When COVID-19 forced organizations to scatter from their offices in March 2020, conventional wisdom said it would be a short-term disruption lasting weeks, perhaps a couple of months.
As sometimes happens, the conventional wisdom was wrong. We’re now many months into a massive remote work experiment. It’s clear the old way of doing things—with most workers in offices using company-owned devices connected to company-run networks—isn’t coming back.
In this eWEEK Data Points article, Ganesh Pai, CEO of Uptycs, shares with readers six challenges organizations should address as they refine their security plans in a remote-first world.
Data Point No. 1: Endpoints and cloud workloads are in focus, and so are their risks.
The rapid onset of remote work has put the focus on productivity endpoints, most notably MacBooks and Windows laptops. Organizations are also adopting production endpoints, such as virtual machines (VMs), containers and resources from cloud service providers (Amazon Web Services, Google Cloud Platform, Microsoft Azure). Securing these remote fleets and resources should be a key part of your security plan.
Data Point No. 2: You can’t rely on corporate network defenses anymore.
The attack surface of your organization has grown immensely with your employees working from home. Now, instead of benefiting from the tools and monitoring on your corporate network, your security teams need to consider the home networks that your employees use every day. These networks are outside your firewall and you cannot deploy network monitoring on them to detect threats. Your security plans need to account for many more potential vectors for attack, and your detection capabilities must be flexible enough to adjust to a changing threat landscape.
Data Point No. 3: A lack of cyber hygiene can undermine defenses.
With employees’ laptops outside the corporate firewall, it’s all the more important to prepare for incidents by practicing good cyber hygiene. Your teams should be able to quickly identify vulnerable software versions and insecure configurations that serve as an open door for hackers. Standards such as the Center for Internet Security (CIS) Benchmarks and Controls provide established definitions for what secure settings ought to look like. You can turn to these community-developed frameworks as you seek to harden your defenses in a remote work world.
Data Point No. 4: Remote employees can create risk … or be empowered to defend.
Organizations must rely on employees to make safe decisions in a remote work environment. The good news is that most employees want to follow good security practices and no one wants to be hacked. You can harness the human desire to help by applying an approach called user-driven security. User-driven security empowers people to fix insecure configuration settings themselves, using a combination of regular security checks and automation through chat platforms such as Slack.
Data Point No. 5: A rush to the cloud may have put security in the back seat.
As the scope of COVID-19 expanded, organizations quickly moved assets and environments to the cloud so they could facilitate the urgent transition to a remote workforce. But those critical cloud components still require management, and traditional tooling constructed for corporate settings won’t cut it in cloud environments. That’s why companies should adopt tools that can offer visibility across production endpoints and cloud workloads. Be sure to also look for inside-out visibility—via virtual machines and containers—and outside-in visibility—from cloud providers and container orchestrators. Contextualizing inside-out and outside-in visibility together improves attribution.
Data Point No. 6: An expanded threat surface can enhance alert fatigue.
The deluge of alerts pumped out by tools can put teams on their heels, forcing them into a cycle of parsing and reacting to incidents. The issues surrounding reactivity—such as being overwhelmed and unfocused—expand in remote environments because the attack surface is bigger, additional software (such as video conferencing tools) might be installed on remote endpoints, and remote systems could be used for work and non-work purposes. All of this can lead to more alerts and false positives.
Rather than over-relying on reactive detection, an effective way to reduce alert fatigue is to employ continuous auditing coupled with periodic security training. Combine these activities with high-fidelity detection based on a trusted framework like MITRE ATT&CK, and you’ll gain confidence in your security processes and posture.
Data Point No. 7: Conclusion
If you believe your organization’s remote work security challenges will subside once workers return to the office, you might be in for a harsh reality.
One survey found that nearly a third of employees plan to work remotely full time after the pandemic, and another 27% anticipate they’ll work remotely at least part of the time. A separate survey showed this expectation is shared by management, with 43% of IT leaders saying more than half of their employees will work at home following the pandemic.
The risks that remote work creates for organizations are here to stay. That’s why now is the time to develop a sustainable remote work security plan that combines clear-eyed acknowledgment of the issues and practical strategies and tools that address your organization’s short-term and long-term remote work needs.
If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.