Watch your step: the security cracks in work from anywhere
Full-time remote workers are set to grow 300% compared with pre-pandemic levels (Forrester, 2020)[1]. In this blog post, Avinash Prasad, Head of Managed Security Services, Tata Communications, discusses how to address security challenges in a new-look world, where mixing work and personal life across devices is the norm.
The new norm of work and business entails connecting any device, any user, any entity for any application placed anywhere. This “Surviving and thriving” in today’s Work-From-Anywhere world requires an effective balance between productivity and security. The challenges to achieving this equilibrium can be oversimplified, and yet they are fundamental for building confidence in the digital enterprise. As stated by IDC (2020), “Never before has the concept of trust been so critical to business. As we are unable to physically interact, digital interaction has become, for many, the only way to conduct business and deliver work. This requires a new approach that relies on higher levels of trust, underpinned by a robust cybersecurity foundation.” [2]
Digital trust will be critical as we move forward and, by 2023, Gartner (2020) predicts that 30% of Chief Information Security Officers (CISOs) will be directly measured by their ability to create value for business.[3]
This blog explores some of the challenges in creating robust cybersecurity foundations that secure the network, endpoints, and cloud, essential for Work From Anywhere.
#1. A connection back to the secure fortress won’t scale
Historically, organisations would build a perimeter around their business using firewalls and layers of security. But due to the pandemic, IT teams have been suddenly tasked with enabling safe remote working as many colleagues have been working from home. Often, their response has been to bring these remote workers back ‘into the fortress’ using a secure VPN. However, this brings its own set of challenges: delays in user performance and productivity plus less visibility and ability to identify bad actors and breaches.
#2. Endpoints of lone users becoming launch platforms for attacks
Lone users have increasingly become the target for attacks over the last few months. That’s because each remote employee is using multiple devices – laptop, phone, and/or tablet. They all need their own secure connectivity and device hardening, without which security can be compromised. Each device is also considered an access point or platform by the organisation.
“What’s needed is a new clear perimeter for each individual – in other words, their own fortress.”
According to Gartner, by 2023, 60% of enterprises will phase out their remote access VPNs in favour of zero-trust network access (ZTNA).[4] For Work From Anywhere to be effective, new security solutions and processes are required – digital certificates to authenticate the user’s device. But even with a secure headquarters and secured individual users, encrypted connectivity is needed to stop any breaches midway. A more granular way of assessing user activities is required. That’s where Zero Trust comes in – a verification approach that makes the whitelist dynamic.
#3. Protecting the growing use of cloud services
Another potential chink in the armour is the growing use of cloud services. In 2020, account hijacking was the fifth biggest cloud threat, according to CSO Online.[5] To address this, the IT team needs to define what is acceptable and “normal” behaviour, i.e. set thresholds for content downloads. A user connecting to a cloud service on the whitelist is fine, but if they try something unusual, then additional layers of verification are required. The key is to make better use of data analytics – looking back across longer periods of time, identifying unusual behaviour over a few months, determining what is normal and acceptable, and what is not.
#4. Inability to have a complete view and ability to act across all potential threats
In the past, analysing system logs made organisations feel safe. But now organisations need more data – not just looking at the past but expanding into behaviour patterns and data modelling.
“From user behaviour analytics to threat analytics and analysis, this insight means organisations can start to predict the most likely threats and begin to protect themselves.”
Adopting advanced threat management increases the speed for both detection and response, across network, endpoints, and cloud – layering in external cyberthreat intelligence such as the type of attacks, bad actors, and the main vulnerabilities. Of course, all this should be automated so that if a major attack is likely to take place, it is already on the radar. To cope with the data volumes required to deliver this kind of protection at scale, organisations also need to deploy machine learning or AI.
#5. Security impacting productivity
“We often think of insider threats as malicious employees bent on doing harm. While that’s often the case, more than 60% are simply those of negligent employees” (SC Magazine, 2021)[6]
Balancing security and productivity for remote workers is not straightforward. For instance, Tata Communications was working with an IT services organisation that supplied software developers to a banking client. The developers were accessing cloud-based services to develop code for the bank’s digital services; understandably, the bank had very stringent security requirements and also high expectations on productivity for these remote employees, so we had to define a security model that aligned with their service and used analytics to help highlight the productivity.
At the same time, we were required to help highly technology-enabled digital banking assistants, whose processes needed effective support in a remote work environment. These types of employees were impacted during lockdown because they struggled to maintain service continuity – the result was more than three hours of queuing for the bank’s customers.
“To address the needs of both the software developers and the digital banking assistants, the security model had to be tightly defined with very clear guard-rails of what the users should be doing.”
In this context, we needed to address the requirements of the digital banking support staff versus the requirements of the developers, i.e. looking at what was blacklisted, ensuring the system was connecting appropriately, and that no personal devices were used. We also had to look at the device real-time – how long it had been idle and whether it should be stopped with fresh verification and authentication initiated.
To conclude, CISOs are thinking about the challenges described above; and key to solving these is empowering the security teams to develop an end-to-end view of their infrastructure and software stack mapped to threats. It’s now about how they further develop an integrated approach to enable Endpoint Detection and Response. Managed Security Service providers can bring this complete package; however, a fundamental change in both mindset and execution are required. They should start by considering: What are the areas we need to address first? Which areas are most mature? What is our cost-benefit analysis? Where do we need to balance security and productivity?
As organisations move forward, business logic and cost analysis will increasingly be applied to security. This evolution will support organisations as they move from functionally protecting devices to the ultimate goal of hunting for threats. Finally, the concept of building digital trust will continue to evolve. As Gartner states “CISOs will need to strike a balance between what is needed in a security program and the risks to undertake for the business to move forward.” (2021)[7]
Discover more about building digital trust through cybersecurity.
The post Watch your step: the security cracks in work from anywhere appeared first on Tata Communications New World.