- March 31, 2021
- Catagory Security
Software-as-a-Service (SaaS) applications are especially appealing when you’ve got more of you’re your employees working from home, but it’s easy to fall into the trap of believing SaaS security is less vulnerable than the rest of your network security.
Although some SaaS security is baked into the applications by the software provider, the 50 per cent increase in cloud usage for enterprises across all industries in 2020 means the number of threats have increased exponentially, according to IBM Security’s 2020 Cost of a Data Breach Report. It found attacks directed at cloud services, particularly collaboration tools such as Office 365, have increased 630 per cent. Remote work due to the pandemic has been a big contributor to SaaS security incidents, as three quarters of survey respondents reported that discovery and recovery time from data breaches has significantly increased.
It’s not surprising that SaaS security is an increasing concern as threat actors will always go after applications, systems and tools that are popular with businesses and users—it increases the likelihood of success because for them, it’s a numbers game. The increase in attacks is a reminder that regardless of the cloud platform you choose, your provider does bring a lot to the table in terms of SaaS security. However, when you have more than one provider and multiple SaaS applications deployed, you must remember that SaaS security is a shared responsibility.
The increase in cloud and SaaS applications deployments coupled with a dramatic increase in remote workers means organizations need a framework to guide their SaaS security.
Complexity threatens SaaS security
When you have so many applications and systems in place, adequate SaaS security can be a challenge, even when cloud providers include their own security controls. Even without the uptick in remote work, endpoints have continued to grow as workers access data and applications from multiple devices from wherever is convenient for them.
With each and every worker, endpoint, and application added to the enterprise network, SaaS security becomes more susceptible to threats because the overall attack surface is larger. Because data is spread across many different applications and environments, the complexity and sprawl raises the risk of compliance and data breaches. Even before the pandemic hit, there was a growing need to bolster SaaS security as lines of business are increasingly spooling up applications as needed, independent of IT supervision—departments such as marketing, human resources, and finance all have their own SaaS applications accessing and managing critical business data and intellectual property.
Organizations may be inclined to add more and more security tools, but the more solutions you have in place, the more work there is to configure, maintain and update them. More people are needed to understand the interfaces and nuances of each and every security tool.
Without some sort of playbook or strategy, SaaS security can quickly become unmanageable.
SaaS security requires a framework and tools
It’s not realistic to have a single security solution to protect all data and applications, but your SaaS security strategy needs to be proactive, not reactive, and ensures your IT team isn’t overwhelmed by alerts from multiple dashboards.
One approach to keep your SaaS security posture robust is what research firm Gartner defines as SaaS Security Posture Management (SSPM), which is part of its SaaS Security Framework. SSPM tools allow for enhanced controls to better secure SaaS applications and data through monitoring native SaaS security configurations, automation of remediation, and reporting non-compliance. The key to any good SSPM solution is the capability to assess your SaaS security posture in a manner that’s automated and customized, according to Gartner. Much like compliance, SaaS security is a continuum that requires constant monitoring and adjustment.
Although SSPM solutions add to the arsenal available for IT teams to establish strong SaaS security, adopting them and moving to a framework that allows these SSPMs to streamline processes, automate workloads and reduce demands on the IT staff do require some upfront work. While cloud providers who are delivering SaaS applications can play a role in helping to configure these solutions to secure their applications, you should consider partnering with a Managed Security Services Partner (MSSP) who can advise on your overall SaaS security, as well as implement and even manage it on an ongoing basis.
- February 25, 2021
- Catagory Security
The ability to work anywhere was already driving cloud security trends before the pandemic hit, but remote work played a heightened role in 2020 and will continue to do so as employers maintain a hybrid approach to staffing—many will continue to work from home even once others return to the office.
That means many of the cloud security trends we’ve seen over the last year will continue for the foreseeable future, and the cloud will be part of the solution in securing proliferating endpoints.
Remote work has led to more attacks and shoring up of cloud security as endpoints proliferate. Mix in adoption of 5G networks and SD WAN, and you’ve got a recipe for even more attack surfaces that look tempting to hackers. Cybersecurity teams need see every endpoint connected to the network and how they impact cloud security as users connect to public services as well as those still run on-premises and some delivered by managed service providers.
Cloud security misconfigurations
As remote work remains a reality for many employees, it unfortunately means misconfigurations of cloud security will continue to pose a risk to the organization. Easily providing access to applications and data to many users and endpoints requires a robust security strategy that enables IT teams to see all the data traffic traversing its corporate network and across various cloud services. It’s critical that they understand who is responsible for securing what, as it can differ depending on the cloud service provider while improving identity and access management adding better cloud security controls. This should include the use of multifactor authentication to protect user credentials and help to avoid common threats such as phishing attacks.
