Now that remote/hybrid work is here to stay, IT security professionals must find out how to enable a resilient and secure anywhere workforce in order to reduce their risk exposure in the future.
While long-term strategies of most organizations already included digitalization and cloud transformation, the COVID-19 pandemic not only expedited but also irreversibly altered the cybersecurity landscape by ushering in a new work-from-anywhere era.
Many firms had to take a “move first, plan later” approach to support the unexpected change to remote working and abandon their network-centric security bubble, which allowed IT teams to own and control the majority of the network. Ultimately, in the spirit of business continuity, punching holes in current security procedures produced vulnerabilities and exposed many firms to additional threats. Cybercriminals took advantage of the fast changing environment by ramping up their attacks and focusing on the weakest link in the attack chain: the remote worker.
As businesses continue to navigate the challenges brought on by the pandemic, one thing is certain: the world will not return to its prior status. In fact, according to a 2020 WeWork study ‘Reimagining work in the era of COVID-19’, 96 percent of firms are willing to offer employees a flexible work schedule, a considerable increase from pre-pandemic levels. Companies are now accepting remote work after realizing that their reservations regarding the transition to working from anyplace were unfounded.
The Challenges Ahead
While businesses are unlikely to return to a wholly campus-based work model due to advances in productivity, recruitment, employee satisfaction, and cost savings, the work-from-anywhere era is putting a strain on many IT and security teams.
The dilution of the legacy security perimeter necessitates a new approach to cybersecurity, in which companies must ensure that their entire workforce has consistent user experience and seamless connectivity, while also implementing consistent security policies regardless of where employees connect from.
IT departments will face inconsistencies in visibility and control as employees move between corporate and off-campus networks, limiting their capacity to diagnose and resolve end-user issues. Furthermore, in a remote work environment, the common “trust but verify” approach, which was based on the belief that organizations can inherently trust entities within their perimeters, is no longer applicable, and instead requires constant verification of every access request to connect to the company’s systems before granting access.
Another difficulty for IT teams is ensuring that users have consistent and high-quality experiences regardless of their location. Employees expect their technology to work, and they don’t care what occurs on the backend as long as they can get the resources they need reliably and consistently.
The need for a resilient and secure remote workforce
Companies must implement technology that allows for a higher level of visibility when users work remotely, delivering a consistent experience regardless of location, as they consider their long-term IT and security policies in this new work from anywhere era. At the end of the day, one cannot fix something they cannot see. Establishing baselines and hardening system configurations require continuous visibility of all employees’ endpoints, data, apps, and/or network connectivity – even if they are not on the corporate network.
To allow a secure and productive remote work environment, it’s crucial to extend the concept of resilience beyond the endpoint to encompass network connectivity and critical programs, which provide employees with the tools they need to complete their tasks. In this context, Zero Trust Network Access (ZTNA) is a critical foundation for establishing a Secure Access Services Edge (SASE) paradigm, which needs the network to establish trust with an endpoint device that is constantly on the move and accessing corporate assets in the cloud, in a data centre or on-premises, using a variety of cellular or Wi-Fi networks that are not always owned by the company.
In addition to IT manageability and core cybersecurity aspects, businesses should focus on the remote worker themselves, ensuring that they have visibility and insights from endpoint to network edge impacting the user experience, such as device issues, VPN tunnel performance issues, remote office Wi-Fi and network issues, and problems with the applications themselves, allowing IT to quickly identify and remediate the issue.