Partner Insight: How organisations are staying secure while working remotely

clock • 4 min read
Partner Insight: How organisations are staying secure while working remotely

Nearly every organisation from the biggest multinational to the smallest SME now recognises that the perimeter of the enterprise is no longer at head office or around the corporate desktop and firewall. It is wherever the furthest employee working on their laptop, tablet, or phone happens to be - and wherever their daily contacts are.

IT leaders in organisations that have long offered flexible or remote working have known this for years, as they have strived to lower their property costs or support employees who are constantly on the road or juggling family and lifestyle commitments.

However, COVID-19 has forced everyone else - bar frontline workers and other essential support services - to get to grips with the concept of a more distributed workforce. And fast.

 

Beyond the video meeting

It's not just about Zoom, Skype, or Google Meet calls. The shift from shared office spaces to shared, remotely managed projects demands three things: strong leadership; a flatter and more collaborative working culture; and a robust, secure, standards-driven IT infrastructure based in the cloud.

All three pillars need to be in place to support the new business reality as organisations face a long and uncertain recovery, during which some changes in working practices may become permanent.

Many business leaders may come to see remote, flexible working as an opportunity to create more efficient, greener, lower-cost organisations that no longer force people to commute into choked and crowded cities. But there are real challenges for IT professionals in supporting these new business aims.

 

Wherever I lay my laptop...

This is because whatever device an employee is using, it will need to host, store, process, or access internal applications, data, and services, many of which may involve sensitive or privileged information.

In that environment - and with so much device variety, thanks to workers' own technology choices - trust, authentication, management, and security will be the critical factors.

Of course, these are operational technology challenges. But they also demand good management, strict adherence to policy, and a shared culture. This is particularly the case in larger organisations that may have pursued more traditional, top-down, office-based workflows for decades.

 

So how are those organisations coping?

Computing Research spoke to 150 IT leaders in medium to large organisations across major sectors of the economy to see how well they are managing the IT estate in this new world. Among the key findings of the survey, 77 percent believe there will be a significant increase in cybersecurity risks, while 73 percent believe keeping devices secure will become a much bigger challenge.

The increased diversity of devices, their geographical spread, and the sheer number of security patches and updates are also seen as challenges by most respondents - along with the growing workloads of IT departments that are enabling and supporting distributed workforces.

 

End-to-end security

The challenge for IT leaders is that many solutions lack the ability to provide the kind of end-to-end security and trust that organisations now demand; it is no longer sufficient for IT managers simply to regard some devices as trusted and others as not, as they might have done in previous decades.

Indeed, security was among the main reasons for IT leaders choosing to use advanced remote management capabilities in the first place. Asked for the prime motives for using cloud-based IT management suites, security policy compliance topped the chart, cited by 51 percent of respondents.

So what are the security features deemed most essential by IT leaders? Computing found that multi-factor authentication (67 percent) and end-to-end session encryption (51 percent) are the clear winners in terms of functionality, followed by cloud-based administration (45 percent) and the ability to securely erase a remote disc (43 percent), alongside advanced access control (43 percent).

Also on the list of must-haves are: post-perimeter security (34 percent); off-domain management capabilities (30 percent); hardened device security below OS level (30 percent); management for user-less IoT/Edge devices (18 percent); and out-of-band (OS independent) device management (16 percent).

So why are all of these features so critical? As we have already explored, it is no longer sufficient to see security and authentication as being focused on the device itself.

The only workable IT estate management model in distributed environments is one that authorises and authenticates every request for data and application access, in accordance with the organisation's internal policies - and the wider regulatory environment.

It should also give IT teams full remote management of authorised devices, regardless of what they are and where they are located. That includes the ability to de-authorise them and erase content remotely, should they be compromised or fall into the wrong hands.

Welcome to the new world of IT management in the cloud: it is no longer about the ‘what' in terms of hardware and operating system; it is about the who and the why - who is accessing an application or data set, and why are they doing it?

And just as important, are they who they say they are, and are they acting as the team expects them to?

More on Government

The £7.5 million fine is a reduction from the £17 million fine proposed last year

ICO fines Clearview AI £7.5m over image collection

The UK's data protection watchdog has fined facial recognition company Clearview AI £7.5m for illegally collecting images for facial recognition.

clock 24 May 2022 • 3 min read
Sharon Barber named as the co-Chair of the National Cyber Advisory Board

Sharon Barber named as co-Chair of the National Cyber Advisory Board

She presently serves as the Chief Resilience & Security Officer at Lloyd Banking Group

clock 13 May 2022 • 2 min read
UK government to introduce new Data Reform Bill

UK government to introduce new Data Reform Bill

Bill intends to overhaul GDPR, while big tech regulation kicked into the long grass

clock 11 May 2022 • 3 min read