fbpx
Share

Developing a hybrid workforce supported by cloud-native security 

Let’s not beat the hybrid workplace drum any more than it already has. An early 2022 study from Smart Company found that just under a quarter of Australian workers are now commuting to work five days a week, about the same amount are working remotely full-time, and the rest are splitting their time between days in the office and working remotely1. It’s here. To Stay. 

Let’s talk about how to secure this hybrid workforce effectively when the perimeter is no longer defined by infrastructure and data centre boundaries but by people. i.e. Your people are the new perimeter, wherever they are and on whatever devices they are using. That’s a whole new challenge and legacy corporate network and security models don’t cope – whereas cloud-native security will. 

The evolution of cloud security 

When this all started (aka the reactionary phase) organisations were scrambling to enable and secure remote access for employees and there were lots of challenges such as: 

  • Getting everyone connected – not just to cloud, but the data centre too 
  • Employees on multiple devices (personal or company) expecting to be able to use them to work from anywhere 
  • Applications had become predominantly cloud-based 
  • The need for low-latency connectivity between endpoints and cloud applications. 

Early solutions still relied on VPNs routing user traffic back through the data centre so that corporate security policies could be applied, but this is slow and costly. Remote workers also posed a greater security risk than on-site workers2 through phishing attacks, password sharing and lack of software patching on personal devices – along with the sheer volume of both threats and remote workers. IT teams went from managing a few corporate networks to worrying about everyone’s home networks too. 

 

The ACSC Annual Cyber Threat Report3 for the 2020-21 financial year showed that cybercrime reported during this period was 13 per cent up from the previous year – reflecting the report of a cyberattack every 8 minutes. A summary of these key threats and trends includes: 

  • Malicious actors exploited the coronavirus pandemic environment by targeting Australians’ desire for digitally accessible information or services. 
  • Approximately one quarter of cyber incidents reported to the ACSC during the reporting period were associated with Australia’s critical infrastructure or essential services. 
  • There was a 15 per cent increase in ransomware cybercrime. 
  • Supply chains continued to be targeted by malicious actors as a means to gain access to a vendor’s customers. 
  • The average loss per successful business email compromise (BEC) event has increased to more than $50,600 (AUD) – over 1.5x higher than the previous financial year. 
  • Remote workers caused a security breach in 20% of organisations surveyed2. 
  • A 2021 US report honed in on the top threats caused by having remote workers as phishing (62%), endpoint network attacks (employee devices and edge devices) (49%) and malware (39%)3. 
  • Of the employees caught by a phishing scam when working from home, 47% of cited distraction as the reason5. 

With humans as the new perimeter – and the massively increased need to secure devices at the edge – conditions were ripe for a concept like SASE to really take off. However, in that simple sentence, there is a catch. SASE is a framework or architecture, not a solution. It absolutely makes sense, but it doesn’t solve your problem. What will solve your problem is the right combination of SD-WAN, Secure Web Gateway, CASB, Firewall as a Service and Zero Trust Network Access solutions that together effectively constitute a SASE architecture. A framework designed to assign a user with a profile with access privileges to the cloud and access edge – effectively cloud-native security. These privileges can be enforced regardless of where your employees are, or what device or network access medium they’re using – and that’s the problem you’re trying to solve. 

Haven’t we already done cloud security? 

Most organisations have had some experience with cloud-based security, but in our experience, it hasn’t gone far enough. Just shifting network management tools (with their built-in security controls) to the cloud doesn’t constitute cloud-native security. You’re still left with gaps. Also, even if an organisation had deployed the tools listed above, they were often from different vendors with very little integration or information sharing between them, which again limits their effectiveness. 

Even if you have very limited numbers of remote workers, shifting to cloud-native security is imperative as legacy corporate network models become obsolete. These tools are still just as effective when your employees are in the office or remote, so you can utilise a single security framework while catering for multiple scenarios. This framework also becomes a platform for change, enabling organisations to develop and deliver new services and capabilities for their staff, their suppliers and their customers, knowing they have an agile, comprehensive security framework that can be applied. 

