fbpx
Share

Developing a hybrid workforce supported by cloud-native security

Let’s not beat the hybrid workplace drum any more than it already has. An early 2022 study from Smart Company found that just under a quarter of Australian workers are now commuting to work five days a week, about the same amount are working remotely full-time, and the rest are splitting their time between days in the office and working remotely1. It’s here. To Stay.

But let’s talk about how to secure this hybrid workforce effectively when the perimeter is no longer defined by infrastructure and data-centre boundaries but by people. i.e. Your people are the new perimeter, wherever they are and on whatever devices they are using. That’s a whole new challenge and legacy corporate network and security models don’t cope – whereas cloud-native security will.

 

Reach out to our security team today about designing, implementing and maintaining superior security.


Cisco Hybrid Cloud Solutions - Cisco

 

The evolution of cloud security.

When this all started (aka the reactionary phase) organisations were scrambling to enable and secure remote access for employees and there were lots of challenges such as:

  • Getting everyone connected – not just to cloud, but the data centre too
  • Employees on multiple devices (personal or company) expecting to be able to use them to work from anywhere
  • Applications had become predominantly cloud-based
  • The need for low-latency connectivity between endpoints and cloud applications.

Early solutions still relied on VPNs routing user traffic back through the data centre so that corporate security policies could be applied, but this is slow and costly. Remote workers also posed a greater security risk than on-site workers2 through phishing attacks, password sharing and lack of software patching on personal devices – along with the sheer volume of both threats and remote workers. IT teams went from managing a few corporate networks to worrying about everyone’s home networks too.

 

ACSC Annual Cyber Threat Report 2020-21 - CRM Brokers

 

The ACSC Annual Cyber Threat Report3 for the 2020-21 financial year showed that cybercrime reported during this period was 13 per cent up from the previous year – reflecting the report of a cyberattack every 8 minutes. A summary of these key threats and trends includes:

  • Malicious actors exploited the coronavirus pandemic environment by targeting Australians’ desire for digitally accessible information or services.
  • Approximately one quarter of cyber incidents reported to the ACSC during the reporting period were associated with Australia’s critical infrastructure or essential services.
  • There was a 15 per cent increase in ransomware cybercrime
  • Supply chains continued to be targeted by malicious actors as a means to gain access to a vendor’s customers
  • The average loss per successful business email compromise (BEC) event has increased to more than $50,600 (AUD) – over 1.5x higher than the previous financial year.
  • Remote workers caused a security breach in 20% of organisations surveyed2
  • A 2021 US report honed in on the top threats caused by having remote workers as phishing (62%), endpoint network attacks (employee devices and edge devices) (49%) and malware (39%)3.
  • Of the employees caught by a phishing scam when working from home, 47% of cited distraction as the reason5

With humans as the new perimeter – and the massively increased need to secure devices at the edge – conditions were ripe for a concept like SASE to really take off… but in that simple sentence, there is a catch. SASE is a framework or architecture, not a solution. It absolutely makes sense, but it doesn’t solve your problem. What will solve your problem is the right combination of SD-WAN, Secure Web Gateway, CASB, Firewall-as-a-service and Zero-Trust Network Access solutions that together effectively constitute a SASE architecture. A framework designed to assign a user with a profile with access privileges to the cloud and access edge – effectively cloud-native security. These privileges can be enforced regardless of where your employees are, or what device or network access medium they’re using – and that’s the problem you’re trying to solve.

 

Haven’t we already done cloud security?

Most organisations have had some experience with cloud-based security, but in our experience, it hasn’t gone far enough. Just shifting network management tools (with their built-in security controls) to the cloud doesn’t constitute cloud-native security. You’re still left with gaps. Also, even if an organisation had deployed the tools listed above, they were often from different vendors with very little integration or information sharing between them, which again limits their effectiveness.

Even if you have very limited numbers of remote workers, shifting to cloud-native security is imperative as legacy corporate network models become obsolete. These tools are still just as effective when your employees are in the office or remote, so you can utilise a single security framework while catering for multiple scenarios. This framework also becomes a platform for change, enabling organisations to develop and deliver new services and capabilities for their staff, their suppliers and their customers, knowing they have an agile, comprehensive security framework that can be applied.

