Anurag Kahol, CTO of Bitglass, discusses why businesses are struggling to shift gears when it comes to secure remote access across their systems, leaving major gaps in their data protection efforts that need to be urgently addressed.
For most businesses, securing the remote workforce has been a growing priority for some time, but the unexpected emergence of COVID-19 has propelled it up the corporate agenda in a way that few could ever have imagined. The rapid shift from office-based work to home-based work, combined with a lack of adequate forward planning, has made the transition a painful one for many. Simply finding a workable remote solution has been challenging enough, let alone one that meets all the same stringent data protection measures typically found in an on-premises setup. In fact, according to new research, 41 percent of businesses are yet to implement any steps to expand secure access of their remote workforces despite over 75 percent of employees now working from home.
The research study conducted during the height of the pandemic, gives a fascinating insight into the challenges faced and how the scramble to adapt has left sensitive business data dangerously exposed to cyber threats. This article will take a look at the key research findings in more detail and assess what businesses can do to help them adapt to the ‘new normal’ in a safer, more secure manner.
Few businesses were prepared for large scale remote working
Before the start of the year, the prospect of a fully remote workforce seemed far-fetched for the majority of organisations. Indeed, almost four out of five of those questioned said less than a quarter of their workforce was working remotely prior to the pandemic. However, fast forward a few months and over 75 percent of the same organisations’ workforces are working from home indefinitely.
Such a vast shift to remote working is unlikely to be seamless without the necessary planning and infrastructure in place. Unfortunately, this often takes many months, or even years to complete, far longer than the days/weeks that organisations had to adjust. Not surprisingly, only 29 percent of respondents claim they were fully prepared for remote working when the pandemic hit, with 33 percent saying they were either ill prepared or not prepared at all. When looking at this from a security perspective, the picture becomes even more concerning, with 70 percent stating they were either moderately prepared or not prepared at all.
Unmanaged cloud access poses a major threat to data security
To help ease the transition to remote working, more than half of organisations (54 percent) have understandably accelerated their migration of user workflows to cloud based applications. Consequently, this has helped employees have access to everything they need to do their jobs from home. However, with no managed device program in place, almost two thirds (65 percent) have allowed employees to access these cloud applications from personal, unmanaged devices. Alarmingly, that is despite 55 percent of respondents acknowledging that such an approach poses a significant data security risk.
These findings indicate that organisations understand the risks but are operating for the sake of business continuity and productivity. The results appear to be positive, with 84 percent of organisations seeing either the same or higher levels of productivity from remote working. However, risking data security is a dangerous game which puts corporate reputation and even long term viability on the line in the event of a breach. This is reflected in the fact that almost two thirds of respondents (63 percent) fear their current remote working program is impacting on their compliance posture for regulations such as GDPR and PCI DSS, potentially risking major fines and sanctions should the worst happen.
Adoption of effective security solutions needs to accelerate
When asked about existing controls to secure remote working, only 34 percent of enterprises claimed to have any form of endpoint compliance, while just 18 percent had cloud DLP in place, both of which are worryingly low given the current situation. The lack of cloud DLP is particularly notable given that 29 percent of respondents claimed they were fully prepared for remote working. This means at least 11 percent of respondents don’t feel cloud DLP is an important component of a secure remote working program – a prospect that surely attracts cybercriminals .
Any organisation looking to create a remote working program with a bring your own device (BYOD) approach must also deploy the tools needed to properly protect sensitive data in such an environment. Consequently, the numbers for endpoint compliance and cloud DLP, as well as those of other highly effective solutions like cloud access security brokers (CASB), user and entity behaviour analytics (UEBA), and zero trust network access (ZTNA), should significantly increase.
With the shift to remote working shaping to be long term, businesses can no longer afford to improvise when it comes to data protection. Instead, organisations must invest time and resources into finding appropriate security solutions that are capable of securing data in a remote environment. Fortunately, there’s a wide range of highly effective products and solutions available today that can quickly provide visibility and control, no matter how geographically dispersed a workforce is.
This research was conducted during the height of the pandemic when businesses were still scrambling to formulate an effective remote working strategy. Now, months after the start of this vast shift, organisations must equip themselves with the proper tools to avoid data leakage and other security risks.
Anurag Kahol, CTO of Bitglass
Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.