For IT security managers, an abrupt change from office to fully remote operation must feel like moving from a solid walled villa to the Wild West.
Traditional limits of on-premises operation and thus also the control that it offers no longer exist. In the home office, users more or less control devices and software themselves. And that is where the difficulties for IT admins begin. The area to be secured increases suddenly. Just a click on a malicious email attachment, surfing a website with malware, an open WiFi network or an unsecured device used by an employee can give attackers access to corporate IT infrastructure, where they can cause even greater damage can.
Production pressure increases the risk
To rely solely on the prudence and reliability of the workforce would be bad advice. Even with extensive sensitization, especially in stressful situations, there is a likelihood that employees will make a risky mistake against their better knowledge. The pressure to be productive is already slightly increased for workers in the home office. In fact, management consultancy McKinsey concludes that in 2020 remote work will intensify the long-standing cybersecurity challenges - physical and psychological stressors that force employees to bypass controls in order to get their jobs done. In short, productivity pressures can seriously affect home office security.
Home office increases the need for security
In order to establish a sufficient level of security even under these conditions, IT admins use the tools that have proven themselves in regular office operations for connecting fewer external participants in office operations: Firewalls, anti-virus programs and VPN connections are primarily used as security precautions for access on company resources. For IT managers, this approach means a noticeable extra effort: They have to secure new or, if necessary, personal end devices of the employees and keep the software installed there up to date. The enforcement of data security guidelines must be ensured across various security applications. If the firewall causes bandwidth problems for the users when the user load is high, the IT admins are confronted with an increased number of support inquiries. All in all: less control, increased security risks and suboptimal management processes.
Digitization forced by chance
What is lost in control at the IT security level is gained at the business level. In a digitized company, new ways of corporate management can be implemented more easily, as the IT design allows for fast, efficient restructuring. Therefore, in many companies, remote work should in future be maintained permanently at least for parts of the workforce or generally remain an option. According to a Gartner survey, 74 percent of companies do not want their employees to return to an office. Executives around the world are pushing for new remote business processes to be established as soon as possible, and they are ready to allocate the budget to do so.
Remote scenarios have to be adapted
The announcement of permanent remote work does not seem to be a good prospect for many IT admins at first. For them, this means managing a larger amount of risk with more cumbersome methods. However, this is only the case at first glance. A closer look reveals that the IT management of remote work in 2020 was mostly only so complex due to the short-term implementation. The use of VPN connections and firewalls is a suitable way to allow a few employees remote access in office operations. However, if this approach is rolled out to the entire workforce, it turns out to be cumbersome and inefficient.
Rethink IT security
However, new possibilities arise if you break away from the principle of “emergency remote for everyone” and are prepared to rethink the design of your IT security from the ground up. Consolidation can be a fundamental first step: If companies move their on-premises implementations completely to the cloud, their management can be simplified. The application of guidelines can be carried out centrally by policy engines that guide security tools such as CASBs or SWGs. Keeping processes as simple as possible also reduces the likelihood of vulnerabilities going unnoticed by avoiding a fragmented security environment that is difficult to control.
Effective consolidation and simplification allow more cost-efficient work. Deployments and their configurations can be carried out in days instead of weeks and enable companies to quickly strike a balance between security, availability and productivity in remote operation.
Infrastructure has to become more dynamic
Last but not least, it should be ensured to what extent a new approach is resilient to future threats and developments. The infrastructure should be able to adapt quickly and dynamically to changes in the workload, while avoiding bottlenecks in backhaul traffic that can affect productivity over time.
The shift to remote work is another milestone in advancing digitization. If business processes are mainly handled digitally, IT security is of crucial importance. Companies can only do justice to this if they are ready to fundamentally rethink the design of their IT security. With the principles described, IT admins create suitable conditions to be one step ahead of IT threats and at the same time to work as efficiently as in on-premises environments.
More on this at Bitglass.com[starboxid=4]