Enabling Remote Work While Ensuring Maximum Security
In just a few short weeks, remote work has morphed from a perk offered mostly by tech companies to an absolute necessity, as the COVID-19 epidemic continues to disrupt the daily lives of millions of people. Suddenly, companies are forced to enable their employees to work from home on a massive scale, while keeping their productivity up.
Oracle, Apple, Google, and Amazon are among the largest global companies that have restricted travel and asked their employees to work remotely. By now nearly everyone is moving to remote work to some degree, at least temporarily.
Remote work: from outlier to a new norm
Remote work has been somewhat of a contentious subject. Back in 2013, Yahoo’s then CEO Marissa Meyer has issued a memo banning any Yahoo! employees from working from home.
The reasoning was that “Some of the best decisions and insights come from hallway and cafeteria discussions, meeting new people, and impromptu team meetings.”
Even at the time, the memo caused mixed reactions. On one side of the barricades, the ban was heralded as the collapse of remote working. ‘If Yahoo! can’t make it work,’ the feeling went, ‘who can?’ On the other side of the argument, the remote working ban has been perceived as excessively draconian and adversely affecting the worker’s lives, especially parents of young children. Since then, technology has evolved dramatically to support remote work. We have vastly improved telecommuting apps, cloud sharing, and collaboration tools such as Slack. As a result, the attitudes toward remote work have changed as well, with many companies offering it as a perk to support work-life balance of their employees.
The Covid-19 epidemic marks yet another watershed in the evolution of working remotely, as companies of all shapes and sizes and, all attitudes to remote work, have no choice but to either work remotely or shut down completely.
Can remote work be effective?
According to Gallup’s research, the answer is yes. Their data suggest that remote work not only improves outcomes and employee branding but is a policy that the most talented employees desire.
Moreover, in some cases (like the situation many find themselves right now) remote work capability and culture are absolutely essential for business continuity. Coronavirus outbreak has demonstrated that remote working is a critical risk management tool that can make the difference between surviving a pandemic or global disaster and sustaining unrecoverable damage.
Remote work is also effective in dealing with less severe business disruptions such as corporate changes, M&A, talent shortage, or relocation of critical employees. It can also become a competitive advantage as it allows companies to hire the best talent without being hostages to geographical constraints.
Security implications of remote work
Remote work introduces new risks and challenges into the corporate IT infrastructures. Some of the risks include:
- Unsecured wifi networks: Some workers may connect to enterprise assets through unsecured networks, potentially giving access to malicious parties to spy on the enterprise and collect confidential information.
- Using personal devices and networks: Home devices will often lack the tools built into business networks such as robust antivirus software, customized firewalls, and automatic online backup tools.
- Phishing: As more and more people work from home, we’ll likely see an increase in malicious phishing campaigns targeting remote workers.
Enterprises must ensure that their remote employees are adequately secured, and security teams have the right infrastructure in place, including such capabilities as remote access, remote wiping or bricking, and secure channels for communication.
Employee authentication solutions are not well suited for remote work
While there is an increased awareness about working remotely, the majority of organizations are not prepared for its widespread enablement since most enterprise-grade IAM and authentication solutions are simply not geared towards a remote workforce.
Remote work demands easy access to applications from anywhere. But as each application has a different set of password requirements, such as expiration cycles and length/complexity rules, users are often overwhelmed, leading to diminished productivity.
The switch to home networks and devices usually warrants stricter security and authentication measures. Imagine the increase in employee frustration as they spend more and more time trying to reset, remember, and manage these continually changing passwords across all their applications that once were readily available on corporate networks. Perhaps an even more significant concern is the security risk caused by users who react to “password fatigue” by using obvious or reused passwords, writing passwords down or sharing credentials with colleagues. In addition to these risks, IT managers must take into account the added load on the helpdesk team that has to support a decentralized workforce.
Reaching the balance between security and flexibility with passwordless authentication
“One of the most destructive notions against good and practical IT security is the supposed axiom that security is the opposite of simplicity.” Aviram Jenik, CEO, Beyond Security
For many, remote work is synonymous with convenience. To support employees working from home, companies need to find ways to support them and to keep their workers productive wherever they are without compromising on security. This new state is pushing companies to revisit work-from-home policies, including the means to secure distributed and increasingly mobile workforce.
While most companies already have VPN solutions deployed for this purpose (to some extent at least), and some even employ multifactor authentication and advanced access control policies, it is absolutely essential these solutions are implemented in a way that guarantees the same level of data security as demanded on-premise. By removing passwords from user authentication, enterprises can enable their remote workers to access company data and applications without putting the enterprise at risk, while avoiding heavy passwords management costs.
As employees need to access a multitude of assets, applications, and environments, passwordless authentication removes the ‘password fatigue’ problem altogether. At the same time, passwordless IAM solutions such as Secret Double Octopus enable full visibility into user access rights on corporate networks. Passwordless authentication empowers corporations of all sizes with a highly secure and user-friendly access mechanism, no matter where their employees are working from.
Software Tokens Vs Hardware Tokens
Software Tokens Vs Hardware Tokens
10 Security Tips For The Remote Workforce