Companies worldwide have undergone one of the fastest operational transformations ever witnessed. With little warning, IT teams were suddenly told to transition tens of millions of employees to working remotely. In addition to keeping employees safe, companies grappled with how to maintain business continuity in this new normal of contactless commerce and communications. The transition to these new work paradigms requires a careful examination of opportunities and challenges, particularly in terms of scale, security and staffing.
Grappling with Scale
While many organizations already had some employees working remotely on a full-time or part-time basis, they faced the immense challenge of how to scale that model. Indeed, according to the 2019 National Compensation Survey from the Bureau of Labor Statistics, prior to the COVID-19 pandemic only 7% of Americans were working remotely. Today, a majority of workers are working remotely. Not only have organizations had to ensure that the critical staff needed to run the data centers remain available, but also that their service providers could scale with them just as quickly.
This required reviewing business continuity plans to make sure third-party suppliers were truly able to execute. Many of the existing business continuity plans were focused on regional or perhaps even national issues, but they really weren’t thinking in terms of how to prepare for a global pandemic. Even though many businesses shut down their physical, in-person operations, they have still needed to maintain operations for essential behind-the-scenes work like data center or security operations.
Security Remains Crucial
Security has been an ever-growing growing concern for businesses in this time of transition – especially as threat actors are all too ready to take advantage of difficult times. Society’s crisis becomes a cyber attacker’s opportunity. Countries have seen a dramatic escalation of social engineering email attacks since the coronavirus outbreak. As an example, the FortiGuard Labs team has seen an average of about 600 new COVID-19-related phishing campaigns per day. These attacks have been able to be spun up quickly and are perceived to have the highest rate of return.
Transitioning to remote work due to COVID-19 or similar events has not excused an organization from its obligations to data protection regulations or contracts. The requirement to remain open and continue offering promised services has not changed. On the contrary; the increased risk profile of such times mandates stricter adherence, to ensure the confidentiality, integrity and availability of data. Getting more performance during incidents requires creativity and smart tools.
From staggered shifts and creative scheduling to greater automation, organizations are finding ways to maintain operations. From a cybersecurity perspective, this meant organizations are relying on automation to deal with more mundane work items – freeing their limited staff to focus on higher-order security issues. For example, self-learning artificial Intelligence (AI) solution FortiAI has a demonstrated the ability to match the performance of up to five Security Operations Center (SOC) analysts and is an example of the tools being used to redefine SOC staffing models.
Bringing It All Together With the Right Tools
Virtual Private Networks (VPNs) have become vital for remote work, but VPNs could have posed a challenge for organizations if there wasn’t an infrastructure or BYOD (Bring Your Own Device) policy established beforehand. For companies that didn’t have a mobile workforce prior to the pandemic, it was quickly apparent that office desktops were not going to be accessible. That meant that employees were forced to use personal devices and home networks potentially full of unpatched vulnerabilities and malware. So, having an effective BYOD policy in place is now more necessary than ever.
Guidance during the pandemic from leading cybersecurity organizations such as the National Institute of Standards and Technology (NIST), advise all organizations to assume that cyberspace is a hostile operating environment and their devices and networks are most likely compromised and actively being used to attack their networks. Patch management, security awareness and basic security hygiene are more important than ever before.
Employees’ home networks are rarely, if ever, protected to the same degree as a corporate network. Therefore, as business functions and leadership teams move off the enterprise perimeter, we’re going to see more requirements for enterprise-grade security on the network edge. Secure SD-WAN and other features required by such “super users,” are quickly being deployed.
In addition, the endpoint device used for remote working as well as the network used to connect back to the office probably contains a wide variety of other devices with varying stat levels of security – if any at all. So, the endpoint device itself needs to be hardened, along with an assessment of the home network and devices attached so that all requests for network access can be identified and assessed per risk.
Ready For Change
The new normal will be characterized by contactless commerce and communications in which remote work is a standard operational model. Some organizations have transitioned seamlessly while others are still struggling. Understanding the key challenges of enabling work from home is a huge first step for the latter group. Time has shown us that with the right strategy, controls and technologies in place, it’s possible to successfully scale while remaining secure, even if staffing levels change. Zero Trust Network Access along with a data-centric security strategy are key to ensuring resilience for a highly distributed enterprise – from remote workers, across legacy networks to hybrid multi-cloud environments. Security teams should consider VPN and endpoint security solutions that can scale on demand as well as cloud services than can support hyperscale operations characterized by high levels of encrypted traffic and millions of connections per second. Taken together, the best practices noted above will help your organization remain secure in remote work for the long term – even beyond the pandemic.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.
Discover how Fortinet Teleworker Solutions enable secure remote access at scale to support employees with a wide array of access requirements.