WFH security lessons from the pandemic

The unplanned worldwide experiment in remote work has been a trial by fire for security pros. Here’s how IT teams have protected work-from-home employees, and what needs to be done moving forward.

Tech Spotlight   >   Cybersecurity [CW]   >   A remote worker at her laptop.
NoSystem Images / Getty Images

A year ago, IT and cybersecurity teams faced a number of challenges — constantly emerging threats, data privacy regulations, and a significant and widening skills gap, to name a few. Then things really got difficult.

The COVID-19 pandemic and its impact on business processes changed the security dynamic in a big way, making matters even more complex. Shifts to cloud services were accelerated. E-commerce efforts were launched or expanded. COVID-related cyberattacks became common.

But the most significant development was the sudden and massive shift to a remote workforce. Seemingly overnight, employees who'd formerly worked in offices began working from home, many relying on their own computing devices and makeshift network access methods, with IT departments scrambling to protect their devices and data.

As the pandemic enters its second year, it’s worth reviewing some of the security lessons we’ve learned so far and looking ahead at the techniques and technologies that will help protect the future hybrid workplace.

Enterprises should extend endpoint protection tools

For one thing, organizations have discovered that they need to extend the capabilities of their existing security infrastructures in ways they might not have considered before the work-from-home shift. That includes ensuring that corporate security practices and tools that fortify and defend a company’s perimeter can cover a broader range of geographic locations to account for home offices.

“Moving into a remote work environment has meant a change in focus from macro-level security to micro-level extensions of platforms and adoption of new ways of extending a secure environment to remote workers,” says Mark Liggett, CEO of Liggett Consulting and a longtime IT and cybersecurity consultant.

During the past year, the firm has advised companies on extending their endpoint protections and endpoint detection and response tools to their remote users. “This type of change might take negotiation with vendors to add additional licenses for remote users,” Liggett says.

“Some vendors include licensing by user ID rather than device, which can save time and money on deployment. In today’s environment, it is worth a review and pressing for the options that you need to accomplish a secure working environment anywhere,” advises Liggett.

Advanced authentication and access controls are key

Although remote work has added risks, for the most part, companies have been able to mitigate them through modified access controls, strong authentication tools, and emerging technologies, Liggett says. “The use of multifactor authentication and leveraging modern security platforms that feature machine learning and computer behavior monitoring have given additional layers of protection and security into remote connections.”­

Ubiquitous VPNs and remote access controls have played important roles in the emergence of widespread remote work, Liggett says, but improvements are on the way. Security teams can expect to see a retooling of remote access and VPN tools, where multifactor authentication plays the key role in authenticating users and providing access controls, he says.

It helps to adopt cloud-first security measures

As the big shift to remote work accelerated companies’ move to cloud-based apps and platforms, cloud-based security has become increasingly important. “Using a cloud application security broker adds additional security and compliance protections into the cloud space,” says Liggett.

In fact, some say the cloud has become an essential part of remote work security. “The pandemic has taught us that a cloud-first security strategy is the future,” says Andrew Hewitt, an analyst at Forrester Research serving infrastructure and operations professionals.

Overreliance on on-premises VPNs and virtual desktop infrastructure “required heroic work from IT practitioners to get them up and running at the start of the pandemic,” Hewitt says. “We expect that cloud-based security solutions such as zero-trust network access and cloud desktops will emerge from this pandemic as clear winners against the on-prem solutions.”

Collaboration tools need shoring up

Companies have also found that online collaboration apps — vital for a remote workforce — come with security risks. “The initial use of these tools was not very secure, either by the delivery of the systems or by the design by the manufacturer,” Liggett says.

In the rush to find a way for at-home employees to hold meetings, for example, many organizations turned to videoconferencing apps, especially Zoom, which was notable for its ease of use. Among other security missteps by the vendor, the Zoom app initially left important security and privacy features turned off by default, leaving inexperienced users vulnerable to uninvited guests.

In response to widespread criticism, Zoom quickly enabled key security features by default, added support for AES 256-bit GCM encryption, and announced that it would add end-to-end encryption in the future. Other videoconferencing vendors have rolled out numerous security enhancements in the past year as well.

“The market demand for security forced change to these systems to [become] a safe and secure way to communicate,” Liggett says, but it’s still incumbent on IT to ensure that the tools are configured for maximum security and that users are trained to use them properly.

Moving forward: Preparing for the hybrid workplace

Because many organizations rushed to support the remote workforce, more work still needs to be done to secure remote environments.

“CISOs were able to increase their 2020 cybersecurity spending to account for the rush to the cloud, the new work-from-home model, and responding to endless phishing attacks,” says Frank Dickson, program vice president, Cybersecurity Products, at research firm IDC. But those investments “extended the existing remote access solutions for the most part,” Dickson says. “There was not time for optimal [protection]. Now, CISOs will have to work to secure the new holes in their security posture that all these rapid changes have no doubt opened up.”

The good news for many security executives is that they will have the resources they need. IDC research shows that secure remote access technology is second only to conferencing platforms in planned enterprise spending increases for 2021, Dickson says.

In addition to shoring up defenses for remote workers, security leaders need to plan for a hybrid work scenario, in which some employees split time between working at home and at a corporate location. That model appears to be here for the long term; Forrester projects that 70% of organizations will have hybrid or “work-anywhere” environments in the future.

The reality of a remote work environment that lacks a true perimeter and can be difficult to control has prompted the emergence of a new market segment that IDC calls pervasive data defense and response platforms.

“These platforms consist of tightly integrated cloud security gateways, data loss prevention platforms, and secure web gateways by leveraging unified user or group policy across the entire security stack, and providing a single reporting mechanism,” Dickson says. This converged security infrastructure shows promise in reducing the complexity of managing data governance policies across hybrid and multicloud environments, he says.

Vendors such as McAfee, Symantec, and Forcepoint are addressing this segment, Dickson says. McAfee's Unified Cloud Edge platform provides cloud-native security that enables data and threat protection controls for devices and cloud services. Symantec's integrated data loss prevention platform also provides data and threat protection controls for devices and cloud services. Forcepoint's approach is designed to appeal to organizations that want a strong security posture with tight monitoring over employees to prevent insider threats.

In the coming months, companies should look at new ways to manage and support their workforce from users’ locations, Liggett says. “The continuous improvement in the SD-WAN space has promise for extending secure network access above and beyond the capability of VPN,” he says. He also expects to see companies investing in cloud and edge computing platforms to further enhance security for remote connections.

“I have a philosophy: any data, anywhere, anytime, any device — and it should be done securely,” Liggett says. “Following this path has been advantageous in [this] time of uncertainty. It continues to pay dividends as we further leverage technology to remove barriers of distance.”

Copyright © 2021 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon