How the pandemic delivered the future of corporate cybersecurity faster
William Gibson once wrote, “The future is already here – it’s just not very evenly distributed.” The rise of “distributed work”—people working from everywhere, at all hours of the day—has been a normal part of corporate culture for at least the last decade. But the rush to set up remote workplaces over the last sixteen months has distributed work in a way unlike anything we saw before the pandemic began. As a result, the way many companies function will never be the same.
And that could be a very good thing—at least when it comes to cybersecurity.
Regardless of how remote their workforce is, businesses need to evolve to keep up with threat actors who continually ratchet up their attacks both in terms of sophistication and ruthlessness. Securing the modern office will require a fresh approach. That approach must be as flexible as many workers have proven to be, yet it must also be comprehensive enough to secure both a company’s assets and preserve a sense of workplace cohesion, no matter from where or when employees log on.
Never the same
In the most recent Office for National Statistics (ONS) population survey, more than a quarter of UK residents (25.9%) reported working at home at some point in the week. That’s more than double the percentage of workers (12.4%) who said the same for 2019. Of course, these numbers vary wildly based on location and job type, with Londoners and those in the surrounding suburbs working at home in the largest numbers.
Still, this trend looks unlikely to end with the pandemic. Travel agency TUI announced in mid-July that its 10,000+ UK employees will only have to be in the office one day a month even after all pandemic-related restrictions ends. Prior to that, accounting firm KPMG announced that its 16,000 employees would only have to report to their offices four days out of every two weeks.
Consultancy McKinsey projects that “about 20 to 25 percent of the workforces in advanced economies could work from home between three and five days a week.” That’s four to five more remote work than was happening in early 2020.
This radical shift will not only change where people spend their work life, but also grant employers and employees new freedom in where they choose to open offices and live. But this new freedom will only be sustainable if companies can secure themselves against the advanced cyber threats all profitable organizations face.
The cloudy perimeter
One innovation that made the sudden exodus from offices in spring of 2020 seamless in many ways was the “cloud.”
Even before the pandemic, most UK organizations were using the cloud. With the rise of the cloud, the idea of a secured perimeter that once defined network security is fading, especially for businesses with a mature cloud posture, where critical assets sit outside the on-premise locations. Cloud services are, by definition, exposed to the internet.
Still, the cloud offers some clear security benefits. Some cloud providers take care of many of the typical security concerns, allowing your security team to focus on configuring systems to meet your needs. Many major providers offer automation and extensive API support that make it easy to identify and remediate security issues. This can allow a smaller security team to manage far larger estates than would have historically been possible.
However, there are multiple complications that arise from the freedom of the cloud, including asset management. How can you defend everything if you’re not sure you know about everything that needs defending? And given that anyone can open a cloud account with just a credit card, how can security teams validate legitimate users?
In some ways, the cloud simply adds additional complexities to logistical problems that have existed in on-premise security for years. Teams often need to secure a multitude of systems made up of a variety of large enterprise networks of varying age and origin. Legacy systems are commonly used, despite their incompatibility or obsoleteness.
With the mirage of a security perimeter fading fast, organizations have a chance to rethink cybersecurity in general, to their own advantage.
All over the place or all-in-one?
Many organizations have tried to overcome the issue of multiple systems and assets, or improve their cybersecurity in general, by adding layers to their defense, often by diversifying the solutions they use to secure their systems. Our 2020 market survey found that companies have an average of 3.3 different cybersecurity brands in use. For larger companies this figure is likely a very conservative estimate.
At some point it becomes untenable and inefficient to manage all these separate solutions. That point gets closer every day as teams have to deal with the complexities and identity management challenges of remote work.
Siloed solutions also mean IT staff must monitor several different consoles and may not connect the dots when incidents are flagged on separate platforms. They also require complex and costly integration projects to get the functionality needed. And even then, they’ll likely still require manual oversight.
Moving toward all-in-one security solutions can help replicate the sense of cohesion that once existed in on-premises network security along with new efficiencies.
All-in-one solutions can share data across the different components, leading to better and more efficient function. And by adding new modules instead of products when new tools are needs, you eliminate the expense and complications of integration.
Flexibility that fits a new reality
Companies and individuals have already gotten used to paying for things like data, cloud storage and web hosting based on how much they use them. Even industries that you wouldn’t expect – such as construction machinery rental – have embraced usage-based models.
During the pandemic, many businesses became frustrated when cybersecurity vendors wouldn’t lower license usage below baselines, even though the organization’s usage had dropped off because of staff furloughs. And who can blame them?
As the workplace becomes a more free-floating concept, cybersecurity also needs to catch up with reality by offering usage-based security. Companies that are in a period of flux don’t want to sign a contract for 50 licenses and then find out they need 100, or even 51. Being able to add or reduce services easily fits the mentality of distributed work, and the ability to minimize fixed costs at short notice is essential as we manage the aftermath or possibly even the resurgence of the pandemic.
Best of all, usage-based security removes the need to constantly renegotiate and the lack up-front costs or long-term commitments frees businesses up to invest in other areas.
The future of the secured workplace
The trauma and tragedy of the pandemic forced companies to make in hours decisions they normally wouldn’t make in years. No person would wish for that kind of trial by fire, but it has been revealing.
For many organizations work will never be the same. A new approach to cybersecurity could help remove many of the growing pains that come from the fracturing of the conventional office. By being more comprehensive yet less rigid, cybersecurity can stop being an obstacle to the future and become an enabler of it.