Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Mobile
    • Networking

    Six Remote Work Security Challenges Your Organization Should Address

    Written by

    Chris Preimesberger
    Published January 8, 2021
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      When COVID-19 forced organizations to scatter from their offices in March 2020, conventional wisdom said it would be a short-term disruption lasting weeks, perhaps a couple of months.

      As sometimes happens, the conventional wisdom was wrong. We’re now many months into a massive remote work experiment. It’s clear the old way of doing things—with most workers in offices using company-owned devices connected to company-run networks—isn’t coming back. 

      In this eWEEK Data Points article, Ganesh Pai, CEO of Uptycs, shares with readers six challenges organizations should address as they refine their security plans in a remote-first world. 

      Data Point No. 1: Endpoints and cloud workloads are in focus, and so are their risks.

      The rapid onset of remote work has put the focus on productivity endpoints, most notably MacBooks and Windows laptops. Organizations are also adopting production endpoints, such as virtual machines (VMs), containers and resources from cloud service providers (Amazon Web Services, Google Cloud Platform, Microsoft Azure). Securing these remote fleets and resources should be a key part of your security plan.

      Data Point No. 2: You can’t rely on corporate network defenses anymore.

      The attack surface of your organization has grown immensely with your employees working from home. Now, instead of benefiting from the tools and monitoring on your corporate network, your security teams need to consider the home networks that your employees use every day. These networks are outside your firewall and you cannot deploy network monitoring on them to detect threats. Your security plans need to account for many more potential vectors for attack, and your detection capabilities must be flexible enough to adjust to a changing threat landscape. 

      Data Point No. 3: A lack of cyber hygiene can undermine defenses.

      With employees’ laptops outside the corporate firewall, it’s all the more important to prepare for incidents by practicing good cyber hygiene. Your teams should be able to quickly identify vulnerable software versions and insecure configurations that serve as an open door for hackers. Standards such as the Center for Internet Security (CIS) Benchmarks and Controls provide established definitions for what secure settings ought to look like. You can turn to these community-developed frameworks as you seek to harden your defenses in a remote work world.

      Data Point No. 4: Remote employees can create risk … or be empowered to defend.

      Organizations must rely on employees to make safe decisions in a remote work environment. The good news is that most employees want to follow good security practices and no one wants to be hacked. You can harness the human desire to help by applying an approach called user-driven security. User-driven security empowers people to fix insecure configuration settings themselves, using a combination of regular security checks and automation through chat platforms such as Slack.

      Data Point No. 5: A rush to the cloud may have put security in the back seat.

      As the scope of COVID-19 expanded, organizations quickly moved assets and environments to the cloud so they could facilitate the urgent transition to a remote workforce. But those critical cloud components still require management, and traditional tooling constructed for corporate settings won’t cut it in cloud environments. That’s why companies should adopt tools that can offer visibility across production endpoints and cloud workloads. Be sure to also look for inside-out visibility—via virtual machines and containers—and outside-in visibility—from cloud providers and container orchestrators. Contextualizing inside-out and outside-in visibility together improves attribution.

      Data Point No. 6: An expanded threat surface can enhance alert fatigue.

      The deluge of alerts pumped out by tools can put teams on their heels, forcing them into a cycle of parsing and reacting to incidents. The issues surrounding reactivity—such as being overwhelmed and unfocused—expand in remote environments because the attack surface is bigger, additional software (such as video conferencing tools) might be installed on remote endpoints, and remote systems could be used for work and non-work purposes. All of this can lead to more alerts and false positives. 

      Rather than over-relying on reactive detection, an effective way to reduce alert fatigue is to employ continuous auditing coupled with periodic security training. Combine these activities with high-fidelity detection based on a trusted framework like MITRE ATT&CK, and you’ll gain confidence in your security processes and posture.

      Data Point No. 7: Conclusion

      If you believe your organization’s remote work security challenges will subside once workers return to the office, you might be in for a harsh reality.

      One survey found that nearly a third of employees plan to work remotely full time after the pandemic, and another 27% anticipate they’ll work remotely at least part of the time. A separate survey showed this expectation is shared by management, with 43% of IT leaders saying more than half of their employees will work at home following the pandemic.

      The risks that remote work creates for organizations are here to stay. That’s why now is the time to develop a sustainable remote work security plan that combines clear-eyed acknowledgment of the issues and practical strategies and tools that address your organization’s short-term and long-term remote work needs. 

      If you have a suggestion for an eWEEK Data Points article, email [email protected].

      Chris Preimesberger
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Linkedin Twitter

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.