Getting back to normal: secure work in a post-coronavirus world
For the second time in a few short months, we are entering uncharted territory. After having to adjust to unprecedented lockdowns and near standstill of economic activity, now businesses worldwide are slowly, and with cautious optimism, getting back to some regular routine.
The truth is, no one knows what the new normal will look like. But one thing is clear – as organizations prepare to resume operations, we have to fundamentally rethink many of our business and work habits and re-prioritize our resources.
Cybersecurity is on top of mind as operations resume
Cybersecurity is more critical than ever for several reasons – the prevalence of decentralized workforce, the attempts to leverage the panic for scams and fraud, privacy concerns, and new work procedures that make it more difficult to vet suppliers and partners, to name a few.
The steady rise in coronavirus-themed scams and phishing attempts, like the recent attacks on employees of the World Health Organization or the UK Tax Revenue office fraud, is a major source of concern for security managers and law enforcement agencies worldwide. At the same time employees that are working from home at an unprecedented scale, using unprotected home networks and unsecured devices, are becoming a huge burden on IT teams and compliance managers.
As Computer Weekly and TechTarget’s research showed, security and risk management tools were at the top of the list of organizational priorities before the crisis, and this will almost certainly be the case now that we’re emerging from the lockdown slumber.
But looking on the bright side – we are given an unprecedented opportunity to innovate and adopt new habits. As many will admit, a fundamental reshaping of the world of corporate IT security is long overdue.
Focus on efficiency and cost reduction
As organizations are feeling the budget crunch, efficiency comes to the forefront. Tools that make IT teams more efficient and reduce help desk and operational expenses will become a necessity, not an afterthought.
One critical effort that has always been frustrating and costly for employers of all sizes is employee security training. Now, new methods and technologies that are quickly gaining traction can help decrease this struggle by deploying better tools that relieve some of that need. The potential damage of a security breach in the post-COVID era will be more devastating than ever, and companies will pay more for security slip-ups, directly and indirectly. The same is true for not complying with regulation.
At the same time, fear of a recession makes cutting costs crucial, and investments in securing sensitive data and company assets in the first place can help organizations avoid large-ticket fees and expensive IT remedies.
More specifically, a higher pressure will be put on IT and security teams to make sure their identity and access management are up to par, and they will need all the help from tech vendors. Keeping your systems safe with user-controlled passwords will simply no longer cut it. The increase in demand for MFA solutions for remote employees during the coronavirus crisis is testament to that but is only a partial solution to the underlying issue. Abolishing passwords and embracing passwordless authentication methods is the one way companies can ensure that their assets are safe and secure, yet easily accessible by those approved.
The rules of employee access have changed
“Organisations shouldn’t see the current situation as an aberration followed by normal service. It’s the first step in a long-term transformation of the challenges and opportunities that security teams face.”
Amanda Finch, CEO of the Chartered Institute of Information Security.
Protecting the perimeter is no longer the name of the game. Efficiency when working from home demands easy and secure access to everything, everywhere and all the time, while authenticating relevant users without a hustle.
Protecting company assets while allowing smooth access to remote employees obviously requires companies to embrace agility and new working procedures at the core of their operations. This substantial shift includes embracing cloud solutions and remote collaboration tools supplied by external vendors, implementing new technologies in enterprise environments that traditionally shun those in favor of legacy, on-prem tools.
Undoubtedly, this means more of an attack surface to protect. As security teams rushed to cobble together remote–work plans in a matter of days, they inevitably left unnoticed holes in their defenses. When many organizations were suddenly pushed into the world of remote work, employees had to access corporate networks with unsecured private devices and networks that lack enterprise-level security measures with IT having limited visibility and control.
According to one researcher, “coronavirus practically guarantees the “largest cyberattack ever” will soon be plastered all over the front pages.” While not necessarily an inevitable, immediate result, this is a very plausible scenario. Those of us how are entrusted with protecting IT systems have to assume that the premise is true.
That is why better authentication methods are already in demand and will be deployed in unprecedented numbers in the coming months. As supplying physical security keys becomes too burdensome in the working-from-home era, organizations need a secure but easily scalable alternative.
Passwordless authentication is key to security in the new normal
For the forward-looking and agile CISO, these times are anxiety-inducing, but they are also filled with excitement. We finally have a carte-blanche to innovate, not just technologically but conceptually, and have the rare chance to use chaos as an opportunity to take security to the next level.
IT decision-makers realize that old authentication methods, usually relying on user-generated passwords and manually enforced policies, restrict agility while failing to provide adequate levels of security. As organizations digitize their business processes and invest in application modernization, rethinking authentication methods to answer new requirements is vital.
That is where passwordless authentication comes in. By removing the weak link – the user’s memory – from the equation, passwordless authentication helps organizations provide secure access anytime, anywhere. Removing passwords unloads a significant burden from the enterprise helpdesk and domain admins and increases worker productivity and satisfaction. And with no passwords to protect, manage, reset and update – precious budgets and working hours are freed.
LDAP, Active Directory and Federated Identity: What You Need to Know
LDAP, Active Directory and Federated Identity: What You Need to Know
Put a PIN in that: why passwords vs. PINs comparisons are irrelevant