The response of many businesses to the pandemic has resulted in major gaps being left in their data protection efforts. Anurag Kahol, CTO at Bitglass, tells us that organizations must equip themselves with proper tools to avoid data leakage as well as other security risks.
Businesses are struggling to shift gears when it comes to secure remote access across their systems, leaving major gaps in their data protection efforts that need to be addressed urgently.
For most Asia Pacific businesses, securing the remote workforce has been a growing priority for some time, but the emergence of COVID-19 has propelled it up the corporate agenda in a way that few could ever have imagined.
The rapid shift from office-based work to home-based work, combined with a lack of adequate forward planning, has made the transition a painful one for many. Simply finding a workable remote solution has been challenging enough, let alone one that meets all the same stringent data protection measures typically found in an on-premises setup.
In fact, according to new research, 41% of businesses are yet to implement any steps to expand secure access of their remote workforces despite over 75% of employees now working from home.
The research study conducted during the height of the pandemic, gives a fascinating insight into the challenges faced and how the scramble to adapt has left sensitive business data dangerously exposed to cyberthreats.
Let’s look at the key research findings in more detail and assess what businesses can do to help them adapt to the ‘new normal’ in a safer, more secure manner.
Few businesses were prepared for large scale remote working. Before the start of the year, the prospect of a fully remote workforce seemed far-fetched for the majority of organizations. Indeed, almost four out of five of those questioned said less than a quarter of their workforce was working remotely prior to the pandemic.
Fast forward a few months and over 75% of the same organizations’ workforces are working from home indefinitely. Such a vast shift to remote working is unlikely to be seamless without the necessary planning and infrastructure in place.
Unfortunately, this often takes months, or even years to complete, far longer than the days/weeks that organizations had to adjust. Not surprisingly, only 29% of respondents claim they were fully prepared for remote working when the pandemic hit, with 33% saying they were either ill prepared or not prepared at all.
When considered from a security perspective, the picture becomes even more concerning, with 70% stating they were either only moderately prepared or not prepared at all.
Unmanaged cloud access poses a major threat to data security. To help ease the transition to remote working, more than half of organizations (54%) have understandably accelerated their migration of user workflows to cloud-based applications.
Consequently, this has helped employees to access everything they need to do their jobs from home. However, with no managed device program in place, almost two-thirds (65%) have allowed employees to access these cloud applications from personal, unmanaged devices. Alarmingly, that is despite 55% of respondents acknowledging that such an approach poses a significant data security risk.
These findings indicate that organizations understand the risks but are operating for the sake of Business Continuity and productivity. The results appear to be positive, with 84% of organizations seeing either the same or higher levels of productivity from remote working.
However, risking data security is a dangerous game which puts corporate reputation and even long-term viability on the line in the event of a breach. This is reflected in the fact that almost two-thirds of respondents (63%) fear their current remote working program is impacting on their compliance posture for regulations potentially risking major fines and sanctions should the worst happen.
Adoption of effective security solutions needs to accelerate. When asked about existing controls to secure remote working, only 34% of enterprises claimed to have any form of endpoint compliance, while just 18% had cloud DLP in place, both of which are worryingly low given the current situation.
The lack of cloud DLP is particularly notable given that 29% of respondents claimed they were fully prepared for remote working. This means at least 11% of respondents don’t feel that cloud DLP is an important component of a secure remote working program – a prospect that surely attracts cybercriminals.
Any organization looking to create a remote working program with a BYOD approach must also deploy the tools needed to properly protect sensitive data in such an environment.
Consequently, the numbers for endpoint compliance and cloud DLP, as well as those of other highly effective solutions like cloud access security brokers (CASB), user and entity behavior analytics (UEBA) and zero trust network access (ZTNA), should increase significantly.
With the shift to remote working shaping to become long term, businesses can no longer afford to improvise when it comes to data protection. Instead, organizations must invest time and resources into finding appropriate security solutions that are capable of securing data in a remote environment.
Fortunately, there’s a wide range of highly effective products and solutions available today that can quickly provide visibility and control, no matter how geographically dispersed a workforce might be.
Click below to share this article
This research was conducted during the height of the pandemic when businesses were still scrambling to formulate an effective remote working strategy. Now, months after the start of this vast shift, organizations must equip themselves with the proper tools to avoid data leakage and other security risks.