Business continuity plans are being put to the test as organizations close their physical locations and enforce a rigid work from home policy. IT professionals have been forced to accelerate their digital transformation plans so employees, contractors, and partners can transition to remote work and maintain productivity no matter where they are working.
Office, facility and campus closures happened suddenly, and few had the luxury of planning for a sudden shift to remote work. IT administrators are still struggling to address the most fundamental needs of their organizations and help workers to be productive in these times. Do all employees have a laptop and the software that is required to perform their daily tasks? What about printers, scanners and other business devices? Can all of those who require access to corporate data and applications—employees and partners alike—securely connect to those services? All of these queries need to be resolved to ensure that employees can stay productive while working remotely without compromising the organization’s security posture. So, what are some of the productivity and security challenges companies may face during these conditions?
Surge in collaboration tools usage
To stay connected, companies have flocked to collaboration tools like video conferencing services and instant messaging platforms. A recent analysis by Wandera shows that connections to remote working tools increased by 133% between the beginning of February and April 2020.
For the same time frame, data usage also shot up for collaboration tools; for instance, data usage on Zoom is 1,855.2% higher when compared to the start of February 2020.
These figures aren’t overly surprising given what is happening, but the surge in usage has caused service problems for both Microsoft Teams and Zoom.
Software management involves more than purchasing a license
Many organizations who have not experienced data consumption surges or service-related issues are facing a far bigger problem: the lack of installed and configured software on remote devices.
Users who do not have the right collaboration tools are simply unable to interact with colleagues and third-parties under remote work scenarios. In these situations, friction grows and work gets delayed. Even if the perfect software suite is licensed, productivity will take a big hit If that software is not installed or configured properly.
The solution for this scenario comes in the form of a unified endpoint management (UEM) tool capable of either delivering a unified app catalog for user self-service or distributing single applications or groups of them directly to user devices. Administrators benefit from being able to track the deployment status and usage while users can be sure they’re installing a work-ready version of a mission critical app.
VPNs are overloaded and outdated
In a similar vein to collaboration software, capacity is an issue for virtual private networking tools. VPNs have been a staple of remote working life for a long time but were not designed to support the workloads seen today. VPNs are an aging technology, built on a three-decade old architecture; they’re clunky for IT teams to manage, and users frequently encounter the latency, loss and jitter that crushes productivity.
VPNs were designed around the assumption that most applications resided on the corporate network; they used to be an essential tool for connecting remotely. However, many businesses have embraced cloud services as they try to eliminate internal data centers and support a dramatic increase in remote working. Routing all traffic back through one corporation’s campus via a VPN simply no longer makes sense and is a further limit to productivity and cross-organizational collaboration.
A modern, performant, cloud-based service that is well-suited to support remote work is a practical alternative. Organizations should seek out services that can scale dynamically and offer faster connectivity and a simpler end-user experience.
Attackers targeting stay-at-home workers with COVID-19-related scams and cyber threats
Uncertainty is a cybercriminal’s best friend, and the pandemic presents the perfect opportunity to exploit human weakness. We’ve already seen a number of phishing and malware attacks using COVID-19 as a guise. As millions of people look to make sense of the situation, it’s very easy to be lured in by scams pretending to provide new information, answers or even potential remedies.
Organizations that want to protect the modern-day remote worker need a solution that is contemporary in its approach. Security products must be able to respond rapidly to a sudden change in tactics, most notably with nimble threat intelligence that protects against zero-day attacks. To achieve widespread adoption, the security solutions must also deliver a consistent experience across all device form factors and management models, allowing the same protections to span BYOD and corporate liable devices. Finally, modern protections for remote workers must not be on the operational fringe; these products must be tightly integrated, enabling coordinated policy actions, centralized administration, and a single view for incident response. As each user is equipped with more devices and applications, automation becomes an essential element in scaling management and, ultimately, protecting workers from modern threats.
