Michael Cade, Senior Global Technologist, Veeam, shares with us how the four walls of the data centre have collapsed and increased the attack vector as organisations in MENA embrace and promote remote working.
Almost three-quarters of professionals across the Middle East and North Africa (MENA) region prefer jobs that allow them to work remotely, according to a new survey by job site Bayt.com. The impact of the pandemic is likely to see this trend continue as 90% of respondents said they expect that remote work will increase over the next decade.
Now that organisations and employees have seen some of the benefits of remote working, many companies are likely to build more flexible and agile working arrangements into their long-term strategies. For IT departments, the impact of this is huge.
The digital fortress
Formerly, a company’s IT infrastructure was contained within its own four walls. Employees used hardware such as PCs, printers and phones which remained securely in the office, while software programs and data were stored in on-premises data centres. IT had full control over the performance, maintenance and security of the organisation’s technology stack. Early remote working initiatives were tightly controlled with users connecting to virtual private networks (VPN) so that the only thing that left the data centre was the employee and the limited hardware. Over the VPN, the IT department could maintain visibility of security protocols and maintain administrators’ rights to ensure employees were not installing unapproved, potentially high-risk software.
Along came the cloud, which allowed organisations to scale-up their data storage capacity as well as their ability to back up files to remote locations. However, with the cloud came greater agility and choice for employees.
Shadow IT, the phenomenon of employees using applications of their own choosing to store and access company data outside the data centre’s four walls – on personal devices and online accounts – became a challenge to IT departments. Fast-forward to 2020, when at some stages a large number of enterprises in the Middle East have been working remotely and the four walls of the data centre have fallen as far as many businesses are concerned. Some organisations found themselves supporting remote workers for the first time – many with employees who would not be working from company-issued laptops and smartphones. While figures vary across EMEA, a recent IBM survey of 2,000 new remote workers in the US found that over half (53%) of were using personal laptops.
From a cybersecurity perspective, this is a critical risk. Previously, the data centre was analogous to a fortress. Everything that went in or out was strictly monitored and the threat from external sources was low. This is why one of the most well-known forms of cyberattack is a Trojan virus – one that tricks the victim into thinking they are receiving or opening a legitimate file, document, link, effectively inviting in the attacker. Now, not only have the gates of the digital fortress been flung wide open, the people who used to be inside are now distributed. And, every single one represents a possible entry point for a malicious threat. The attack vector hasn’t just increased, it’s exploded.
Increased threat vector
More than half of newly-remote employees were not given new security policies and 45% said they have not received training of how to work from home in a secure manner, according to the IBM study. IT departments often have little to zero visibility of whether or not employees are connecting to the VPN, particularly when employees are using personal devices. Furthermore, personal devices aren’t just being used outside the data centre’s four walls, but in family home environments and shared households. Not only do IT teams have far less control over the apps, websites, content their employees are engaging with, there is no guarantee they are the only person using that device. While the organisation might not have visibility of data now being stored and used outside the four walls, it is still ultimately responsible for it.
According to the Veeam 2020 Data Protection Trends Report, the number one challenge that will impact Middle East and African (MEA) organisations within the next 12 months is cyberthreats (31%). Over half (51%) have a ‘protection gap’ between how frequently data is backed-up versus how much data they can afford to lose after an outage. Given the vastly increased threat vector and risk to data systems in light of the remote working trend, organisations must ensure they have a robust cloud data management strategy in place to ensure data is backed up, protected and recoverable across all devices and applications.
Employee best practices and training are vital to this – helping IT teams ensure that users are connected via the VPN and storing company data in secure cloud environments rather than personal accounts or their own desktops. The Veeam report goes on to show that on average, 19% of Middle East and African organisations’ data is not backed up. If data cannot be backed up, it is not protected and in the event of unplanned downtime or a cyberbreach that data will be unrecoverable. Moreover, organisations are adopting Software- As-a-Service (SaaS) solutions in their droves. For example, Microsoft Teams grew from 32 million users to 72 million between March 2019 and April 2020. For businesses using SaaS solutions such as Microsoft Teams and Microsoft Office 365, backups of data need to be conducted on a continuous basis – either on premises or in cloud object storage. This will protect the business against a single point of failure that is outside their control.
As a combination of working from home and from offices becomes increasingly commonplace – even for organisations who previously had little to no track record of supporting remote working – the cyberattack vector will remain high. It is therefore critical that businesses have a clear strategy for managing data across their cloud and data provisioning. This includes ensuring data is backed up at all times, recoverable in the event of a disaster, outage or cyberattack and as protected from external malicious threats as possible.
Click below to share this article