For more than a year now, cybersecurity teams have been enabling employees to work from home (WFH), to varying degrees of success. It’s fair to say most organizations have done much better securing the millions of endpoints that now routinely connect to corporate networks than most anyone would have anticipated.
Now comes the next big challenge. While more employees will undoubtedly return to the office in the weeks and months ahead, it doesn’t look like herd immunity will be achieved despite the widespread availability of COVID-19 vaccinations. As a result, cybersecurity teams need to assume employees will need to be able to work from anywhere (WFA) for the foreseeable future. The security implications for WFA are naturally profound as IT organizations shift toward a Zero Trust approach to managing IT.
A survey of 300 IT professionals in the U.S., Canada, and the United Kingdom (U.K.), conducted by International Data Group (IDG) on behalf of Blackberry finds nine in ten respondents are concerned about workers returning to the office with unpatched systems and out-of-date software and devices. The majority of survey respondents said they plan to quarantine PCs upon arrival or scan and install patch updates before allowing users to connect them to the corporate network.
More challenging still, nearly one in five employees (18%) at the average organization in the U.S., Canada, and the U.K. are using a personal PC to access corporate data, while 20% are using a personal smartphone for that purpose.
Overall, the survey finds U.S. respondents on average expect just under a quarter (23%) of their workers will be working from home in the next six months, compared to 19% now. Those numbers are higher in the U.K. and Canada with 41% and 38% of the workforce currently working from home, with rates expected to go down to 29% and 32% in the next six months, respectively.
Turning to new solutions
Well over half of respondents in the U.S. (58%) also noted the pandemic exacerbated problems caused by skills gaps and security awareness, with more than a third (35%) still unsure about the ability of IT infrastructures to securely support a remote workforce. As a result, the survey finds the bulk of IT organizations will be revisiting endpoint security in the months ahead. For example, 21% of respondents plan to implement endpoint detection and response (EDR) capabilities, while 31% are evaluating it. Nearly on one-third (32%) have already implemented EDR.
Mobile threat detection tools are also a priority. While only 16% have implemented it, 28% said they plan to do so, and another 31% are currently evaluating these types of tools. More than 80% of respondents want their current or future EDR technology to support both traditional endpoint devices as well as mobile devices. Half (50%) want the ability to detect threats when a device is offline or not connected to the corporate network.
Security professionals also want endpoint technologies to dynamically adapt security policies based on user location, device, and other factors. Anticipated benefits of that capability include enhanced user experience and less friction (44%), continuous authentication (43%), and reduced remediation costs (43%).
Consolidation of incident detection and response across all endpoint platforms is another major requirement (80%) as part of an effort to lower costs (42%), enable broader device support (41%), and stop the spread of attacks (40%).
Despite a relatively high awareness of unified endpoint security (UES) platforms (90%) that address most of the end point security capabilities required, the report finds only 11% of respondents have implemented it. More than one in four respondents (27%) said their organization planned to implement UES, and 37% are currently evaluating the technology. More than three-quarters of respondents (76%) said they were highly likely to deploy UES as a managed service. In general, the top attributes required for endpoint security are ease of management (37%), price (35%), and ease of deployment (32%).
The report also suggests that one reason IT teams are struggling with endpoint security is that the IT security team is a decision-maker in less than 25% of organizations, with networking and IT infrastructure teams having the most influence when it comes to remote networking. Regardless of who is in charge, it’s clear a more collaborative approach will be required if organizations hope to successful navigate the more challenging travails of WFA.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.