Anurag Kahol at Bitglass outlines the central tenets of ensuring that remote working is secure
The fundamental shift to home and remote working over the past 12 months has caused a major headache for cybersecurity professionals. This is because many of them are used to a much more controllable security surface area that office buildings and on-premise security infrastructure provides.
With so many people now working from home, the corresponding surge in app usage, unmanaged devices, web traffic, and accessing internal resources is making security a much trickier prospect. This situation looks set to remain for the foreseeable future.
Indeed, according to Gartner, 74 percent of companies don’t want their employees returning to an office. As such, cybersecurity professionals have had no choice but to adapt as quickly and efficiently as possible. The question is, how?
The issue of control
With workforces now dispersed over much larger geographical areas, the sheer size of the security footprint is one of the main issues to overcome. Traditional perimeters are gone, and with them the control that they afford. Now, users control their own devices and operating systems, making it much harder for security professionals to achieve the oversight they need.
Unfortunately, user trust and the use of on-premises solutions is not enough.
An opportunity in disguise
While some security professionals are lamenting the loss of the security blanket that on-premises infrastructures provide, others are seizing the opportunities it has created. After all, the sudden, urgent shift in business practices has thrusted IT into the spotlight in a way that gives them more influence than ever over how businesses are run. Executive boards all over the world are clamouring to establish new remote business processes as quickly as possible, and they’re willing to provide the budget needed to achieve it.
However, that doesn’t mean getting it right is easy. Even with the budget and backing, any effective security solution needs to achieve the dual goal of protecting against threats and safeguarding sensitive data without impacting on business productivity or performance – not an easy feat.
In the scramble to establish productive remote working at the start of the pandemic, many were way wide of the mark. According to Mckinsey and Company, this has “amplified long standing cyber security challenges – physical and psychological stressors that compel employees to bypass controls for the sake of getting things done.”
In short, the push for productivity has significantly compromised security. In addition, some businesses have experienced their ‘human firewall’ crumbling, to detrimental effect. Things like exercising good email discipline and not clicking on suspicious links/attachments are fairly simple to uphold in an office environment, but have seemingly now gone out the window in the name of accomplishing tasks at home.
The central tenets of effective remote working security
Fortunately, there are a number of central tenets that organisations can follow in order to achieve the best possible threat protection and data security in place without compromising on worker productivity. These are as follows:
Start by moving all on-premises deployments into the cloud where they can be easily managed. Next, centralise policy management using technology such as cloud access security brokers (CASBs) and secure web gateways (SWGs). Finally, look to adopt a modularised and flexible approach to policy engines wherever possible.
Keeping processes as simple as possible further removes the chances of vulnerabilities going unnoticed. As mentioned above, eliminating on-premises solutions and migrating to the cloud keeps everything together, helping to avoid a fragmented security environment that’s much harder to control.
Effective consolidation and simplification allows for a much more cost effective approach. Deployments and configurations can be done in days instead of weeks, and allow businesses to rapidly find the balance between security, availability and productivity.
Finally, ensure any new approach is suitably future-proofed for scale. Doing so means that businesses can adapt quickly and dynamically to any changes in workload, while eliminating any backhaul traffic bottlenecks that can impact productivity over time.
A great example is a leading healthcare provider that Bitglass worked with recently, which had over 15,000 employees go from working on-premises to working from home, almost overnight. Some of the key challenges included inadequate native Office 365 security, sensitive data leakage from unmanaged devices, and a lack of integrated advanced threat protection – all of which are major security risks for the organisation.
By adopting these tenets, the organisation was able to quickly implement a new, readily deployable security solution that used real-time DLP to prevent data leakage on downloads and limit access from any risky, unmanaged assets. The solution was also able to distinguish between managed and unmanaged devices and use advanced threat protection for uploads, downloads, and data-at-rest, significantly improving security at every stage of the process.
Take the time, get it right
As the business world continues to adapt to the new way of working, security mistakes of the past 12 months should no longer be repeated. Rather than taking a panicked scattergun approach, organisations must take their time and select a consolidated solution. The principles laid out in this article offer a great starting point that can form the cornerstone of a powerful cloud-based security solution that’s truly fit for purpose, both now and in the future.
Anurag Kahol is CTO of Bitglass. Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute of Technology.