 

Cisco Intersight and UCS Director: Executing on Our Strategy - Cisco Blogs

 

Visibility over apps and users

Remote workers using personal devices present a massive shadow IT risk – it’s too easy to find an app to help share data and files, communicate with other remote team members, or fill any other need in your day-to-day work experience. This, in turn, leads to an even bigger problem and that’s the security of your data. Controlling the movement, storage and use of data becomes an enormous challenge not just for your information security, but also for internal and external compliance. And because you can’t stop what you don’t see, visibility is incredibly important with additional controls such as DLP at the data layer. The right cloud-native security platform provides visibility and observability across your entire security infrastructure by automatically identifying devices, as well as leveraging analytics, dashboards, workflow automation, and that critical integration with third-party apps – all from a single pane of glass.

 

Reducing Complexity

A cybersecurity mantra that we live by at Data#3 is that complexity is the enemy. Layers and layers of point solutions from different vendors that secure specific vulnerabilities all greatly increase the complexity of an environment and cloud-native security solutions aren’t immune either. Simplifying your environment doesn’t mean making it less secure. When we talk about simplification, we look at the amount of integration and communication between your solutions, which often means bringing together solutions from a single vendor.

Vendors such as Cisco have made great strides in this regard with tight integration between tools like Umbrella, AMP for Endpoints, Duo and Talos and we expect this trend to continue across other vendors and even between vendors in some cases. Simplifying your environment whilst maintaining high levels of security brings enormous benefits like helping to address the cybersecurity skills shortage by reducing the breadth of knowledge required to support and maintain your environment.

You obviously can’t simplify your environment or implement cloud-native security overnight, but with Data#3’s dedicated security practice, we can help you secure your digital future by developing a transition plan based on your environment and the specific security challenges you face.

For more information visit www.data3.com/security.

 

1. Smart Company (2022), Three emerging trends in a post-pandemic hybrid work era [ONLINE]. Available here.

2. Malwarebytes (2020), Enduring from home COVID-19’s impact on business security. [ONLINE]. Available here.

3. https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21

4. ManageEngine (2021), The 2021 Digital Readiness Survey [ONLINE]. Available here.

5. Tessian (2022), Understand the mistakes that compromise your company’s cybersecurity [ONLINE]. Available here.

 

[1] https://openvpn.net/blog/remote-workforce-cybersecurity-quick-poll/

 

 

 

 

Cisco Webex Desk Pro

Contact us here

1. Meraki Smart Spaces Experience Guide (2022). Transform any Place into a Smart Space [Online] Available at https://merakiresources.cisco.com/rs/010-KNZ-501/images/Meraki-SmartSpaces-ExperienceGuide-english.pdf

Tags: Cisco, Cisco Meraki, Data Security, Data Strategy, Data#3, Digital Transformation, Internet of Things (IoT), Smart City

Featured

Related

Data#3 HP Services Award Partner of the Year 2022
Data#3 Takes Home HP Services Partner of the Year Award

November 24, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is pleased to announce that it has…

MS-Surface-Laptop-5-Fall-22-Release-Video-Card
Microsoft Surface Laptop 5: Designed to exceed expectations

The all new Microsoft Surface Latop 5 has arrived – and it is designed to power productivity and exceed expectations!…

MS-Surface-Pro-9-Fall-22-Release-Video-Card
Microsoft Surface Pro 9: Laptop power, tablet flexibility

The famously flexible form factor of Surface Pro, stays true to it’s roots with the release of the Surface Pro…

Meet Surface Laptop 5 and Pro 9 through the lens of today’s hybrid workers

Hybrid and highly mobile workers require devices that keep them productive and secure. Wherever they happen to set up their…

The laptop that unlocks learning: Microsoft Surface Laptop SE

Microsoft’s first laptop, designed and built JUST for education    Reserve a Demo Unit Help students…

Data#3 name Dell Technologies Top Performer Award
Data#3 named Dell Technologies Top Performer 2022 for Australia

September 12, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…

Smart spaces are changing the workplace
Will Smart Spaces Be a Game-Changer in Your Workplace?

Many elements of smart space technology were already theoretically possible, but integrating sensors and smart cameras, for example,…

Transform any space into a smart space
Smart Space Experience Guide

If there’s one thing that a global pandemic has shown, it is that those working with technology are masters…