- April 19, 2021
- Catagory Security
Securing remote workers is a never-ending job, regardless of how many there are at your organization, because there’s always new threats and new attack surfaces to protect.
After a while, it becomes clear to any cybersecurity expert that there are both do’s and don’ts when it comes to securing remote workers. These lessons are based on hard-won experience—in some cases because they’ve experienced a serious breach. However, there’s no reason that every organization needs to learn the hard way, so here’s some of the top mistakes your organization and your employees should avoid when securing remote workers, followed by do that are proven to work.
What not to do when securing remote workers
There’s many things employees shouldn’t do with their office computer and it’s important that you have policies in place to keep them from doing them.
- Don’t tolerate workarounds: Good security should never get in the way of employee productivity or impede business success, but it’s not uncommon for cybersecurity practices to constrain workers so that prompt them to find a way around a security policy. These workarounds might include employees using personal computers to access corporate networks and data without proper vetting of IT or exchanging documents using their personal email addresses saving passwords in the browsers. Employees need to understand the rules are there for reason.
- Do not ignoring warning signs: With more workers at home, it’s even harder to keep an eye on your fleet of workstations, so you need to make sure employees aren’t ignoring any hints their computer at home is under attack. Unexpected browser pop-ops or a sudden change in user settings are signs that unauthorized changes have been made and that the employee’s workstation has compromised. Ignoring these signs could lead to a much bigger problem that could impact the network security of the entire organization.
- Don’t let family use the company computer: With a corporate workstation at home during the pandemic, family members of remote workers may be tempted to use it for non-work-related activities that can lead to clicking on a link that infects the devices and compromises company data and applications.
- Don’t delay software updates and patches: When employees are in the middle of getting work done, they may be inclined to postpone much needed software updates and scheduled security scans when prompted. But the best way to keep workstations secure, no matter where they’re located, is by making sure they have the latest software updates, virus definitions, and other patches. Even in the era where many use Software-as-a-Service (SaaS) applications, operating system and application updates are still critical for robust security.
A few do’s that can go a long way
Some of the above don’ts suggest some do’s that should be happening instead, but here are few other key other do’s that go a long way to securing remote workers.
- Empower and train your workers: If employees understand why security measures are put in place and are given ways of getting things done quickly and efficiently without workarounds, they’re a great asset for protecting the organization. When you have the right people with the right training, it’s hard for a threat actor to gain a foothold within you network.
- Make the move to the cloud: If you haven’t already, migrate your data and applications to the cloud as much as possible. The fewer applications and data that reside on the workstation, the better. While SaaS security has its own set of challenges, a centralized cloud approach is easier to manage, especially in a pandemic, and easier anytime for SMBs with limited IT resources.
- Take a zero-trust approach: The cloud can be an effective security enabler for taking a Zero Trust Network Access (ZTNA) stance. It’s a mindset that’s becoming increasingly preferred because it assumes anything in a network can be a threat and separates remote workers from the network. User access is determined by third-party cloud provider to manage verifications and access to applications. If users don’t have the credentials, then they can’t access data and applications they’re not supposed, even they are legitimately employees of the company.
- Get second a opinion: When it comes to evaluating your security posture, it never hurts get an outside to take a look at what you’re doing and making sure it’s aligned with your goals. And if you’re new to securing remote workers, a Managed Security Services Provider can fill in the gaps, whether it’s just a risk assessment with recommendations or helping with ongoing management of your network security.
The security landscape dynamic even when you don’t have many employees working from home. Having clear policies and procedures in place is an important foundation for securing remote workers, but partnering with a managed services provider that can help you leverage the cloud, implement best practices and policies, and spot common pitfalls improve your overall security posture no matter how many remote workers you have.
- March 31, 2021
- Catagory Security
Software-as-a-Service (SaaS) applications are especially appealing when you’ve got more of you’re your employees working from home, but it’s easy to fall into the trap of believing SaaS security is less vulnerable than the rest of your network security.
Although some SaaS security is baked into the applications by the software provider, the 50 per cent increase in cloud usage for enterprises across all industries in 2020 means the number of threats have increased exponentially, according to IBM Security’s 2020 Cost of a Data Breach Report. It found attacks directed at cloud services, particularly collaboration tools such as Office 365, have increased 630 per cent. Remote work due to the pandemic has been a big contributor to SaaS security incidents, as three quarters of survey respondents reported that discovery and recovery time from data breaches has significantly increased.
It’s not surprising that SaaS security is an increasing concern as threat actors will always go after applications, systems and tools that are popular with businesses and users—it increases the likelihood of success because for them, it’s a numbers game. The increase in attacks is a reminder that regardless of the cloud platform you choose, your provider does bring a lot to the table in terms of SaaS security. However, when you have more than one provider and multiple SaaS applications deployed, you must remember that SaaS security is a shared responsibility.
