Partner Insight: How organisations are staying secure while working remotely

clock • 4 min read

Nearly every organisation from the biggest multinational to the smallest SME now recognises that the perimeter of the enterprise is no longer at head office or around the corporate desktop and firewall. It is wherever the furthest employee working on their laptop, tablet, or phone happens to be - and wherever their daily contacts are.

IT leaders in organisations that have long offered flexible or remote working have known this for years, as they have strived to lower their property costs or support employees who are constantly on the road or juggling family and lifestyle commitments.

However, COVID-19 has forced everyone else - bar frontline workers and other essential support services - to get to grips with the concept of a more distributed workforce. And fast.

 

Beyond the video meeting

It's not just about Zoom, Skype, or Google Meet calls. The shift from shared office spaces to shared, remotely managed projects demands three things: strong leadership; a flatter and more collaborative working culture; and a robust, secure, standards-driven IT infrastructure based in the cloud.

All three pillars need to be in place to support the new business reality as organisations face a long and uncertain recovery, during which some changes in working practices may become permanent.

Many business leaders may come to see remote, flexible working as an opportunity to create more efficient, greener, lower-cost organisations that no longer force people to commute into choked and crowded cities. But there are real challenges for IT professionals in supporting these new business aims.

 

Wherever I lay my laptop...

This is because whatever device an employee is using, it will need to host, store, process, or access internal applications, data, and services, many of which may involve sensitive or privileged information.

In that environment - and with so much device variety, thanks to workers' own technology choices - trust, authentication, management, and security will be the critical factors.

Of course, these are operational technology challenges. But they also demand good management, strict adherence to policy, and a shared culture. This is particularly the case in larger organisations that may have pursued more traditional, top-down, office-based workflows for decades.

 

So how are those organisations coping?

Computing Research spoke to 150 IT leaders in medium to large organisations across major sectors of the economy to see how well they are managing the IT estate in this new world. Among the key findings of the survey, 77 percent believe there will be a significant increase in cybersecurity risks, while 73 percent believe keeping devices secure will become a much bigger challenge.

The increased diversity of devices, their geographical spread, and the sheer number of security patches and updates are also seen as challenges by most respondents - along with the growing workloads of IT departments that are enabling and supporting distributed workforces.

 

End-to-end security

The challenge for IT leaders is that many solutions lack the ability to provide the kind of end-to-end security and trust that organisations now demand; it is no longer sufficient for IT managers simply to regard some devices as trusted and others as not, as they might have done in previous decades.

Indeed, security was among the main reasons for IT leaders choosing to use advanced remote management capabilities in the first place. Asked for the prime motives for using cloud-based IT management suites, security policy compliance topped the chart, cited by 51 percent of respondents.

So what are the security features deemed most essential by IT leaders? Computing found that multi-factor authentication (67 percent) and end-to-end session encryption (51 percent) are the clear winners in terms of functionality, followed by cloud-based administration (45 percent) and the ability to securely erase a remote disc (43 percent), alongside advanced access control (43 percent).

Also on the list of must-haves are: post-perimeter security (34 percent); off-domain management capabilities (30 percent); hardened device security below OS level (30 percent); management for user-less IoT/Edge devices (18 percent); and out-of-band (OS independent) device management (16 percent).

So why are all of these features so critical? As we have already explored, it is no longer sufficient to see security and authentication as being focused on the device itself.

The only workable IT estate management model in distributed environments is one that authorises and authenticates every request for data and application access, in accordance with the organisation's internal policies - and the wider regulatory environment.

It should also give IT teams full remote management of authorised devices, regardless of what they are and where they are located. That includes the ability to de-authorise them and erase content remotely, should they be compromised or fall into the wrong hands.

Welcome to the new world of IT management in the cloud: it is no longer about the ‘what' in terms of hardware and operating system; it is about the who and the why - who is accessing an application or data set, and why are they doing it?

And just as important, are they who they say they are, and are they acting as the team expects them to?

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

You need to lock down cyber-physical systems: Here's how and why

You need to lock down cyber-physical systems: Here's how and why

Cybersecurity should focus on OT as well as IT

Samara Lynn
clock 27 March 2024 • 3 min read
China Crisis: Government blames China for Electoral Commission cyberattack

China Crisis: Government blames China for Electoral Commission cyberattack

Also accuses Chinese state-affiliated actors of trying to hack MPs emails

Penny Horwood
clock 26 March 2024 • 5 min read
A cyber-focused attorney on why 'Data is the hot potato'

A cyber-focused attorney on why 'Data is the hot potato'

Shawn Tuma, partner and co-chair of the data privacy and cybersecurity practice group at Spencer Fane LLP, shares some tips on cybersecurity for companies to follow.

Samara Lynn
clock 26 March 2024 • 3 min read