Working from Home Policies and the Future of Cybersecurity

As COVID-19 spreads, companies are developing contingency plans to address the outbreak. For many that includes canceling events, limiting travel and allowing employees to work from home.

It’s not just Fortune 500 companies that are taking action: smaller organizations are dusting off emergency plans too, and urging work from home to protect their employees’ health.

Cloud and SaaS applications have already changed everything, including how and where people work. The cloud has enabled the delivery of virtually any software application instantly and has made applications accessible anywhere. An explosion in the use of cloud-based SaaS applications like Google Docs and Microsoft Office365 has enabled productivity anywhere.

This has resulted in an exponential increase in bandwidth and connectivity, the oxygen that enables users to consume SaaS applications.

Despite the ability to work from anywhere, the technology required to provide fast, secure connections has lagged. While users and devices connect to the cloud everywhere, the network security responsible for ensuring secure connections has been focused on protecting immobile perimeters. This legacy principal leads to the problem of how companies can keep organizations secure today. 

The transition to a user-centric approach to productivity and network security that is required to ensure fast, secure connections to these applications is inevitable. Without this shift, organizations are left with two unsustainable options: 

First is to send all connections from remote users back through offices where network security resides, so that security and compliance can be applied before reaching the ultimate cloud destination. Unfortunately, with connection speeds from home and remote locations reaching break-neck levels, this leads to slower connections, lost productivity and poor end-user experience.

Alternatively, organizations could apply no cybersecurity to remote connections. Although this generates faster speeds, it’s like driving on the highway without a seatbelt. Unsecure connections equal malware, infections and data loss.

To make things worse, without applying network security, these unsecure connections are likely out of compliance as regulations require base levels of security to be applied to network connections.

This presents an ironic scenario for companies that are ill-prepared: by protecting the health of their employees in the face of serious concerns around the coronavirus, they may be opening their users and devices to cyber threats they are not prepared to handle.

When companies that rely on traditional network security strategies require employees work remotely, they will have difficulty ensuring fast, secure connections that reduce vulnerabilities and ensure compliance. The inability to apply network security for devices working outside of the perimeter increases the surface area for attackers.

Even simple phishing attacks become more dangerous when the employee is not within the company’s traditional network perimeter. A single errant click can provide a bad actor with access to critical company information if that click is not scanned by the on-premise network security solution.

So the cybersecurity challenge posed by COVID-19 and working from home lies in a question that many companies haven’t yet answered: How do we secure connections to the cloud when the network security might be mired within the office?

Legacy, appliance-based network security solutions are not equipped to secure the modern, distributed workforce. Any company still relying on these legacy systems is in for a rude awakening if employees are asked to work remotely.

There are four certainties in our future:

  1. Users will continue to be more mobile
  2. Applications will run and be delivered in the cloud
  3. Bandwidth will continue exponentially increasing
  4. Connections will be encrypted to protect information as it travels between users and the cloud

Each of these certainties contradict what legacy security appliances are all about. Those appliances hate mobility because they need users to remain within their perimeters. Appliances struggle with cloud application use because they run outside of those perimeters.

Exponential bandwidth increases and encrypted connections require enormous processing power, which is limited within any appliance-based network security solution. Network security has no choice but to move to the cloud where the applications run. The cloud has unlimited processing ability to protect any volume of data, and moving security to the cloud sends security to the user, anywhere

Ultimately, this cloud-based future is leading to the combination and integration of software-based network solutions and comprehensive security. Gartner dubbed this consolidation of networking and security-as-a-service capabilities delivered through the cloud “Secure Access Service Edge” (SASE). They announced this new model through a paper titled “The Future of Network Security Is In the Cloud.” The title could not be more appropriate, especially with unprecedented times like this.

COVID-19 should serve as a reminder that the modern technology paradigm can change at the drop of a hat. The likelihood that many companies will soon be working from home should be a wakeup call to those that have not yet embraced and planned for the next generation of cloud-based security.

What’s Hot on Infosecurity Magazine?