Coronavirus as an opportunity to evolve security architecture
Fear of coronavirus infections has resulted in organizations ruling out large meetings. Healthy individuals are in home-quarantine for weeks at a time, even though they are not necessarily thought to carry the virus. This large number of individuals complying with house arrest is putting a strain on many organizations that have not shifted their working styles to accommodate large-scale remote workers.
Sales forces are accustomed to working “from the field”. Accounting, R&D, marketing, and analysts are used to operating under the security of in-office connectivity. Today’s worker needs to collaborate with global data amongst international teams requiring robust security measures for identity-based access, secure data collaboration, management of digital rights, data transfers, etc.
A predicted shift
While we proclaimed “perimeter is dead” some years ago, most organizations still handle most of their operations from within the perimeter. As companies rely on employees working from the office, coronavirus’ forced changing of the status quo comes with un-ignorable risks such as unsecured home Wi-Fi networks, unsecured smart devices, and countless other variables that turn an employee’s laptop into a trojan horse.
The home environment is not the only issue. In today’s world, most organizations use 10s of SaaSes, various cloud environments, and some services still cored at the HQ. Moving to a remote workforce requires the usage of adequate identity verification measures, including uncommon MFA, access permission measures that enable working in a multi-environment organization, enforcing wider usage of encryptions, and more.
Managing and keeping up with regulation compliance must be managed with a remote workforce. Being able to track accessed data, along with where the data is stored, is a challenge when working remotely. On the other hand, many traditional security solutions, which were built to monitor network traffic, analyze it, detect anomalies in it etc. are much less relevant when everyone works remotely and uses multiple environments.
This calls for a re-architecting of the security across organizations.
Adaptive security
A segment of solutions offers ways to let employees work remotely while preserving high-security levels, sometimes even higher than those within the perimeter. Solution approaches such as zero trust, Software Defined Perimeter, and others provide organizations with new ways of building their architecture, taking into consideration the fact that there is no real perimeter.
For some organizations, moving to this type of architecture and “way of life” seemed like too big of a change, even a burden in some cases. Some fear change, while others feel their legacy system is “good enough”. The opportunity they are missing is that modern systems offer fewer constraints, more flexibility, more freedom, and usually help move things faster through the network. They allow for better mitigation techniques when problems arise, demonstrating how decentralized systems are generally stronger and more resilient than centralized ones.
Silver lining
But now, the coronavirus is forcing organizations to unwillingly adopt to a remote workforce. It is long known that necessity is the mother of invention, so why not leverage the COVID-19 situation as a catalyst to adopt these new, more efficient practices? If most organizations were adjusted to secure remote workers, it is likely that the effects on the global economy would have been lessened and better managed.
Adapting to today’s and tomorrow’s security needs demands new architecture, new processes, and new methodologies. Change is usually scary and mostly unwelcome because most of us prefer stability. The coronavirus situation is a constraint. It is a problem that jeopardizes organizations, resulting in losses and unwanted exposure.
My advice is to leverage it to make the right change.