at data and under what conditions while also allowing low-friction access for legitimate users.
Cloud-based cybersecurity and IAM solutions do this extremely well, and they’re ideally suited to a decentralised team situation.
Beyond the immediate crisis, cloud-based security is a better long-term solution too, so it’s a good investment for any organisation that plans to be around for more than a few years. The digital transformation trend toward cloud-computing is driven primarily by economic imperatives, but the pandemic has hastened it. Shifting to modern, decentralised security measures will help your organisation navigate the remote work shift, but it’s an essential step toward a future-proof IT architecture as well.
Want to learn more about how strategic cloud adoption can secure your organisation? Discover the cybersecurity benefits of implementing advanced cloud security and IAM with Versent.