Guide to Securing Organizational Changes in the New Remote Work Reality
2020 will go down as the year of the largest shift in work culture in generations. Organizations became 100% remote workforces within a matter of hours or a few days, and some previously with a non-existent or partial remote work infrastructure. This shift put remote work and collaborative technologies to the test at a scale that we have never seen before. Today’s employees are logging in from their kitchen tables to email, slack, airdrop and message their colleagues. And while they are all focused on getting their work done, what might not be so apparent is that they are also opening up their companies to heightened data risk.
The simple truth is old-school technologies that were designed to prevent data from moving outside traditional security perimeters were never built to safeguard collaborative workforces. And if they weren’t equipped to protect routine cloud collaboration, how can they possibly handle the highly distributed workforces and the huge influx of remote workers we are seeing today?
The implications? This unprecedented situation is going to shine a light on gaps in the security stack that have existed for some time. So, what can companies do to help secure this growing remote workforce?
1. Assess the situation your company is in — consider tech for security and your employees
A good place to start is to determine if your tech gives you visibility to see where your data is moving now that data is outside the safe haven of corporate networks and VPN requirements. Common questions to ask are:
- Am I monitoring data movement across endpoints (computers) and cloud?
- Are there any tools or infrastructure lacking that puts enabling remote employers at risk?
- Have the tools that will be used to enable remote work been thoroughly tested and passed QA?
- What are the current infrastructure and bandwidth limitations? How might this affect business productivity?
It is equally important to make sure that your workforce has the right software and hardware to succeed and be productive as they work remotely. Tech is critical support for both of these important groups — security and the entire employee base.
2. Ensure that infrastructure, bandwidth and equipment concerns are addressed
This effort involves looking at both IT and security infrastructure to ensure bases are covered.
- From a bandwidth perspective, determine if it makes more sense for network traffic to go full tunnel or split tunnel (essentially splitting network traffic based on what’s going to the corporate office and what isn’t).
- Balance the risk of VPN. Base your decision on the visibility to data you do or do not need to have in order to keep employees productive.
- Make sure you understand the needs of HR, security, IT, engineering and marketing.
3. Understand how mature your organization is in using collaboration tools — make sure users are aware of best practices
The reality is remote work will succeed only if the right collaboration tools are brought in-house. Today, these tools can range from Slack and Google Drive to Microsoft OneDrive and Box. Luckily, many organizations have already started to embrace these tools so the technology needed for employees to work from home has been in use for a number of years already. The challenge with these technologies is when they become data exfiltration vectors. For example, it isn’t uncommon for document links to be made public accidentally, thereby allowing anyone access to otherwise protected files. This is why training and acknowledgment of best practices are key for end users. In addition, having visibility into data movement allows for alerting that can mitigate these types of situations.
4. Assess the degree of visibility you have into data — not people — movement
Visibility to data is integral when you have a remote workforce. While many security solutions are solely focused on user behaviors and actions, understanding the behavior of the data movement is really important. And it’s very simple logic. In the end, the malicious end-user is after your data, so understanding everything about that data is paramount. An approach rooted in data will only become more compelling as employee privacy becomes more important and organizations grow more mindful of not being “big brother.”
5. Adopt an approach that is best for securing data during a time of uncertainty
2020 will have shaped a completely different approach to data security — one that is prepared to tackle uncertainty and do it quickly. Security teams should be prepared to learn from a few missteps along the way, which incidentally will help strengthen security strategies and response protocols moving forward.
6. Accept that users will help shape progressive data security in a remote work world
It’s a reality check that old-school technologies, which were designed to prevent data from moving outside traditional security perimeters, are no longer the de-facto approach to securing data. Today, users are having a significant impact and helping to shape modern, progressive security strategies. Progressive security:
- Empowers remote employees
- Trusts employees, “assumes positive intent,” and measures output versus wastes time gauging productivity with keystrokes and the like
- Provides the right tools for employee success
- Ensures visibility is focused on data risk intelligence and not virtual surveillance of every user action
- Makes sure that a security ecosystem protects and enables employees
We are in the midst of a paradigm shift and the conversations around remote work are transitioning from “if” to “when and how.” At the heart of this issue is how companies are going to fill a gap in their tech stack to meet the needs of two very important stakeholders — security teams and employees. Companies’ responses to the unique needs of each group will be what shapes their place in the new remote work reality.