How to secure the remote workforce has become a critical priority for countless organisations worldwide that were forced to close their offices and workplaces in the wake of the COVID-19 pandemic, according to a Bitglass report.
The company’s CTO, Anurag Kahol, says a combination of short timelines and lack of preparation have made it much more challenging than originally anticipated. He has explored some of the main trends and issues faced by these organisations in recent months, as discovered in the Remote Work Report 2021.
Remote working here to stay
When the pandemic began, up to three quarters of organisations questioned reported having between 75-100 percent of their workforce working remotely. Fast forward 12 months and well over half of those employees (57 percent) continue to do so, suggesting remote working is here to stay, or at least for the foreseeable future.
The motivation for this isn’t solely down to the virus. The vast majority of organisations questioned (90 percent) plan to continue supporting it due to increased productivity and other business benefits realised.
In fact, over half (53 percent) are looking at making some positions permanently remote after the COVID crisis ends, which is about 20 percentage points higher than it was when the pandemic first started. As such, a mixture of remote and on-premises workers will likely abound for some time, meaning the need for technology which can support this is growing rapidly.
Despite growing recognition of the benefits remote working can bring, there are also significant concerns. More than three-quarters (79 percent) of those questioned in the report were worried about the security risks introduced by users working from home.
Despite having a full year of remote work under their belts in most cases, businesses are still feeling worried and unprepared when it comes to securing off-premises users.
The biggest concerns stem from data leaking through endpoints (68 percent), users connecting with unmanaged devices (59 percent), and access from outside the perimeter, meaning less anti-malware protection (56 percent).
These concerns are followed closely by maintaining compliance with regulatory requirements (45 percent), remote access to core business apps (42 percent), and loss of visibility of user activity (42 percent). In other words, a wide variety of cyber security use cases and concerns must be addressed by modern organisations as soon as possible.
Security too network-focused
Part of the problem is that organisations are focusing their efforts in the wrong areas. Most respondents are working primarily on securing network access (69 percent) which, while important, is not necessarily the best use of time and resources.
While It is encouraging that 60 percent of respondents referenced BYOD as a top priority, there appears to be too little focus on securing cloud resources like SaaS apps (38 percent), which are used frequently to house, process and share sensitive corporate data, particularly in remote working environments.
Elsewhere, organisations are using a variety of security controls to secure remote work, but most are still thinking solely in terms of legacy tools that aren’t well suited to modern enterprises.
The top three controls were endpoint antivirus (80 percent), firewalls (72 percent), and VPN (70 percent), while more appropriate security tools like Zero Trust network access (20 percent), cloud digital loss prevention (20 percent), and cloud access security brokers (18 percent) were far less common.
An organisation’s security program is only ever as strong as its weakest link which, more often than not, is its employees.
According to my company’s report, the three top policies and protocols that employees are most resistant to complying with are mobile device management (32 percent), multi-factor authentication (30 percent) and virtual private networks (26 percent).
Resistance to VPNs is causing particular problems, given how prevalent they are. In fact, 55 percent of participants agreed that relying upon VPNs has proved extremely challenging throughout the shift to remote work. Not only does using one frustrate users, it’s challenging to scale, and doesn’t provide zero-trust security – which is becoming increasingly critical.
Transition to cloud
One topic on which the majority of respondents are agree is the growing need for a more cloud-centric ecosystem. Here, 71 percent said their organisation will shift away from on-premises appliances and tools in favour of the cloud, in order to enable more efficient remote working.
However, 12 months on from the start of the pandemic, any transition needs to happen sooner rather than later in order to minimise any detrimental impact to long-term success.
With the COVID-19 pandemic fundamentally changing the way we work for the foreseeable future – possibly forever – businesses must adapt accordingly or risk losing ground on competitors.
For many, this means implementing more appropriate business and security models that empower employees to work efficiently from everywhere while keeping sensitive data secure, wherever it goes. The process doesn’t need to be painful if done appropriately and those who achieve it will quickly reap the benefits of a more flexible, secure and productive working environment.