Designing a durable enterprise-scale remote work program can require deeper changes. Now that a few months have passed since the initial remote push, it’s time for a needs assessment and review of what has changed to determine if access levels are correct and whether any security measures are actually impeding work.
With a great many more people working from home as a result of the pandemic, many organizations have had to change their network security paradigms. Security and risk management leaders need to develop controls consistent with the new risks.
Remote work generally follows a common pattern, and from a planning perspective means focusing on specific areas:
- Remote access, including VPN and especially zero-trust network access (ZTNA) design.
- Enhanced endpoint security for managed endpoints and — if applicable — personally owned devices.
- Secure web gateway (SWG) architecture and cloud access security brokers (CASBs), particularly to account for scale and remote locations.
- Security of collaboration platforms and teleconferencing solutions, especially if they are newly deployed. Recommendations on home network security for employees, which is not under the organization’s control but does play a role in the overall security posture.
With organizations expecting more employees to work from home in the future and an accelerated pace of change in operations and adoption of innovative business models, the risks of digitalization will keep evolving and cybersecurity threats will grow. It’s clear that organizations need to complete a due diligence exercise to make sure that what they are doing to protect the organization matches the objectives set to prevent any cybersecurity breach.