Organisations have pivoted to remote working at an unprecedented scale, and some of the changes are likely to be permanent. With remote working becoming the ‘new normal’, Daniel Hurel, Vice President Westcon EMEA – Cyber Security & Next Generation Solutions, looks at why enterprises must now execute smarter security strategies to ensure their businesses, workers and data stay secure.
One effect of the coronavirus pandemic has been a huge increase in the number of people working from home. The question is: how secure are their devices and data?
Remote working presents a new security posture – end-points at employees’ homes; connectivity over Wi-Fi, VPN or SD-WAN; access to applications; and identity. Users may not have corporate-issued devices, and if they do, the business needs control and visibility.
How are their teams connecting? Corporate VPNs have become increasingly popular during the lockdown, but for larger enterprises and the longer term, SD-WAN offers more security and a better level of service.
The COVID-19 crisis has changed how businesses approach security
Companies must now build in advanced risk management and threat intelligence to identify where these risks come from. Breaches can happen at any time and any place, and the first step is staff education. Awareness of possible threats, scams and phishing attempts is critically important. We have already seen numerous COVID-19 malware scams for mobile, and these threats will only increase.
The perimeter is now the device at home. This presents new opportunities for threat actors just by increasing the attack surface. Here the concept of zero trust –‘never trust, always verify’ – is the new normal as users become mobile, assets leave the network, and apps and data move to the cloud. Zero trust keeps assets and access away from attackers, defining how to secure the network, identify users, and secure devices and access to data and applications – wherever they live.
A new perimeter needs a new approach
As organisations enabled remote working almost overnight, it was inevitable that security was overlooked. Now we have time to assess the outcomes, a new approach to security should be ‘from the bottom up’, focusing first on the users who don’t have an in-depth understanding of cyber security. Looking further ahead, the way we work will change forever, with more teams working remotely. So addressing the security issues this entails will be essential – this is the new normal.
Securing the Internet of Things
Two of the biggest security challenges of this transformation are the risk posed by IoT devices on the home network and verifying identity. Zero trust addresses the former, multi-factor authentication (MFA) the second. Adaptive authentication uses policies to evaluate user contexts, behaviours and other correlated data in order to associate a level of assurance with the user’s authentication. From here, the system can deny access, silently authenticate the user, or request a higher level of assurance, such as MFA.
Who’s responsible for network security when it’s at home?
Securing the network that includes a worker’s home needs to be a shared responsibility. This is part of a wider conversation around the need to take a holistic approach to security. Security should not be seen as a separate domain or function within the business – there needs to be a joined up approach across IT, HR, commercial functions and the individual.
That said, while the IT department cannot be responsible for the home Wi-Fi of the user, they are responsible for the security of the device (laptop/mobile), the user (identity), and secure access to data and applications (VPN, ZTNA).
Businesses should support and educate individuals so they’re more vigilant when working from home, by providing awareness training, audits and phishing simulations.
The future is now
The nature of work and business has become remote and cloud-based. Putting best practices in place will not only support employees in their home-working environment but give organisations peace of mind, knowing their infrastructure is in a much more secure place.
Get in touch
If you or your customers need help optimising and securing a remote workforce, we’re here to help. We’re committed to ensuring everyone has access to the technology and expertise needed to work safely and securely, wherever they may be.