Remote working has become a part of normal life in 2020. The swift mass move to remote working in response to the COVID-19 pandemic has presented many new challenges and opportunities for organisations.
Understanding the needs of remote workers is a scenario that many have previously either never dealt with or only to a small degree. Organisations commonly struggle to provide adequate security for remote workers and fail to meet remote access requirements in today’s cloud-first world. Despite these problems, remote workers are ideally placed for migration to a cloud-native security solution. Doing so delivers significant risk reduction and improvement to user experience, whilst requiring relatively little effort.
With remote workers vulnerable to cloud-based attacks and struggling with connections, organisations should consider cloud security to protect corporate assets and provide a positive remote working experience.
1. Cloud-Based Threats
Times change quickly and cloud has fast emerged as a desirable target. The most common cloud-based attack is phishing, with the primary phishing target being employee’s credentials for cloud apps and webmail. Legacy web security defences are trailing behind and can no longer provide adequate security.
The average organisation will typically use over 2,400 cloud services and apps. However, of these 2,400, over 1,600 are known to deliver threats. There are numerous examples of cloud services, cloud apps, and cloud storage being used to evade legacy defences. With remote workers typically spending up to 89% of their day accessing the cloud, insufficient cloud security makes employees vulnerable.
2. Data Exposure & Theft
Organisations will often whitelist familiar and trusted cloud services such as Microsoft Office 365 and G Suite. Despite these cloud services being known and trusted entities, they are not faultless. Remote workers can move data (either accidentally or intentionally) between a company and personal instances of these cloud services, making it difficult to track corporate data.
An organisation will only have a handful of managed cloud services – usually less than 2%, meaning that 98% of cloud services that are used are unmanaged. Unmanaged apps are commonplace and adopted readily by users who are looking to make their job easier. Whilst it might enable them, unmanaged cloud apps mean a free flow of corporate data. Data movement between cloud application categories can unintentionally expose corporate data. Detecting this data movement, and managing it is key.
Without understanding the risks associated with cloud applications, it is impossible to limit access or user activities for those cloud apps where data may be at risk of compromise. Gaining insight into which apps are lower risk (such as Microsoft OneDrive), versus higher risk (such as WeTransfer) can enable security teams to set appropriate data protection policies for remote workers.
3. Access Compromise and Anomalies
It is recognised that company data no longer sits behind the corporate firewall and instead lives in the cloud and therefore it comes as no surprise that cybercriminals have made cloud credentials their number one phishing target.
If a phishing attack is successful, an enterprise’s next defence is to identify as quickly as possible the use of compromised credentials and associated malicious activities. Legacy defences, which are blind to cloud services because they are unable to decode the content and context, leave remote workers unprotected and security operations with no ability to detect or investigate access compromise and anomalies.
4. Home Working VPN Performance
Despite some organisations adopting the cloud fairly quickly, cybercriminals have inevitably adopted it faster. Many businesses are still trying to secure cloud usage using web security appliances that they invested in years ago. Special measures are rarely afforded to remote workers, with many employees, who are working from home, connecting to applications through VPN connections. Such applications are typically restricted in compute and storage capacity, forcing security teams to make decisions between security capabilities and acceptable performance.
Approaches such as whitelisting traffic in an attempt to improve user experience, selectively firing defences based on risk or reputation, or allowing remote workers to bypass security controls, are all huge risks when it comes to a cloud-first environment. Organisations must adopt a modern cloud approach to security for remote workers that is scalable and delivers optimal user experience.
5. Adoption of Zero Trust Network Access
The need for corporate data centres is being removed as businesses migrate to and adopt cloud technologies. Managing legacy VPN solutions, which connect back to applications in traditional data centres, introduces multiple risks and creates a poor user experience.
These solutions can cause a range of issues:
- Pinning remote users via VPNs through central data centres for them to access apps and resources hosted in public cloud environments results in poor performance and frustrated users.
- Open ports and services for VPN connections into network environments provide an open attack surface.
- Remote VPNs provide compromised accounts or malicious insiders with both access and the potential for movement within the corporate network.
Remote Workers Should Be A Top Priority For Cloud-Native, Cloud-First Defences
Remote workers spend most of their time working in the cloud. Consequently, remote workers are a prime target for cloud-enabled threats, as well as enabling a stream of data across a wide breadth of cloud applications and services.
Introducing a solution that protects all users and devices, no matter the location, is essential as working from home continues.
A cloud-based solution will provide a detailed understanding of the likes of content, context, risk level, and much more, of the cloud applications being used within an organisation. These variables aren’t found in legacy web defences and can be used to build effective data protection policies that sit directly in the cloud.
How Can We Help?
Ensure that your remote workers are provided with the security they need. Get in touch to find out how a cloud-native, next-generation secure web gateway can control web access, provide data and threat protection, and provide policy controls for your business.