While the degree to which any individual may be working from home in the years ahead the one thing that is certain is the percentage of people who work remotely is now much higher. What was once viewed as a temporary measure has become standard operating procedure in the aftermath of the COVID-19 pandemic.
The trouble is most of the security organizations still rely on was put in place when the bulk of employees worked in an office protected by a corporate firewall. There’s no doubt malware was being inadvertently being downloaded in a way that bypassed those firewalls prior to the pandemic. Today, however, many employees now routinely access corporate data via a consumer-grade home network. Sometimes they may be required to employ a virtual private network, but even then it’s been shown that the credentials employed to access a VPN are often easily hacked.
Not surprisingly, a survey of 200 North American business leaders conducted by the research firm Pulse on behalf of Sungard Availability Services (Sungard AS), a provider of IT services, finds only about one in five companies (21%) are fully confident their infrastructure security can support long-term remote work. Only 7.5% are very confident their security protections against phishing and ransomware attacks are adequate in a largely virtual environment, the survey also finds.
As a result, the survey finds that security software that keeps work devices secure (79%) and the need for an easy-to-use system that enables employees to share files securely (76%) are at the top of the IT priority list.
Fortunately, security now appears to rank higher in terms of overall priority. A survey of 333 business executives conducted by the law firm Seyfarth finds cybersecurity and cyberterrorism now ranks fifth (28%) in terms of macro trends that will impact businesses over the next five to ten years. The top four trends are advanced technology and automation (55%), evolving labor markets (47%), diversity and inclusion (47%), and the regulatory landscape (33%).
Inexorably, remote computing requirements will drive organizations further along the path toward embracing zero-trust IT architectures. In effect, IT organizations need to assume any device, application, or end-user credential might have been compromised. The Office of Management and Budget (OMB) for the Biden administration just issued a draft of a directive that would eventually require Federal civilian agencies to implement a zero-trust IT environment. The Cybersecurity and Infrastructure Security Agency (CISA) as part of that effort has released a Cloud Security Technical Reference Architecture and Zero Trust Maturity Model to guide and assist agencies in their implementation planning. Many IT teams would be well-advised to model these documents to jump-start their own efforts.
Of course, not every organization yet fully appreciates how much time it will take to implement secure access service edge or replace passwords with multifactor authentication protocols much less the actual costs involved. However, the sooner they start down that path the less traumatic that now all but inevitable transition is likely to be.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.