Securing the remote workforce has become a critical, yet unexpected, priority for thousands of organisations forced to close their offices and workplaces in the wake of the ongoing COVID-19 pandemic. However, a combination of short timelines and lack of preparation have made it much more challenging than they originally anticipated. This article will explore some of the main trends and issues faced by these organisations in recent months, as discovered in Bitglass’s recent Remote Work Report 2021.
The shift to remote working is here to stay
At the start of the pandemic, up to three quarters of organisations questioned reported having between 75-100% of their workforce working remotely. Fast forward 12 months and well over half of those employees (57%) continue to do so, suggesting remote working is here to stay, or at least for the foreseeable future.
Interestingly, the motivation for this isn’t solely down to the virus either. The vast majority of organisations questioned (90%) plan to continue supporting it due to increased productivity and other business benefits realised. In fact, over half (53%) are looking at making some positions permanently remote after the COVID crisis ends, which is about 20 percentage points higher than it was when the pandemic first started. As such, a mixture of remote and on-premises workers will likely abound for some time, meaning the need for technology which can support this is growing rapidly.
Major concerns remain about the security risks remote working causes
Despite growing recognition of the benefits remote working can bring, there’s also significant concerns. More than three-quarters (79%) of those questioned in the report were worried about the security risks introduced by users working from home. Despite having a full year of remote work under their belts in most cases, businesses are still feeling worried and unprepared when it comes to securing off-premises users.
The biggest concerns stem from data leaking through endpoints (68%), users connecting with unmanaged devices (59%), and access from outside the perimeter, meaning less anti-malware protection (56%). These concerns are closely followed by maintaining compliance with regulatory requirements (45%), remote access to core business apps (42%), and loss of visibility of user activity (42%). In other words, there’s a wide variety of cybersecurity use cases and concerns that must be addressed by modern organisations as soon as possible.
Security efforts are currently too focused on the network
Part of the problem is that organisations are focussing their efforts in the wrong areas. Most respondents are primarily working on securing network access (69%) which, while important, isn’t necessarily the best use of time and resources. While it’s encouraging that 60% of respondents referenced BYOD as a top priority, there appears to be too little focus on securing cloud resources like SaaS apps (38%), which are frequently used to house, process, and share sensitive corporate data, particularly in remote working environments.
Elsewhere, organisations are using a variety of security controls to secure remote work, but most are still thinking solely in terms of legacy tools that aren’t well suited to modern enterprises. The top three controls were endpoint antivirus (80%), firewalls (72%), and VPN (70%), while more appropriate security tools like Zero Trust Network Access (20%), Cloud Digital Loss Prevention (20%), and Cloud Access Security Brokers (18%) were far less common.
Employee resistance creating vulnerabilities
An organisation’s security programme is only ever as strong as its weakest link which, more often than not, is its employees. According to Bitglass’ report, the three top policies and protocols that employees are most resistant to complying with are Mobile Device Management (32%), multi-factor authentication (30%) and Virtual Private Networks (26%).
Resistance to VPNs is causing particular problems, given how prevalent they are. In fact, 55% of participants agreed that relying upon VPNs has proved extremely challenging throughout the shift to remote work. Not only does using one frustrate users, it’s challenging to scale, and doesn’t provide zero-trust security – something that’s becoming increasingly critical.
Remote working is accelerating the transition to cloud
One thing that the majority of respondents agree on is the growing need for a more cloud-centric ecosystem. 71% said their organisation will shift away from on-premises appliances and tools in favour of the cloud, in order to enable more efficient remote working. However, 12 months on from the start of the pandemic, any transition needs to happen sooner rather than later in order to minimise any detrimental impact to long-term success.
With the COVID-19 pandemic fundamentally changing the way we work for the foreseeable future – possibly forever – businesses must adapt accordingly or risk losing ground on competitors. For many, this means implementing more appropriate business and security models that empower employees to work efficiently from everywhere while keeping sensitive data secure, wherever it goes. The process doesn’t need to be painful if done appropriately and those who achieve it will quickly reap the benefits of a more flexible, secure and productive working environment.
Anurag is the CTO of Bitglass and expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.