Mind the gap: Why securing the remote workforce is a peak priority
Article by Bitglass chief technology officer Anurag Kahol.
Businesses are struggling to shift gears when it comes to secure remote access across their systems, leaving significant gaps in their data protection efforts that need urgent attention.
For most Asia Pacific businesses, securing the remote workforce has been a growing priority for some time, but the emergence of COVID-19 has propelled it up the corporate agenda in a way that few could ever have imagined.
The rapid shift from office-based work to home-based work, combined with a lack of adequate planning, has made the transition a painful one for many. Merely finding a workable remote solution has been challenging enough, let alone one that meets all the same stringent data protection measures typically found in an on-premises setup.
In fact, according to new research, 41% of businesses are yet to implement any steps to expand secure access of their remote workforces despite over 75% of employees now working from home.
The research study, conducted during the height of the pandemic, gives a fascinating insight into the challenges faced and how the scramble to adapt has left sensitive business data dangerously exposed to cyber threats.
Let’s look at the key research findings in more detail and assess what businesses can do to help them adapt to the ‘new normal’ in a safer, more secure manner.
Few businesses were prepared for large scale remote working. Before the start of the year, the prospect of a fully remote workforce seemed far-fetched for the majority of organisations. Indeed, almost four out of five of those questioned said less than a quarter of their workforce was working remotely before the pandemic.
Fast forward a few months and over 75% of the same organisations’ workforces are working from home indefinitely. Such a large shift to remote working is unlikely to be seamless without the necessary planning and infrastructure in place.
Unfortunately, this often takes months, or even years to complete, far longer than the weeks or even days that organisations had to adjust. Not surprisingly, only 29% of respondents claim they were fully prepared for remote working when the pandemic hit, with 33% saying they were either ill-prepared or not prepared at all.
When considered from a security perspective, the picture becomes even more concerning, with 70% stating they were either only moderately prepared or not prepared at all.
Unmanaged cloud access poses a significant threat to data security. To help ease the transition to remote working, more than half of organisations (54%) have understandably accelerated their migration of user workflows to cloud-based applications.
Consequently, this has helped employees to access everything they need to do their jobs from home. However, with no managed device program in place, almost two-thirds (65%) have allowed employees to access these cloud applications from personal, unmanaged devices.
Alarmingly, this is despite 55% of respondents acknowledging that such an approach poses a significant data security risk.
These findings indicate that organisations understand the risks but are operating for the sake of business continuity and productivity. The results appear to be positive, with 84% of organisations seeing either the same or higher levels of productivity from remote working.
However, risking data security is a dangerous game which puts corporate reputation and even long-term viability on the line in the event of a breach. This is reflected in the fact that almost two-thirds of respondents (63%) fear their current remote working program is impacting their compliance posture for regulations – potentially risking major fines and sanctions should the worst happen.
Adoption of effective security solutions needs to accelerate. When asked about existing controls to secure remote working, only 34% of enterprises claimed to have any form of endpoint compliance, while just 18% had cloud DLP in place, both of which are worryingly low given the current situation.
The lack of cloud DLP is particularly notable, given that 29% of respondents claimed they were fully prepared for remote working. This means at least 11% of respondents don’t feel that cloud DLP is a crucial component of a secure remote working program – a prospect that surely attracts cybercriminals.
Any organisation looking to create a remote working program with a BYOD approach must also deploy the tools needed to adequately protect sensitive data in such an environment.
Consequently, the numbers for endpoint compliance and cloud DLP, as well as those of other highly effective solutions like cloud access security brokers (CASB), user and entity behaviour analytics (UEBA), and zero trust network access (ZTNA), should increase significantly.
With the shift to remote working shaping to become long term, businesses can no longer afford to improvise when it comes to data protection. Instead, organisations must invest time and resources into finding appropriate security solutions that are capable of securing data in a remote environment.
Fortunately, there’s a wide range of highly effective products and solutions available today that can quickly provide visibility and control, no matter how geographically dispersed a workforce might be.
This research was conducted during the height of the pandemic when businesses were still scrambling to formulate an effective remote working strategy. Now, months after the start of this huge shift, organisations must equip themselves with the proper tools to avoid data leakage and other security risks.