The increase in cloud and SaaS applications deployments coupled with a dramatic increase in remote workers means organizations need a framework to guide their SaaS security.
Complexity threatens SaaS security
When you have so many applications and systems in place, adequate SaaS security can be a challenge, even when cloud providers include their own security controls. Even without the uptick in remote work, endpoints have continued to grow as workers access data and applications from multiple devices from wherever is convenient for them.
With each and every worker, endpoint, and application added to the enterprise network, SaaS security becomes more susceptible to threats because the overall attack surface is larger. Because data is spread across many different applications and environments, the complexity and sprawl raises the risk of compliance and data breaches. Even before the pandemic hit, there was a growing need to bolster SaaS security as lines of business are increasingly spooling up applications as needed, independent of IT supervision—departments such as marketing, human resources, and finance all have their own SaaS applications accessing and managing critical business data and intellectual property.
Organizations may be inclined to add more and more security tools, but the more solutions you have in place, the more work there is to configure, maintain and update them. More people are needed to understand the interfaces and nuances of each and every security tool.
Without some sort of playbook or strategy, SaaS security can quickly become unmanageable.
SaaS security requires a framework and tools
It’s not realistic to have a single security solution to protect all data and applications, but your SaaS security strategy needs to be proactive, not reactive, and ensures your IT team isn’t overwhelmed by alerts from multiple dashboards.
One approach to keep your SaaS security posture robust is what research firm Gartner defines as SaaS Security Posture Management (SSPM), which is part of its SaaS Security Framework. SSPM tools allow for enhanced controls to better secure SaaS applications and data through monitoring native SaaS security configurations, automation of remediation, and reporting non-compliance. The key to any good SSPM solution is the capability to assess your SaaS security posture in a manner that’s automated and customized, according to Gartner. Much like compliance, SaaS security is a continuum that requires constant monitoring and adjustment.
Although SSPM solutions add to the arsenal available for IT teams to establish strong SaaS security, adopting them and moving to a framework that allows these SSPMs to streamline processes, automate workloads and reduce demands on the IT staff do require some upfront work. While cloud providers who are delivering SaaS applications can play a role in helping to configure these solutions to secure their applications, you should consider partnering with a Managed Security Services Partner (MSSP) who can advise on your overall SaaS security, as well as implement and even manage it on an ongoing basis.
- January 28, 2021
- Catagory remote work
The move to remote work nearly a year ago accelerated cloud computing trends that were already in play. With no quick return to offices expected in 2021, businesses of all sizes should plan to prioritize further cloud and Software-as-a-Service (SaaS) investments to support distributed workforces, while being mindful six key trends.
Cloud is enabling new ways of doing business
Moving to cloud computing or SaaS offerings isn’t just about getting on the latest technology bandwagon or saving money on capital or operational expenses. The cloud enables organizations of all sizes to do business better to make employees more productive across many departments, including finance, human resources and marketing, no matter where they are located. Cloud computing and SaaS also level the playing field to allow smaller business to compete with large competitors.
Security is a critical differentiator
Even with all these productivity gains from cloud computing and SaaS, the move to remote work as heighted the need for robust security, so organizations need to set aside time, resources and attention on their security strategy as to prevent breaches and disruptions that might impede any newfound productivity or cost them revenue through lost customers who lose trust.
Not everything will be in the cloud
Even as cloud computing and SaaS continue to take off to support distributed remote workforces, hybrid environments that mix on-site computing, storage, and services with public cloud offerings from vendors such as Amazon Web Services (AWS) or Microsoft Azure will become the norm, and everything will need to work together in concert, securely. Different providers will need to work together to as they each get spooled up to meet the specific requirements of different lines of business within an organization.
A spring cleaning of all compute resources
Organizations will begin to realize not everything that got migrated to the cloud needed to be moved, so even as cloud computing adoption will continue to accelerate, it’s become clearer which workloads need to be in the cloud, and which ones should be winding down, including any outdated data that goes with them, to be even more efficient and get the best bang for the buck from their cloud spend.
Training across the board: Getting the most from cloud computing while keeping it secure will mean investments in training for IT staff as well as raising the cybersecurity awareness of workers across the board as to adequately safeguard organizations as the era of remote work continues. Both cloud providers and their customers will want to make sure they’re providing both entry level knowledge of the cloud as well as creating advanced experts as a means to enable the business.
Consolidation of cloud providers
While it’s unlikely that an organization will want to put all their eggs in one basket—not all service providers are great at everything—they will want to keep the number of cloud computing environments and SaaS applications manageable. While larger enterprises will likely give most of the budget to the big players, smaller ones will likely want work with a local managed services provider that will prioritize their business and help the navigate all the emerging cloud computing deployment options and guide them on the necessary governance and security.
If 2020 was all about a mad scramble to support a remote workforce and iron out the kinks, then 2021 will be about looking to the future with new investment in cloud computing and SaaS offerings while building on the foundation that was put in place.