Visibility over apps and users 

Remote workers using personal devices present a massive shadow IT risk – it’s too easy to find an app to help share data and files, communicate with other remote team members, or fill any other need in your day-to-day work experience. This, in turn, leads to an even bigger problem and that’s the security of your data. Controlling the movement, storage and use of data becomes an enormous challenge not just for your information security, but also for internal and external compliance. As you can’t stop what you don’t see, visibility is incredibly important with additional controls such as DLP at the data layer. The right cloud-native security platform provides visibility and observability across your entire security infrastructure by automatically identifying devices, as well as leveraging analytics, dashboards, workflow automation, and that critical integration with third-party apps – all from a single pane of glass. 

Reducing complexity 

A cyber security mantra that we live by at Data#3 is that complexity is the enemy. Layers and layers of point solutions from different vendors that secure specific vulnerabilities all greatly increase the complexity of an environment and cloud-native security solutions aren’t immune either. Simplifying your environment doesn’t mean making it less secure. When we talk about simplification, we look at the amount of integration and communication between your solutions, which often means bringing together solutions from a single vendor. 

Vendors such as Cisco have made great strides in this regard with tight integration between tools like Cisco Umbrella, Cisco Secure Endpoint, Duo and Talos and we expect this trend to continue across other vendors and even between vendors in some cases. Simplifying your environment whilst maintaining high levels of security brings enormous benefits like helping to address the cyber security skills shortage by reducing the breadth of knowledge required to support and maintain your environment. 

You obviously can’t simplify your environment or implement cloud-native security overnight, but with Data#3’s dedicated security practice, we can help you secure your digital future by developing a transition plan based on your environment and the specific security challenges you face. 

For more information visit www.data3.com/security. 

Reach out to our security team today about designing, implementing and maintaining superior security. 

Contact Us 

  

  

  1. Smart Company (2022), Three emerging trends in a post-pandemic hybrid work era [ONLINE]. Available here.
  2. Malwarebytes (2020), Enduring from home COVID-19’s impact on business security. [ONLINE]. Available here.
  3. https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21
  4. ManageEngine (2021), The 2021 Digital Readiness Survey [ONLINE]. Available here.
  5. Tessian (2022), Understand the mistakes that compromise your company’s cybersecurity [ONLINE]. Available here.
  
[1] https://openvpn.net/blog/remote-workforce-cybersecurity-quick-poll/ 

 

Tags: Cisco, Cisco Security, Cybersecurity, Hybrid Work, Identity Management

Featured

Related

Customer Story: Teachers Mutual Bank Limited

Teachers Mutual Bank Limited earns time and focus through investment in a DaaS solution from Data#3…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Data#3 HP Services Award Partner of the Year 2022
Data#3 Takes Home HP Services Partner of the Year Award

November 24, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is pleased to announce that it has…

Regain control of your Microsoft 365 environment with M365 Optimiser

Cloud collaboration and communication tools like Microsoft 365 are more critical than ever as organisations transition to a combination of…

M365-Optimiser-Relaunch-KC-Card-02
Are you wasting your cloud budget on a bloated Microsoft 365 environment?

Cloud collaboration and communication tools like Microsoft 365 are more critical than ever as organisations transition to a combination of…

Microsoft Teams Rooms Licensing Changes
Teams Rooms Licensing: Is it time to make some changes of your own?

Licensing changes are rarely smooth. Case in point the Microsoft Teams Meeting Room Licensing changes that took effect on…

Delivering-the-Digital-Future-Securely
Delivering the Digital Future, Securely

Cyber security challenges continue to evolve, compliance obligations increase and skills shortages stress your teams – what if we could…

Data#3 name Dell Technologies Top Performer Award
Data#3 named Dell Technologies Top Performer 2022 for Australia

September 12, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…