As the pandemic spread across the globe, most companies mandated their employees to work from home. Suddenly, organizations needed network infrastructures that could support remote workers logging in to access critical company systems. C-suite executives directed their IT departments to quickly pivot resources to support the altered workforce.
Along the way, companies and employees discovered that working virtually has its benefits and may very well become the new standard of working life. Although some organizations are beginning to have employees return to the office (in a social distance-friendly manner), others such as Google, Twitter and Zillow recently announced that their employees may work remotely indefinitely.
The shift to remote work also fundamentally alters the need for real estate assets while broadening the talent pool for qualified candidates who are no longer limited by their geographic locations.
Work from Anywhere
In an effort to slow the spread of the COVID-19 pandemic, many employees began working from home. Recent survey reports show that 95% of employees will continue or start to work remotely.
By 2022, more than 50% of those who responded indicated that their physical locations were affected by lockdown orders to some degree.
In 2021–2022, corporate executives (including Senior Management) expect a 333% increase in business and expect more than 75% of their workforce to operate remotely.
Conversely, the survey showed a 65% decrease in businesses that plan to keep most/all employees on-premise, which represents a massive shift in business operations.
Heavy Lifting by Networks
The quick shift from the office to working from home spurred an unexpected business transformation as many organizations discovered that there are long-term benefits to the arrangement, including:
- Massive improvement in Employee productivity
- A better sense of work-life balance is achieved
- Greater flexibility leading to improved employee retention
- Companies now have greater access to candidates filling open positions that require in-demand skills
As organizations adopted a diverse employee pool, strategic and valued employees and candidates are no longer bound by geographical locations. Work-life balance has become a table-stakes requirement. To support large-scale remote operations, organizations accelerated the adoption of managed services and the move to the cloud in their effort to build a resilient infrastructure.
As per the survey, even though 43% of the respondents' companies had to reduce headcount, they reported a 46% increase in productivity by implementing remote work, improved processes, resilient infrastructure, automation and applications.
Management of ever-evolving security threat landscape: Effects of the pandemic on network security
The rapid shift in business operations significantly impacted the cyberthreat landscape. As companies fast-tracked the migration of digital assets to the cloud, they also inadvertently increased the attack surfaces from which hackers can try to gain access to their data and applications.
C-suite executives are moving quickly with network plans to support exploding customer and supplier demand for contactless interactions and the unplanned need to connect a remote workforce. Yet they are also aware that they are not fully prepared to adequately protect their organizations from unknown threats. The situation is further compounded by the cloud shared responsibility model, which says that cloud service providers are responsible for the security of the cloud while customers are responsible for securing the data they put into the cloud.
Cybersecurity is a key business driver that senior managers know must be incorporated into strategic planning at the highest levels. As the volume and sophistication of cyberattacks continue their relentless pace, organizations seek ways to automate detection and mitigation. Unresolved security incidents can be disastrous to companies already dealing with issues related to the pandemic.
Protecting the cloud
Hosting applications and data in the public cloud is a proven way for enterprises to be nimbler with network operations, improve the customer experience and reduce costs. As more data moves to the cloud with the adoption of contactless payments and remote work initiatives, about 32% of the respondents reported that they rely on public cloud hosting providers to secure their digital assets.
The issue with that approach is that every public cloud provider utilizes different hardware and software security policies, methods and mechanisms, creating a challenge for enterprises to maintain standard policies and configurations across all infrastructures. Plus, public cloud providers generally only meet basic security standards for their platforms because they want to standardize how they monitor and mitigate threats across their entire customer base. Lastly, the aforementioned cloud shared responsibility model further complicates things.
Depending on the type of cloud deployment — software as a service (SaaS), infrastructure as a service (IaaS) or platform as a service (PaaS) — customer security responsibilities will be determined. The failure of customers to fully understand and adhere to the shared responsibility model is responsible for the majority of public cloud data breaches. That leaves gaps in security, which hackers are more than happy to stay at home behind their keyboards to exploit.
Understanding the Security Risks of Cloud Environments: What cloud security gaps do organizations need to address now?
C-suite executives should not expect the pace of decision-making to slow as the pandemic continues. Network migrations to the cloud, which likely would have taken place over five years, will be compressed into much shorter time spans. In the race to move digital assets to the cloud, most organizations did not have time to ensure basic network security compliance. More than 30% of the respondents said that they rely on their third-party providers to certify security management services.
Although the cloud enables organizations to respond rapidly to pandemic-related issues and market opportunities, the decentralized nature of this model adds complexity to how applications and computing resources are secured.
Organizations cannot simply move their critical business infrastructure and applications to the public cloud and assume that the hosting partner will take care of security. Cloud providers typically deliver the same standardized security across their customer base, essentially a “checkbox level” offering that meets basic requirements but does not meet the specialized needs of a specific enterprise. This depends on the nature of the application and the enterprise's readiness to move to the cloud as-is or needing to be transformed into a cloud-native architecture. Organizations may assume that cloud providers are securing their digital assets without realizing how many gaps exist in the broadened attack surface.
To understand where the gaps exist in public cloud network security, organizations need visibility across all the different platforms from one holistic solution that enables management of the security posture by utilizing one common language. The goal is to be able to:
- Prevent attacks by reducing the size of the attack surface
- Detect and identify evolving threats
- Respond with accurate and effective mitigation
As network architectures get more complex, there is added pressure to secure the new points of attack vulnerability. Cloud environments introduce a significantly larger attack surface that requires protection from cyberattacks.
There is also a lack of visibility about which entity the organization or the cloud service provider is responsible for specific elements of network security.
In the State of Web Application Security Research report, 65% of the respondents said that they are not clear about security boundaries, and 53% of the respondents experienced data exposure as a result of misunderstandings with the public cloud provider regarding security responsibilities.
Increased agility and the pace of assets staged or destaged make it challenging for organizations to realize and protect their rapidly changing security perimeter. C-suite executives should be mindful of potential security gaps as they continue to move digital assets to the cloud.
Indicators of Cloud Security Gaps
Senior executives are seeking ways to reduce risk exposures by proactively aligning network security strategies with business objectives. There are a number of questions they can consider to determine if their cloud environments have security gaps that need to be addressed.
- Changes in network topologies and configuration
- Challenges in adapting applications to cloud-native architectures
- Changes in cloud workloads, such as containers, application programming interfaces (APIs), compute instances, storage, etc.
- The sophistication of data access/authentication methods and shadow IT
- Remote operations and workforce possibly resulting in noncompliance for key regulations such as HIPAA, GDPR and CCPA
- Management of distributed assets and environments
- Management of third-party interfaces
- Inconsistencies in third-party data access
- Overall lack of consistent security posture and policy enforcement
C-suite executives see the future as a globally dispersed, remote workforce catering to a customer base that primarily interacts with brands digitally, consuming goods and services from the comfort of home.
While the pandemic may have forced companies toward an acceleration into the cloud, C-suite executives embraced the opportunity to future-proof their organizations by building resiliency, honing budget management and adopting new processes and technologies. They quickly rethought their business, products and services and the infrastructure required to support their customers and employees in a contactless economy.
Throughout the next two years, organizations will continue to shift to the cloud and increase their investments in IT infrastructure and applications, in addition to machine learning, AI and automation. This will create more agility and efficiency in business operations and provide a better digital experience for consumers. These changes will require a powerful, complex security posture that is both agile enough to evolve at the speed of business and robust enough to ensure protection against a rapidly expanding threat landscape that specifically targets the cloud.
The author is Vice President & Managing Director – India , SAARC , Middle East & GSI at Radware. Views are personal.