What was initially a short-term WFH assumption has now become a permanent trend. It’s time for IT teams to assess where they are on the remote maturity curve and adopt a broader set of cloud security capabilities to keep remote workforces safe now and long into the future. Chris Hickman, Chief Security Officer at Keyfactor discusses the top three long-term strategies for 2020 and beyond.
An enterprise IT leader recently said that for his company, moving to a remote work model was like going from three data centers to 30,000 mini data centers overnight. The scale might look a little different from company to company, but that description is an accurate reflection of the volume and workload that all IT teams managed in the initial pivot to remote work.
Now that they have achieved scale, teams are turning their attention to what a ‘new normal‘, hybrid blend infrastructure could look like. The reality is that what was a short-term remote work assumption has become a long-term arrangement. Moving forward, teams are looking at how employees can continue working from home as efficiently and securely as they could when working in the office.
While unplanned, the rapid shift created new use cases that gave teams visibility to the security risk of a mass remote workforce and the ability to assess the frameworks and tools needed to resolve that risk. In the rush to remote, teams were willing to forfeit certain efficiencies that were available on the company network. Now, there is an appetite to migrate those efficiencies to the remote model – without compromising security.
The ongoing line of security maturity starts again with the shift to remote work. Every employee’s home has become a mini data center and companies have increasingly struggled to extend legacy security into that new footprint. For many, cloud is part of the answer to long-term stability but understanding where security tools fit within security models and how to migrate key systems remains a challenge.
Learn More: Insider Threat: How to Address the ‘Human Dilemma’ in WFH Era
Three priorities can help teams establish their baseline and assess cloud-based tools to support their security frameworks:
- Get a handle on your company’s cloud transformation. Every company had a digital transformation plan in place, but the pandemic has done more to accelerate those plans than any other event. Scalability means that legacy security must be modernized to match today’s use cases. Start with understanding where your data lives and how you can extend your security model into those areas. Consider where you can leverage cloud space security and friendly security models to protect the data and endpoints that no longer live inside the walls of the company.
- Prioritize efficiency from the start by identifying where your team can ‘build’ versus where they should buy. Shifting to a remote model puts enormous stress on stretched security infrastructure administrators. Chances are you will not get more money and resources to establish the infrastructure needed for a more permanent remote workforce, so the key is to identify ways to augment the infrastructure without adding costs and team members to manage it. When it comes to the ‘build it’ or ‘buy it’ debate, it is important to bear efficiencies in mind, prioritizing turn-key solution options. Many companies are leveraging cloud-based orchestration and automation tools that allow one person to do more with even less.
- Ensure cloud systems match your company’s use cases and security framework. Today’s circumstances allow us to look forward with a bigger lens, understanding that there is a fine line to walk when managing cloud deploymentsOpens a new window . It goes without saying that if internal security does not or cannot scale to a cloud model, trusting cloud security and striking the balance between trust and verification will be a struggle.Â
Learn More: Why Your IT Department Needs to Part Ways With PasswordsÂ
Concerns (warranted or not) about cloud security still exist, so many companies prefer to opt for solutions that leverage certain components of their cloud system’s security, while directly managing others themselves. A good example are companies who would like to leverage cloud-based encryption but prefer to own and store their own encryption keys. The challenge in this scenario becomes key management; the solution is leveraging automated life cycle management tools that identify where keys live and how each needs to be managed, with little lift required from IT administrators.
While remote work is expected to last longer than initially thought, eventually businesses will reach a point when employees return to the workplace. It is important to keep in mind that the investments made today will not be thrown out; everyone has business continuity, cloud migration and staged transition plans, but today’s circumstances have changed everything. Ensuring measures are in place to enable flexible infrastructure and sturdy security frameworks means that IT teams will be more confident and better positioned to manage a multitude of use cases and scale the business in the future – regardless of workforce location.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!