Written by Sean Duka, Regional CSO, JAPAC
In the early spring of 2020, as the world shifted to remote work, security models used by many organizations were being tested.
Teleworking was nothing new, but it was not needed before with the same magnitude and urgency. While many organizations used to have some employees working remotely, few were ready for everyone to be remote. The big question facing all organizations was how to maintain business continuity.
Undoing the use of a VPN to enable secure remote connection has worked in some cases. Few were fortunate and asked for an additional license, but many were not so lucky, because the computing infrastructure could not meet such a growing burden. For many, it was too late to make any significant changes, so they had to ride the storm, work within their constraints, and plan to update technology at their first definite moment of rest. Since scalability is such a big challenge around VPNs, the biggest issue is that many of the applications used in enterprises today are in the public cloud or SaaS applications. Perhaps due to these shortcomings, in recent months an increasing number of organizations have begun to study different ways to enable secure communication to the edge and the cloud.
Yesterday’s security model is not suitable for tomorrow
In the past, secure remote connection was fixed and limited. Organizations typically only allow a certain number of people to connect to VPN devices, which are restricted by licenses. These remote connections are also fixed, but the apps are mapped in terms of their location.
Things move too fast to have constant resources in the modern world, and no one knows what tomorrow holds. As a result, flexibility will prevail wherever people work, whether in the office, at home, or anywhere in between, for the foreseeable future.
Applications are also on the move. Gone are the days when most enterprise applications were located entirely within the four walls of their data center. Instead, today’s applications and data are everywhere: on premises, in the cloud, and at the edge. As a result, there is no longer a single perimeter for the enterprise.
Spread Ocean Insurance
If an organization is using 25 different SaaS-based applications, the organization will need to secure each of the small data islands out there. Every application and data source must be secured. The organization must have a vision of how each user can access the resources, whether they are in the office or remotely.
For me, the complete work-from-anywhere hybrid workplace model that we’ve got now stems from two main things: the need to secure user access and to provide users with what they need to connect to whatever resources are necessary. The remote connection should be as secure as if the user were sitting in the corporate office. They need to consume everything the same way, and at the same level of security.
Within the four walls of an enterprise, there are usually many security solutions to protect users. This is part of the reason why the idea of only having a VPN to provide the connection is so limited to enable remote work. Instead, organizations must have a degree of inspection and a level of security rigor to reduce the risks that organizations face every day.
Out of the Shadows (IT)
To be fair, all the controls an organization’s IT department puts on users don’t always work either. For example, a common challenge with centrally secured IT resources is the shadow issue of IT, where users can move between their IT departments if they cannot get the resources they need.
As we think about future security models, it’s an opportunity to try and step out of the shadows. Now is the time to work closely with our users to identify the apps they use and want – the ones that will make them more productive – by relying on users, talking to them, and asking for as much feedback as possible. why? Because sometimes, we don’t know all the answers until we ask.
Shadow IT has always been about productivity. Adopting a security model that supports the way users want to work, with the applications they need, will allow them to do their jobs better.
live. Thrives. to improve.
The first stage of enabling remote work in the face of the pandemic was just about staying and making sure the work continues. Phase two was all about making the most of the situation and trying to thrive. Now is the time to improve and build the security model of the future to work from anywhere into a reality.
Providing a secure hybrid business model requires agility, as well as scalability. Gone are the days when security and remote working were only enabled through hard boxes and licenses that limited organizations’ ability to properly support hybrid work.
What is needed is an always-working model that is delivered via the cloud, available locally and at the edge. In addition, it is a model that must be scaled up in terms of resources and capabilities as needed
The SASE approach is a great model for enabling hybrid work with software-assisted paths. Layering Zero Trust with SASE helps protect the pervasive perimeter and diverse silos of applications and data that users access every day.
It is not known what the world of tomorrow will be like. Who knows what it will throw at us, but we know there is a need to be agile and graceful. Security must be flexible and flexible to get around users’ needs, wherever they are, and no matter how they access applications.
learn more About maintaining a secure hybrid workforce with a comprehensive cybersecurity platform.