By Paul Holland, Principle Research Analyst at the ISF
Home working assumes a certain level of trust that some organisations may not be accustomed to. Staff need to be conferred a certain level of trust to perform their functions…
Paul Holland, Principle Research at the ISF
After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes?
The pandemic altered many organisations’ ways of working in 2020, with home working becoming the norm for many. Originally, it seemed to be a short-term measure, causing organisations to rapidly deploy point solutions.
However, the longer-term view for 2021 and beyond is that home working is a more permanent shift, and this is the perfect opportunity for organisations to start afresh and review their long-term strategy, including whether these interim point solutions should form part of it.
Also, some of last year’s projects may have been sidelined to create resources to secure home working. These should be rethought to ensure they accommodate the change in circumstances and align with the revised organisational strategy.
By rapidly deploying temporary solutions, it is likely organisations will have accrued security debt, which they will need to address, and if these solutions are to remain deployed permanently, they will need to be fully integrated into operations – for example, added to a CMDB (configuration management database) and support contracts.
Alternatively, if the point solution does not fit the revised strategy, it should be properly decommissioned and removed from service and replaced with a solution that matches the organisation’s new plans. Policies and procedures will need to be reviewed and updated where necessary. An added challenge is engraining changes into the organisational culture when the workforce is so widely dispersed.
Home working assumes a certain level of trust that some organisations may not be accustomed to. Staff need to be conferred a certain level of trust to perform their functions, although full control may be curbed through the implementation of monitoring tools.
With oversight of employees even more limited in the home environment, trust may gradually erode as organisations increasingly look towards tools such as user entity behaviour analytics (UEBA), or possibly opt for more intrusive monitoring, such as cameras to ensure staff are working when they should be.
However, this approach should be used with extreme caution. Using extreme tools gives employees the impression that they are not trusted, which could breed a sleeper insider threat, creating a bigger problem than the tools were trying to solve.
Most organisations are approaching home working more sensibly by securing network connections by VPN or adopting a zero-trust model. UEBA also plays a part, but to detect threat events on work devices connected to home networks as opposed to pure employee monitoring. Alerts from these tools need to be fed into a security information event management (SIEM) tool and/or the security operations centre (SOC) so they can be investigated promptly.
Another trend in reaction to the pandemic has been the adoption and expansion of cloud capabilities. By moving internal services to the cloud environment, organisations can limit the amount of connections made to their own network, reducing the risks associated with remote access. Crown jewels should stay within the corporate network, with access limited to the bare minimum of staff.
Last year saw a permanent change to security strategies, compelling a change in focus to tools based on access controls, such as VPN and multifactor authentication, a move to cloud services for suitable systems and a wider adoption of monitoring tools, such as UEBA. Organisations may never return to what information security professionals previously thought of as normal, so adjusting to these changes and keeping pace will become the way to protect systems and data from disclosure.