Continued reliance on VPNs
Virtual Private Networks (VPNs) have always been an essential tool for enabling remote work, and they will continue to be necessary to enable employees to access the corporate network securely. Provisioning, maintaining, and securing them through robust encryption will continue to be a high priority task for cybersecurity teams as relying on consumer grade VPNs downloaded by home users for personal devices present too much risk to the organization.
Security awareness training
End user behaviour has always had an impact on cloud security, but as remote work continues, organizations must make sure they put time and resources into cybersecurity awareness training from the C-level on down. Every employee, including remote workers, must understand how data breaches and other security incidents, whether caused by threat actors or honest mistakes, can disrupt business operations and the resulting consequences.
The answer is in the cloud
As much as remote work poses a threat to cloud security, the cloud is likely to provide the solution. The traditional network perimeter has arguably been long gone for years with the rise of the cloud, distributed and global workforces, and the Bring-Your-Own-Device (BYOD) trend that is now par for the course.
Just as many applications and data now reside in the cloud, organizations need to transition to more security being delivered via the cloud, and that includes the securing of endpoints. Cloud-delivered endpoint protection platform (EPP) will become essential for safeguarding organizations that have a great deal of remote workers, even after many employees return to the office.
EPP will make it easier for you to protect any workstation regardless of location, whether it’s desktop or laptop computer, or a smartphone or a tablet. And while this may look like yet another time-consuming and costly cybersecurity implementation that must be undertaken, it’s something an experienced managed service provider can help you to cost-effectively deploy and manage to maintain both security and availability of applications and data as remote work continues.
- January 14, 2021
- Catagory Security
It’s still open for debate as to whether remote work is here to stay for everyone, or if a year from now everyone will back in the office. Reality is probably somewhere in between, which means IT teams must find a balance between security and keeping employees productive.
In many ways, the Covid-19 pandemic accelerated trends already in play as better connectivity and cloud computing have made it easier for workforces to be more geographically distributed. Instead of corporate satellite offices with small teams, however, we have home-based offices of one.
IT teams need to assume that there will be at least a hybrid workforce for the foreseeable future and that security for remote work will continue to be a high priority. The trick is to keep the organization secure without impeding productivity.
Hybrid workforces work odd hours
The age of remote work is more than just applying security to more endpoints accessing the corporate network. IT teams need more management tools to support remote workers while extending support hours as employees embrace less traditional schedules to accommodate their home life. Digital workers are expected to embrace “time blocking” and “time slicing” to juggle all their commitments.
IT teams will need to bolster their own remote collaboration capabilities so members can work more efficiently with each other, but also with other departments, such as human resources to onboard new staff remotely. This includes provisioning new remote workers with corporate-issued equipment or configure their personal devices.
In addition to supporting remote work, we are likely to see a move toward “hoteling,” which is when employees book an on-site work site for a few hours or a day. These facilities must also be equipped and provisioned with connectivity and hardware, as well as maintained for cleanliness.
This hybrid workforce means IT teams must rethink how they deliver service to employees and view their relationship as partnership that supports productivity for everyone—this includes delivering a high-quality user experience that helps employees work better without compromising security.
Productivity should not compromise security
The trend toward more remote was always going to have security implications.
In the early days of the pandemic, the focus was getting employees productive at home. However, the price tag appears to have been a spike in malware incidents and other poor security behaviors. According to Wandera’s Cloud Security Report 2021, 52 per cent of organizations dealt with a malware incident in 2020 compared to 37 per cent in 2019.
The rise in incidents can be attributed to a more relaxed work environment for employees, who are likely using a single device for most of their online activities—personal and professional. Employees feel free to install whatever applications they want, whether it’s their device or one issued by the company. Adopting cloud-based and Software-as-a-Service (SaaS) applications also impact security as lines of business spin up apps for their own uses without oversight by the IT department.
Keep security simple to enable employees
As much as remote work has created new threats for security, the solutions for IT teams aren’t all that different.
Regardless of they work, security awareness training for employees continues to be a key tool for defending against threat actors. IT teams must engage regularly with users to remind them of how they should log into applications, which applications are approved by the organization, and how they should report an incident if it occurs. Employees should understand they play a role in protecting the organization and its mission-critical business information.
If IT teams are work in partnership with users to balance remote work productivity and security, simpler is better so that any solutions implemented enable a pleasant user experience. This encourages users to follow protocols rather than bypass them because they’re seen as a barrier to getting their work done.
Sanjeev Spolia is CEO of Supra ITS
- November 16, 2020
- Catagory remote work
If you’re still struggling to optimize remote collaboration across your now virtual organization, you’re not alone. However, it does look like it’s the new normal for the foreseeable future, so you should prioritize finding ways to improve how your team works together remotely.
