Your New Era of Cybersecurity Part 1: Remote Work Drives Your Cybersecurity Agenda
“Traditional perimeter security is dead.” - Forrester Research, Beyond Boundaries: The Future of Cybersecurity In The New World Of Work, September 2021
In March of 2020, organizations were unprepared for a massive transition to remote work and office employees working from home full-time. To enable continued operations, IT teams quickly pivoted to support the new reality they faced but were forced to make security sacrifices to keep the lights on. As 2021 comes to a close, we’ve come to a place that many may not have expected. This new reality includes organizations implementing new workforce strategies that prioritize remote work for today and the future. While security and IT teams adjusted to work from home and rolled out new tools and new security measures, they have not transformed their cybersecurity programs to account for a permanent mass of remote, highly distributed employees.
With remote work and new remote workforce strategies, “traditional perimeter security is dead.” IT teams can’t rely on most office employees spending time inside an office or even the cadre of traveling road warriors regularly appearing inside their security perimeter. Permanent, remote work is being implemented and offered to existing and new employees—and is becoming an essential part of both employee retention and hiring practices. According to Deloitte: 75% of CEOs expect their office spaces to shrink in the future due to remote work. That means, if organizations want to keep their most valuable employees or hire the most attractive candidates, flexible work and full-time remote work are becoming table stakes.
So, what started as necessary work-from-home because of a pandemic has morphed remote work into a critical HR retention and hiring strategy in a competitive employment market. Many existing employees are finding new remote work opportunities that allow them to work from anywhere and have a better work-life balance. In August, 3.3% of private-sector employees quit their jobs—the highest number since the U.S. government started tracking the statistics in 2000.
What does this mean for IT and security teams? Let’s summarize the new challenges now facing IT security:
- Re-aligning cybersecurity defenses and maturity to a remote workforce strategy. According to Forrester, “48% of security and business leaders think they are not well-prepared when it comes to aligning their cybersecurity approach with their workforce strategy.” Organizations both need to understand their remote workforce strategy and then appropriately change their cybersecurity programs.
- Re-architecting cybersecurity for remote work. This means moving from perimeter-based to modern access-from-anywhere and from protecting the borders to protecting devices. Remote work’s end of the perimeter impact means amplified risk from new threat vectors. However, legacy security architecture wasn’t designed for today’s modern internet-based environments, so new tools, technologies or configurations are needed to support a new access structure.
- Re-orienting IT security to a better user experience that supports and encourages users to comply with security policies and best practices. Office-based employees can be compelled to comply with IT security, but remote workers have more options to circumvent policies and best practices. However, as users remain the weakest link in defenses, organizations must improve remote users’ IT security experience to help defend the organization. IT teams need to find the right balance between usability and security: keeping the user burden low enough for users to not look for workarounds while still protecting critical assets.
How and Where to Begin
So, what do organizations need to do now? Flexential has created a roadmap to help customers systematically address their latest cybersecurity challenges brought on by new long-term remote work workforce strategies. The things organizations need to address now fall into three categories: Policy, Technology and Education.
- Policies to govern remote work
- The technology required to do it safely and efficiently
- Ongoing employee education for individuals to safely and productively work
Part two of this blog series will go into more detail on how to effectively and systematically address the needed changes and complexity in this transformation.