The coronavirus pandemic caused organizations to undergo one of the “biggest experiments in the history of work,” said Alexia Cambon, director of research at Gartner, during a recent webinar.
Technology implementations, especially to service remote workforces, drastically changed. For example, although many companies were starting to adopt cloud environments before COVID-19, those plans got accelerated. Organizations had to rapidly spin up services and infrastructure to keep individuals connected to the apps they need for work – including ERP, CRM, collaborative solutions, databases, and more.
On the one hand, productivity rates rose while employees enjoyed scheduling flexibility and the time/cost savings associated with not having to commute to work. On the other hand, the work environment extended outside the traditional four walls of a work building, which has created new IT considerations. Companies must now secure and protect the movement of data across what may be unsecured networks, Wi-Fi connections, and multiple cloud environments.
This extended “surface” or IT environment can be vulnerable if organizations haven’t locked down their user, network, and device policies. Attackers are looking for misconfigurations, default settings, and weak endpoints that they can exploit to gain access to your servers and data.
It’s now critical to get a handle on your security strategy. Going forward, the vast majority of organizations will combine on-site and remote work, according to a recent McKinsey study. Giving employees the flexibility to work from anywhere requires ensuring your IT security bases are thoroughly covered.
Protecting users and data no matter where they’re located
Our security operations team has remediated a wide variety of security issues. We understand where the greatest risks and vulnerabilities exist. Our group has handled the basics – like installing patches and securing device configurations – as well as more advanced security practices, such as implementing multifactor authentication and Zero Trust architecture.
Based on our experiences, we recommend that organizations take a closer look at their cloud security protections. First, make sure your IT team understands the shared responsibility model, which defines data-protection roles and responsibilities for hyperscalers — like AWS, Microsoft Azure and Google Public Cloud — and their customers (i.e., you).
Next, look closely at default configurations for cloud services, and whether your company requires tighter controls around sensitive data. For example, you may want to require stringent access controls to applications with highly sensitive data.
Also, examine your device policies, especially if there’s a chance that employees might use personal laptops, smartphones, or home desktop computers to do their work. Where appropriate, use conditional access policies to lock down devices to limit the risk of malicious access to company information.
When the basics are in place, move on to deeper levels of a Zero Trust architecture, which the National Institute of Standards and Technology (NIST) has said can improve overall IT security.
And consider adopting the secure access security edge (SASE) model, which NetworkWorld defines as security policies being enforced based on identity, context, security and compliance policies, and ongoing risk assessments.
More is better
It’s more critical than ever to pay attention to security management and cybersecurity protections. Especially with the increasing adoption of cloud services, organizations must focus more time on cloud security than they have in the past.
The RKON security team has extensive expertise — from the security hygiene basics to SASE. We can advise your organization on steps to take, help you implement improved cloud security, or even manage your security environment to reduce the burden on your IT team. Get more info here.