Securing Our Newly Distributed Workforce
One of the most significant changes most of us have seen since those fateful days in March 2020 is how we have adapted and found value in a new distributed way of working. Regardless of whether a business already had a “home working” policy or not flexible working has been a huge success. A recent BBC news report stated that 43 of the UK’s biggest 50 companies had no intention of bringing all staff back to the office and we're embracing this new flexible work mix. This is not limited to those big companies either, as I see that replaced across many companies I deal with from large to small.
While this is to be applauded, it does present some concerns. As we move our staff away from the corporate office, we are also moving them away from many of the things they are used to including enterprise-class devices, connectivity and critically security.
On the same day, the BBC published that report, they also published another based on findings of consumer magazine Which, it stated that millions of users faced security risks when connecting from home because many consumer routers supplied by broadband providers had significant security flaws. This is a major problem for the enterprise because those routers are no longer the connection our staff use to browse the internet and do their shopping, they are now part of the enterprise IT infrastructure they are traversing to access our business-critical data assets. Those services themselves have equally changed as we adopt more cloud-based platforms like Microsoft 365, Salesforce and Google Workspace meaning our infrastructure no longer just resides in our datacentre.
With so much change what does this mean for our traditional approach to enterprise security? It is time to re-evaluate.
Below are four areas that you may wish to consider.
Change Our Point of View
Traditionally much of our security has been focussed on locations, devices and our network perimeter. While protecting at these levels is still valuable, it is not going to address the challenges we see with our increased distributed workforce. We need to shift focus to think about securing data, identity and the edge.
Assume bad actors are already on our network and think about how we limit the damage they can do. This is an important shift as it begins to drive demand for zero-trust security, a core component of modern security strategy. Moving away from the idea, that just because someone has connected from a trusted security domain, we do not automatically assume they are fine and that we trust them implicitly everywhere.
Secure Access Service Edge
With our data and users so distributed the perimeter of our datacentre is no longer our boundary, it is the edge. However, securing the edge needed a new approach, which has led to the evolution of secure access service edge or SASE.
SASE is several tools and strategies bundled together to reflect the distributed cloud world many of us now rely on. With a focus on cloud-based, identity focussed, zero-trust architecture, this is seen by vendors and security analysts alike as the future enterprise security model.
Be Data Focussed
While SASE focuses on the edge, If I could provide one tip it would be “be data-focused”. Build your security around data and information and not around devices and locations. Too many traditional approaches are built that way, with our data’s security changing as it moves between locations and devices. This means our information security is at the whim of the repository containing it and, in a world where data portability is crucial, this model can no longer work. This means taking an approach that allows us to embed security into the data so that we maintain security regardless of the data location or repository it now resides in.
Time to Evolve
The world has indeed changed greatly over the last 14 months and as the BBC research and my own experience shows, many businesses are embracing that change and making it part of their future strategy. This however must drive a change in our approach to enterprise IT and its security, it must evolve to meet new demands and challenges.
The way we view the world of work has changed for good, let us make sure we change our view of security to match it.
If you have questions about anything raised in this article, don't hesitate to contact the Gardner team.