Unmanaged access and devices
During this time of such heavy remote work, it is expected that the majority of network traffic will be coming from outside the corporate perimeter, and the number of devices connecting to corporate services will likely be on the rise. If companies didn’t have a BYOD policy in place, they may have been forced to adopt one due to lack of inventory or capability for employees to work remotely. How can companies be sure that a device is free of malware or that someone is who they say they are when attempting to log into an application?
Enabling employees to use their own devices for work will be essential for many businesses to keep their employees productive, however, it may create unacceptable risk if left unmanaged. A business should not blindly trust personal devices to meet corporate security standards; instead provisions need to be put in place to manage the risk associated with unmanaged devices.
UEM serves multiple purposes in this scenario, the first being immediate support for any BYOD device. Whether Windows, macOS, iOS, Android, or even Google Chrome, a true UEM solution must allow organizations to configure granular device-level policies specific to each OS. Beyond this surface security, BYO devices require data separation, either in the form of a UEM-delivered container to house corporate applications and data such as email, calendar, and contacts or via native controls built into the OS by the device manufacturer—i.e., Android Enterprise, iOS User Enrollment, and Windows Information Protection. This helps ensures that the corporate data is secure irrespective of which device it is being accessed from and at the same time the privacy around the employee’s personal data is maintained.
Enhancing the need for zero trust
Companies of all sizes have been grappling with secure access management in increasingly cloud and mobile-first environments for quite some time now. The sudden change to a majority of an organization’s workforce being remote may be the catalyst that forces companies to accelerate security projects that embrace zero trust concepts and architectures.
Aside from a few legacy applications, the majority of heavily trafficked applications will be SaaS-based. The world has become far too complex to assess whether access requests are to be granted using rudimentary data points like user identity or application alone; security models need to consider all of the context that surrounds a request. Many security professionals are now pushing for access control policies that can incorporate some information about the device—specifically, a risk posture check, the location from which the request is initiated, and other salient details—along with information on the user and the application before a request can be granted. This is a big change from the checks that are in place with many legacy solutions, but a significant step forward to improve the organization’s security posture.
Establishing a user’s identity is key to managing security within a remote working setup. The use of multifactor authentication (MFA) and single sign-on (SSO) provide a high level of assurance to a session that isn’t granted with just basic usernames and passwords.
On top of determining the user identity, the device also needs to be assessed. A user’s identity alone should not vouch for the health of the device they are using; they may have unwittingly installed malware, or their OS may not be patched. Using an endpoint threat defense product and integrating it with a UEM with a built-in identity management capability can perform risk assessments of a device based off a wide range of criteria – ranging from device compliance status to security risk on the device, user behavior risk, and other telemetry including biometrics and more will go a long way to help ensure only the right person is allowed access to the right content in the right context, thereby reducing a company’s risk exposure.
Managing devices remotely
Part of business continuity is about maintenance, ensuring that existing technologies are up to date. Unified endpoint management will play an important role in how remote workers are managed over the coming months, enabling IT teams to enroll new devices, including those that are employee-owned, as well as configure devices so that they comply with corporate policy. This can be anything from installing VPN profiles, enforcing encryption or provisioning new content and services. UEM helps organizations ensure a consistent configuration across many devices, and it also provides a platform through which all related tools—such as MTD and IAM—can be managed, therefore eliminating additional overhead and complexity.
Companies are now being forced to address remote working inefficiencies and insecurities that have been perceived as minor niggles for the past decade. They can no longer be ignored, and the new age of remote working is here, probably to stay. Gartner predicts that 74% of businesses will move some employees to remote working permanently. In these circumstances, technology can be friend or foe, and those companies that can adapt the quickest, and provision technologies that keep employees productive will have a greater chance of survival.
For more information and resources focused on the security challenges of remote work, we encourage you to visit the Wandera’s Secure Remote Work Hub and www.ibm.com/security/covid-19.