There are several ways you can improve remote collaboration. Some of them involve leverage technology, but many of them also involve managing people and understanding what they need to be successful to work from home.
- Focus on results, not hours on a timecard: If you’re used to measuring how productive people are by seeing bums in chairs, moving to remote collaboration has probably been difficult for you. Rather than measure productivity by how many hours employees are clocking, start measuring performance based on output. If the work is getting done, you’re already closer to optimizing remote collaboration.
- Create a buddy system: Some employees adapt to remote work better than others, and struggle because no longer have their peers to support them in the office. Consider pairing people up with someone else in a different department with relatively the same seniority so they have someone else as a sounding board to bounce ideas, concerns and frustrations off of, and ultimately find solutions via the pairing.
- Be mindful of meetings: Most meetings could have been an email, and remote work doesn’t change that. Having virtual ones might look like a way to replicate the camaraderie of the office, but meetings should still be focused and organized with a clear agenda and purpose. If there’s multiple people involved, have a facilitator to keep things on track and be sure everyone comes away clear on the next steps.
- Check in daily: While full-blown meetings should be few and far between, take advantage of remote collaboration tools such as Microsoft Teams or Slack to let everyone know what you working on that day and your pressing priorities. This enables everyone to better understand everyone else’s pressures and even step up to help if they can. It’s also a good way to structure your day so you get what you need to get done without getting sidetracked, and it’s output focused.
- Streamline communications channels: More isn’t better, and like an overflowing email inbox, having too many alerts and notifications in a remote collaboration tool is counter productive. Let employees set boundaries around how connected they want to be while they work so the can be productive, but also set up a single channel everyone must subscribe to so they get the company-wide information they need on a daily basis.
- Get things done and be accountable: Whether it’s a next step agreed upon in a meeting or regulator best practices, it’s important to follow through on things. Keep track of commitments in a transparent way so everyone can take responsibility for what they agree to do.
- When in doubt, over-communicate: As much as we don’t want employees to be overwhelmed notifications, alerts and messages in remote collaboration tools, don’t assume your colleagues know what they need to now. Use your daily check in and the channels at your disposal to communicate everything you think might be valuable, as things can fall through the cracks when you don’t have daily, in-person interactions.
Full-time remote collaboration is new for most people, so at the end of the day you need to have empathy and remember that their home office environment may be different than yours. While it’s important to focus on getting things done and accountability, it’s also helpful to cut everyone a little slack during these stressful times.
- March 12, 2020
- Catagory remote working
One prescription for reducing the spread of the Coronavirus is to encourage remote working. But although working from home is par for the course for some people, many businesses and employees are used to filling chairs at the office.
Being productive at home and having the right tools to support remote workers can be a learning curve for everyone. The good news is that because many organizations already operate this anyway, there’s plenty of tools and best practices that can be adopted.
For employees, remote working not only requires the right tools, but also a change in mindset from what they’re used to. Working from home productively requires a routine, and not one size fits all. While there are many perks to working remotely, such as no longer having to spend time commuting on congested streets or on public transit, you need to continue to have work-like structure and schedule at home.
- Have a routine: Many prefer being in an office because of the inherent structure which can be hard to maintain if you’re new to remote working. But having a schedule when you’re working from home is essential. You should start your workday at the same time you would if you were going into the office. Be sure to finish work around the same time everyday and leave it until the next day.
- Dress appropriately: You wouldn’t wear your pajamas to the office, so it’s good practice to change into clothes while remote working to get you in the right frame of mind. You can still be comfortable, however, so jeans and a comfortable shirt is enough, much like casual Fridays at the office. The goal is to make sure you’re in work mode, not relaxation mode.
- Set aside office space: Most freelancers and seasoned remote workers set aside a dedicated work area. It doesn’t have to be a separate space with a door that closes, just a small set up in the corner of a room or even just a laptop at the end of a kitchen or dining table. While it may be tempting to work on the couch or even in your bed, it’s harder to get into work mode if you’re too comfortable. Ultimately, figure out what works best for you.
- Take breaks: Just as you’d want to get away from your desk at the office throughout the day, it’s important to have a change of scenery when remote working. Try not to eat in work area if possible and make a point of getting out of the house, even just to do an errand your neighborhood if you can. One of the perks of working from home is getting a few chores done during the day that normally you’d have to do in evening hours.
- Stay in touch: If you’re used to bantering with co-workers, remote working will be a bit of a shock if you’re suddenly doing it everyday after years of going into work. If possible, use communication tools to reach out to colleagues, even if to say good morning at the beginning of the day, and have meetings using video apps if possible.
Remote working can be very productive, but it requires the right mindset, especially if you’re not used to it. Even before the Coronavirus outbreak, telecommuting was on the rise, which means employees need to adapt and organizations must have the tools in place to support them—we’ll talk about those next time.