As more work-from-home business models become permanent, the boundaries between work life and personal life have become perpetually blurred. While this has sustained business continuity, it has created a technical nightmare for IT organizations. Security attack vectors have increased exponentially.
This means companies of every size must now rethink their security approach for the remote workforce. Any shortcuts previously taken to quickly enable at-home workers should now be reviewed with an eye toward security, cost effectiveness, and long-term sustainability. As IT leaders perform much-needed security audits in 2021, here are the biggest concerns they face and a list of do’s and don’ts for addressing them.
The freedom to work from anywhere has created networks without borders, which in turn introduces a much wider attack surface. Personal devices, home internet services, and public WiFi, are the culprits. While these are not new security challenges, what was previously the exception is now the normal, creating opportunities for access on a mass scale and at high frequency. As a result, new attacks are appearing everyday and old ones are being re-energized.
Herein lies the core concern and the call to action for IT leaders. Security must evolve to protect an environment that is no longer characterized by known devices, locations, and networks–rather the unknowns of any device, anywhere, by any access means possible.
The vastly expanded scope of the IT environment has created three classes of problems for enterprise security.
1. Problems begin at the endpoint, and so too should security
Connectivity and communication originates with the endpoint, which has a much broader definition today. Laptops, tablets, phones, servers, as well as virtual environments, including IoT devices like smart TVs, wearables, and everything in between can be considered an endpoint. And remote and at-home employees don’t just use their company-issued laptop for work anymore. Personal devices are entering the list of endpoints that must be secured, creating these risks:
Security efforts today should start at the endpoint, taking into consideration device control and the ability to enforce security policies. Also important are next-gen security protections including anti-malware, threat intelligence, AI-based automation, as well as multi-factor authentication.
2. More connectivity types require more visibility and less user trust
VPNs, home internet services, and public WiFi are now the de facto access methodologies. Yet each one can expose the corporate network to a wide variety of external environments, many of which lack adequate security controls:
Suspicious activity and anomalous behavior can arise from all of these unprotected environments, and the key is to first understand which access methodologies employees are using. Solutions that offer visibility into company resources are critical, as is the ability to see what’s happening across the entire network.
Using a Zero Trust security approach can provide another layer of protection and is particularly helpful for those using many VPN connections. Aligning with today’s borderless IT environments, a Zero Trust architecture abolishes the idea of trusted users and networks inside a defined perimeter. Instead, these security controls are designed around the flow of sensitive data and authenticating all users and systems needing access–no matter who they are.
Layers of security are crucial today, and it’s important to know which technologies have moved into the must-have group. Endpoint threat protection packaged with 24/7 detection and response services will likely experience adoption spikes in 2021. Every WFH organization also needs network endpoints that can use an encrypted tunnel to traverse the home internet. But there are lots of different ways to get there. Secure access security edge (SASE) solutions can fill the need, as can light-weight SD-WAN solutions designed for secure access from home and on the go.
As IT leaders rethink security, they should start with an audit and consider these do’s and don’ts:
As workforce habits evolve, the overall advice remains the same: Security has never been more critical. IT executives must revisit security strategies and work to reduce risk as the network expands without borders.
When you’re ready to reassess security for your WFH organization, contact Masergy.
Applying for a cyber insurance policy? You'll need security policies and countermeasures in place, including endpoint detection and response.
Accelerated transformation has spurred new governance phases. Rebalance innovation and security by putting these checks and balances in place.
How sustainable is your hybrid work strategy? It's time to unite the disciplines of connectivity, cybersecurity and collaboration.