The current pandemic has completely transformed how companies operate. In the last few months, more companies across the globe have advised their employees to telecommute. Due to a sudden surge in remote workforce across the world, the demand for telecommuting tools has also increased considerably. A digital workspace that facilitates remote collaboration and unified communication is now an urgent necessity for business continuity. Therefore, organizations must augment their existing remote ecosystem to cater to these new, unanticipated needs. However, a poorly implemented workspace not only impacts collaboration and productivity but also poses a significant risk to information security.
To get the job done, employees sometimes employ unmanaged third-party applications to facilitate productivity in a remote work scenario. Recently, there have been a few significant incidents that have brought vulnerabilities to the forefront in two top-rated teleconferencing tools. Vulnerabilities in a product used to communicate, collaborate, and store intellectual property or other sensitive data can potentially lead to disastrous consequences, such as credential compromise, data exfiltration, and loss of customer trust. As these tools interact with confidential assets and data, cybercriminals have been targeting them often, especially during the current scenario when an increasing number of people are using them while working from home.
To avoid a security breach while using collaboration tools, an organization must aim to completely secure their digital workspace with the right controls, policies, and processes.
The need for rapid implementation of an enterprise-level digital workspace is uncompromisable in this scenario. But equally important are choosing the right security controls and selecting the right implementation partner for implementing and managing security policies.
Following “Zero Trust”
The most crucial aspect when it comes to information security in a remote work ecosystem is employing a framework of zero trust. This vital practice states that no entity should be trusted at any time, and verification is always needed. Oftentimes, data leakage is caused from unknown or untrusted users/devices and unsafe behaviors or practices of the workforce. Employees, when working from home, may engage in improper handling of sensitive data to get their job done. For example, accessing and sharing a confidential document using an open access public link or a home laptop that could potentially be infected with malware.
A zero trust framework should follow three basic tenets:
Force identification of access requests for any person or device to any data. A modern identity and access management solution can detect anomalous events and can force multifactor authentication (MFA) based on risk (e.g., a login request from a foreign country when requests typically come from the U.S.).
Reduce access rights to what is minimally necessary to perform one’s work. This way, unsafe practices are limited. A CISO can help design appropriate access policies, matching risk scenarios.
Assume breaches are inevitable — implement managed detection and response for mitigating active, in-progress threats to shut them down before they cause further damage or exfiltration of intellectual property.
Proper visibility and security controls not only allow IT professionals to mitigate the threat of attack from cybercriminals, but also deliver essential services for remote employees, so they can safely enjoy the benefits of “work anywhere” capabilities.
However, to create such a secure collaborative environment, enterprises need strategic advisors that can understand an organization’s long-term and short-term business goals and the desired application experience to tailor security controls, policies, and processes.