Like many of us in security, the last business trip and conference I attended was RSA in San Francisco, March 2020. It was then that we started to hear about how dangerous and fast spreading the “Novel Coronavirus” that causes COVID-19 was and slowly started to realize this was not going to be a normal flu outbreak. It was just after the RSA Conference that the world started to shut down and change drastically.
In 2021, the RSA Conference theme is “resilience”. That seems appropriate given the year we have had and the fact that the conference will be virtual. The term “resilience” like many terms in security can have many meanings depending on the context. In this post I would like to highlight the role resilience has played over the past year by highlighting trends and guidance that aligns with three pillars of security— people, process, and technology.
I am amazed by the resilience of people over the past year. The world has come together to fight the biggest pandemic of our time where to date, with over 150 million infected and over 3 million deaths, impacting everyone in the world. In addition to the impact on physical health, the toil on mental health and the world economy has been formidable. Through innovation we found ways to mitigate the spread of the virus and developed a vaccine in record time to save lives.
Working from home put a strain on IT and Security departments around the world, as they had to quickly evolve to the new reality. Some companies were already setup for remote work, while others had to quickly deploy new tools and infrastructure to keep their businesses afloat.
The impact on IT and Security organizations has forced organizations to adapt to a new world, where work-from-home became the norm, kids were also learning virtually, and nights out became takeout. Pew Research found that prior to the pandemic, workers who said their job responsibilities could be done from home rarely did so, only 1 in 5 said they worked from home some or all the time. However, during the pandemic this number jumped to 71% of workers doing their job from home, with more than half saying they would like to keep working from home even after the pandemic is over.
In addition to employees working from home, most companies also put a ban on business travel, forcing them to not only use Zoom for internal communications, but also to communicate with customers, prospects, and partners, which posed added security risks.
Many organizations have business continuity plans, but very few considered a global pandemic at the scale of COVID-19. As the seriousness of the pandemic was realized it forced organizations to review their business continuity plans, their IT architecture and for security teams, their overall security posture and incident response process.
The businesses that have survived were able to adapt to the change quickly, many of them were in the process of a digital transformation, migrating to cloud-based architectures, the pandemic accelerated this transition. Organizations that had not moved to a cloud-based architectures had to evolve quickly to survive, as hardware became difficult to acquire due to supply chain disruptions. The shift to remote workers and the cloud required security teams to revise their risk assessments particularly on assets and processes critical to the business.
Securing “work-from-home” at scale is a difficult transition for most businesses, particularly if they did not have anything established for remote workers prior. Here are a few recommendations that we have implemented at ReliaQuest with our customers to help them with the transition (but really they are foundational for security hygiene—regardless of the macro environment.)
Identify and Protect Critical Systems: In a remote work environment VPN (virtual private networks), Cloud environments and endpoint security have been identified as critical components to empower and secure remote work forces. Ensuring that these systems have the proper telemetry in place for monitoring as well as a vulnerability and patch management to keep these systems running and secure is critical.
Multifactor Authentication: Many organizations have established multi-factor authentication to secure at least parts of their network, however having to accelerate the rollout can be a challenge. Similar to prioritizing critical systems, organizations will want to prioritize users who have elevated privileges as well as those working with critical systems. For other users it is best to rollout in phases to ensure the IT and Security teams are coordinated and identify any bugs as things are rolled out.
Compensating Controls: Many tools critical to employees doing their jobs are on-premises only, and IT teams are having to open some of these tools up to remote workers. IT and security teams need to work together to ensure that as these applications are made available to remote employees that these apps are protected with additional controls, such as with VPNs (virtual private networks) and MFA as mentioned above. However, they will also want to gather more verbose logs from these systems as well for the security team to identify any anomalies. Often security teams may not prioritize these internal systems and opening them up to remote workers can increase risk without the proper controls in place.
Virtualization: Leveraging cloud-based virtual environments can make remote work easier for employees, as well as allow organization to get more out of the server and cloud infrastructure they already have. However, it is important to ensure that strong authentication policies are enforced.
During the pandemic, suddenly companies are forced to extend their firewalls and monitoring beyond the physical boundaries of their office. Company systems are being accessed from a wide range of devices, even personal devices. These changes can lead to compromise, data sprawl and other new vulnerabilities.
According to Gartner during the pandemic while technology budgets shrank by 8% overall the increased demand for cloud growth grew by 18%. Some of the challenges with moving to cloud based infrastructure often means lack of centralization and visibility, as IT and security teams need to both retool as well as learn modern technologies quickly.
The outcome is an inability to respond to detect and respond to cloud-based threats as the tools and threats in these environments is quite different from on-premises based infrastructure. In addition, compliance and privacy challenges don’t go away with the shift to cloud and organizations need to evaluate these requirements as they shift
Zoom and other teleconferencing solutions have become the real star of the pandemic. Counting both free and paying users, Zoom has 300 million daily meeting participants. That is an increase of 2900% since December 31, 2019, when 10 million daily meeting participants logged on. There was a challenge early in the pandemic with securing these meetings as many left them open to anyone which led to “Zoom bombing” and other threats.
The New Normal?
As more employees are now working from home, some do not want to go back to the office and some companies are seeing the benefits of remote work and have even shut down their offices altogether. Although not every company will be that extreme, most companies will be slow to move employees back to the office and most believe there will be some element of remote work in the future. The forced digitization of COVID-19 has functioned as a test lab for remote work in many companies as well as a cloud transition. This transition has forced organizations to change how they approach IT and security to enable people to work securely as well as protect their customers. This change has had a significant impact on how organizations approach their security process, as well as the technology they use, shifting from a on-premises and centralized architecture to a remote/hybrid and distributed one. The question remains whether this will be the new normal, or will organizations revert-back to the way they were doing things before the pandemic, or will it be a hybrid of both?