The Covid-19 pandemic has forced businesses to change the way they are operating, which includes making the shift to remote working. Of course, such an abrupt change in the way an organization does its business comes with a unique set challenges, especially with security. Ian Keller, Chief Security Officer (CSO) of SBV Services in South Africa, recently sat down with Trend Micro and shared his thoughts on how his organization is coping with the current pandemic and how it’s shaping their future IT security strategy.
The recent pandemic has flipped the world upside down, and what companies are experiencing right now might be considered the beginning of our path to the new normal. Reflecting on the experiences of a large financial services organization, Ian Keller has been on the front lines as SBV Services transitioned their staff to remote work and is an integral driver of their strategy for moving forward.
Building organizational resilience
One of the challenges with remote work is that one household often has to share a single connection. While most businesses provide their employees with VPN connections for accessing systems and services, there is still the potential for cross-contamination between the endpoints or the different machines on the network.
Companies have plenty of options for hardening physical endpoints when it comes to the technology stack. However, Keller believes that security teams also need to start focusing heavily on end user behavior and device analytics, as companies move to a remote work set up.
He also reiterates the importance of zero-trust networks and the need for constant verification. With staff doing their work remotely, the need for constant verification plays an even greater role in security, something that SBV had already been doing for some time.
Facing the challenges of remote work
Transitioning to a new remote work environment will naturally have its fair share of hiccups. For many organizations, remote work has traditionally only been an option for a portion of the staff, and the sudden need for everyone to be able to work from home can prove to be a challenge.
Making a company’s infrastructure ready to shift to a remote work environment involves ensuring not only the availability of the applications — with proper protections — that employees use regularly, but that remote support services, like remote desktop, are also in place.
The people side of the equation
Even with the right technology and systems in place, the people side of the equation plays a significant role, especially in terms of security. Securing endpoints in an office environment is simpler, given that the company’s IT staff controls most of the infrastructure. This becomes more of a challenge in a home setting, where delineating between work and personal life becomes blurred.
Keller also noted that people tend to work longer due to the absence of a divide between their work and home environment. This can lead to carelessness when it comes to security, or even worse — burnout.
The current situation has given people, especially executives who have a traditional mindset of “people in seats equals work”, the opportunity to see the value of a remote workforce. As companies start embracing the thought process that work can be done wherever the employee is located, security needs it keep in step.
One thing to note here is that while people feel they’re protected while working remotely, there is still the potential of another device in the home network that might cause problems. Keller believes that while the employee may relay that information to the IT staff, what happens next can be complex – because everybody has privacy boundaries, especially when it comes to their own homes.