In recent years remote working has become increasingly common to enable people to remain productive while away from the office. However, the Covid 19 pandemic resulted in an almost overnight need for as many people as possible to work from home as lockdowns were imposed.
As lockdowns have started to ease, it has become evident that not everyone is rushing back to work in the office, and that working from home appears to be here to stay, regardless of Covid 19 infection levels.
The workforce has become accustomed to the convenience of working from home or remotely, when necessary, but security always needs to be a key consideration as businesses adapt to new ways of working.
The pandemic has helped to accelerate Digital Transformation, particularly the adoption of cloud-based services, but this all needs to be done with due consideration to security. However, organizations need to ensure that security is as unobtrusive as possible.
Research has shown, that as soon as security becomes burdensome for end-users, prevents them from doing their jobs easily, or slows them down in any way, they will find workarounds to circumvent security measures in order to meet work deadlines.
Organizations should not feel forced to choose between security and convenience, ease-of-use, flexibility, and business continuity.
It is therefore essential that organizations implement security technology that does not disrupt existing work patterns and makes security as easy as possible. This can be achieved by modernizing approaches by implementing things like passwordless authentication and zero trust architectures, for example, to achieve both ease-of-use and security.
Organizations should also strive to deploy only technologies that are secure by design, and focus attention on integrating security at all levels to ensure that security measures have little or no impact on productivity.
Business continuity and cybersecurity teams should work in close collaboration to achieve their common goals of security and continuity. While these two functions remain in separate silos, there is always the risk of failing to achieve the goals of either.
A more integrated approach to cybersecurity and business continuity will ensure that IT technology and security investment will focus both so that organizations will not have to choose one above the other.
As always with security, education also plays an important role. Organizations should therefore invest in educating all employees about cybersecurity risks and the role they can play in keeping their organization safe from attack.
As the business world moves to rapidly enable work-from-home (WFH), enterprise IT teams need to shift resources and priorities to ensure that remote workers are protected.
— John Tolbert, Lead Analyst at Kuppinger Cole.
Because we understand how important it is to enable employees to work securely out of the office, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available.
In the early days of Covid 19 lockdowns, several analysts blogged about how organizations could adopt new ways of working without taking unnecessary security risk.
Blog posts addressed a range of related topics, including Working Securely at Home During the Pandemic, Ransomware During the Pandemic Crisis, and the Top 5 Work from Home Cybersecurity Recommendations for Enterprises.
Picking up on the theme of cybersecurity education for employees and offering some guidelines for organizations, is this blog post entitled: Cybersecurity Awareness – Are We Doing Enough?
Increased remote working is one of the most obvious changes that the pandemic crisis has introduced, but several other changes have also taken place that are likely to become regular features of normal business as detailed in the blog post on The New Normal Post Covid-19.
If you would prefer to listen to what our analysts have had to say on the topic of remote and home working, watch this video on Cybersecurity Trends in the Age of Work from Home and listen to the following Analyst Chats on:
- Cybersecurity in the Enterprises in the Age of WFH
- Cybersecurity Vulnerabilities of Remote Work, Cybercriminal Behavior in the COVID Era
- How to Avoid Becoming a Phishing Victim During the Pandemic.
In this Analyst Chat providing An Overview of Enterprise Information Protection, analysts Anne Bailey and Matthias Reinwarth talk about the technologies that enable employees working remotely or from home access sensible corporate information from personal devices without compromises between productivity and security.
If data protection in the context of remote working is a top concern, have a listen to the following Analyst chat about How to Protect Data in a Hostile World.
As already highlighted, Enterprise Information Protection should be a priority in the work-from-home era. For a more detailed overview of the role EIP solutions play in the contemporary working environment and what capabilities vendors should provide, have a look at this Leadership Brief on Enterprise Information Protection.
Although a topic for discussion in its own right, the adoption of a Zero Trust approach to security has certainly come to the fore in the context of increased working from home. For an excellent overview of the topic, with reference to the topic of working from home, see KuppingerCole’s Comprehensive Guide to Zero Trust Implementation.
NDR and UEM are two technologies that organizations can deploy to reduce their exposure to cyber risk from remote working. For an in depth analysis of these markets and some of the main product offerings, have a look at the Leadership Compasses on Network Detection and Response (NDR) and Unified Endpoint Management (UEM).
In the work-from-home era, there is also an increase in demand for cloud-based security solutions. For an overview of the broad market of cybersecurity solutions delivered from the cloud, have a look at this Market Compass on Cloud-delivered Security
As the world shifts to greatly increased mobile and remote working, Workplace Delivery Platforms will enable a richer working experience from wherever end users are situated. For an overview of solutions that assist organizations in managing applications and data that end users access from a “single pane of glass” interface, have a look at this Market Compass on Digital Workplace Delivery Platforms.
As organizations went into overdrive to enable employees to work from home when the initial Covid 19 lockdowns were imposed, the focus tended to be on getting systems up and running and to ensure business continuity, often at the expense of security.
For some ideas on better approaches to business continuity and security, have a look at this Advisory Note on Business Continuity in the age of Cyber Attacks.
Remote working has increased the need for robust authentication standards, but so too has the increased adoption of multi-cloud environments, IoT, APIs and DevOps. Learn more about how to adopt appropriate authentication standards for your business by reading this Advisory Note on Identity Authentication Standards.
There is a wide range of webinars that touch on the topic of remote working from the generic like: Encrypt Everything and How to Hunt Threats Effectively With Network Detection & Response Solutions to the specific like: Remote Workforce: How to Protect Yourself From Emerging Threats? and Remote Work and IAM – A Unique Opportunity for Security Leaders.
Modernizing approaches to security to improve ease of use is a key to enabling employees to work securely and not looking for workarounds. One idea is to implement passwordless authentication wherever possible. For more information on how to do this, have a look at this Whitepaper on Planning for a "Passwordless" future.
Organizations investing in technologies to support working from home and other remote working, can have a look at some of the related technology solutions that we have evaluated:
- SAP Data Custodian
- PortSys Total Access Control
- Thales SafeNet Trusted Access Platform
- Oracle Data Safe
- WALLIX Bastion
- BeyondTrust Endpoint Privilege Management
- Cysiv SOCaaS
- ARCON PAM SaaS
- Fudo PAM by Fudo Security
- SecZetta Third-Party Identity Risk Solution
- ManageEngine PAM360
- Hitachi ID Privileged Access Manager