Creating Sustainable Security Frameworks for Remote and Hybrid Workforces


Security provisions must be more robust for hybrid and remote workforces. Tim Wallen of Logpoint outlines the priorities for CISOs in securing the enterprise moving forward.

How organizations operate has fundamentally changed. For many, mandatory daily commuting has become a thing of the past. While some still choose to attend the office five days a week out of preference, others are taking advantage of the flexibility offered and even encouraged by employers.

Hybrid and remote working models bring many benefits to the table. For employees, it can improve work-life balance and workplace satisfaction, driving increased motivation, higher productivity, and reduced staff turnover. However, creating effective frameworks for remote working requires effective security to protect those users and company assets.

Unfortunately, this was overlooked by the vast majority of businesses forced to roll out support for remote working in weeks as national lockdowns took effect. Security naturally took a back seat. However, these organizations now need to address such oversights retrospectively. 

Repair or Replace?

Moving forward, organizations need to work on ripping off those remote workforce band-aids that were used to temporarily plug productivity gaps and develop more sustainable models that will be successful in an era where hybrid working has become the norm.

Indeed, the Office for National Statistics reported that just 8% of workers plan to return to the office full-time. Therefore, those makeshift policies and solutions hastily rolled out during the pandemic now must be supplanted with improved, permanent alternatives.

That doesn’t mean building upon existing security politics. Instead, organizations need to pursue a strategic overhaul and create renewed strategies that are fit for purpose in the modern environment.

Critically, the hybrid workforce is symptomatic of a broader change that is seeing accelerated use of the public cloud, more tightly interconnected supply chains, and expansion of public-facing digital assets, all of which elevate risk. 

Whereas before, staff members almost exclusively operated out of centralized offices, enabling security teams to establish, manage and secure easily defensible network perimeters, today, many organizations rely on cloud-based models. These empower employees to access business-critical systems wherever and however they need.

In this hyperconnected world, the network perimeter no longer exists. And as a result, companies that have failed to adapt have been potentially exposed to various exploitable vulnerabilities such as open ports, misconfigurations, and weak or expiring certificates.

The strains of these makeshift security setups are clear to see. According to the 2022 Deep Instinct Voice of SecOps reportOpens a new window , securing the remote workforce is the top source of stress for more than half (52%) of the cyber C-Suite. 

Vulnerable VPNs

These anxieties are not unfounded, as many recent cyberattacks have resulted from a lack of proper security protocols beyond the perimeter. Virtual Private Networks (VPNs) are a case in point. Once regarded as the most secure means of establishing a remote connection, they’ve since been shown to be susceptible to attack, with the FBI, the Cybersecurity and Infrastructure Security Agency, and the National Security AgencyOpens a new window all warning businesses, and there’s been a clear ramp up in VPN attacks post-pandemic. 

When traditional security tools continue to be leveraged, hackers have successfully compromised company networks, accessing data and elevating privileges without any real resistance. This begs the question: How can organizations adapt their security setups to better protect themselves and their remote workers in the modern environment?

Cyber leaders need to work to improve visibility, tracking, and analyzing activity from many different resources across increasingly complex and widely distributed IT infrastructure. But this is a challenging task. As organizational attack surfaces have expanded, the amount of data security teams need to examine and monitor has grown significantly, presenting cyber leaders with spiking workloads.

For this reason, firms must look to automation – something that many are already doing. According to (ISC)²Opens a new window , for example, more than half (57%) of organizations are automating aspects of their security, while a further quarter (26%) intend to do so soon. 

The benefits of adopting relevant and tailored automated security solutions are abundant. In leveraging technologies to develop repeatable processes, security professionals are empowered to work more efficiently and effectively and to focus on higher-value tasks.

See More: Re-thinking VPNs for Securing SMBs Against Threats

Three Security Solutions to Consider

There are several tools worth considering when arming security teams with automated solutions. User Entity Behaviour Analytics (UEBA), for example, can help analysts more easily spot, prioritize, and manage anomalies by automating the development of tailored security detection plans. By building baselines of normal behavior for every network user, potentially abnormal actions or risky activities that stray outside these normal parameters can be automatically flagged to security professionals. 

In addition to UEBA, analysts can automate their event interrogation procedures. Tapping into various internal and external threat intelligence feeds can help organizations proactively identify evolving threats and protect themselves. However, manually trawling these large data streams to find potential threats is highly time-consuming, leaving professionals searching for a needle in the haystack. By leveraging automation, security workloads can be massively reduced on this front. 

Thirdly, Security Orchestration, Automation, and Response (SOAR) is an incident detection and response technology focused on alert aggregation and prioritization. Designed to accelerate threat investigation and remediation, SOAR automatically correlates and analyses data before presenting key contextual information and intelligence transparently to security teams, enabling them to respond quickly and effectively in an informed manner. 

See More: The Many Flavors of Automation: Which One Do You Need?

Combining Tools in a Converged Setup

While these tools are all useful and unique, organizations will need a combination of technologies to build an effective, automated security strategy for protecting remote workers in the new normal.

Organizations must be logical and selective in building their security stack. If they take a gung-ho approach to cover all bases, they will quickly end up with too many tools and ultimately hinder rather than help their security professionals.

If an enterprise finds itself using 15 or 20 solutions, not only will its security professionals be overwhelmed in learning how to use and navigate each platform, but they will also be confronted with an expensive collection of subscriptions that’s neither attractive nor feasible in the current economic climate. 

For this reason, organizations should focus on achieving a converged security setup where multiple tools are combined into a single platform that supports hybrid workplaces.

Critically, this will reduce friction, complexity, and cost. By converging solutions such as UEBA and SOAR with the SIEM, security teams can easily monitor disparate endpoints, use behavior-based threat modeling, uncover potential threats, detect and analyze incidents, and protect business-critical applications more easily.

So when appraising the remote working set-up, it pays to start from the ground up and build a more supportive and protective solution for monitoring hybrid and remote workforces. 

Which tools have you used to overcome remote work security challenges? Let us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock