Ignoring the impact COVID-19 had on the corporate IT stack is the same as ignoring the elephant in the room. According to Twilio’s survey of Enterprise decision-makers about digital transformation, the stay-at-home order accelerated digital transformation by an average of six years over eight months. The coronavirus will likely leave a majority of organizations with predominantly remote workforces until at least June 2021. With that in mind, using centralized log management can enable hybrid workforce models across many areas of a business, including security, product development, and operations.
Infrastructure challenges of accelerating digital transformation
New business models have increasingly made the Identity perimeter fundamental to securing data and enabling workforce productivity. Moreover, a CISCO study found that only 9% of the global workforce plans to go back to being full-time in a traditional office setting.
Although not an exhaustive list, the three issues below provide insight into the breadth of challenges arising from a fully remote or hybrid workforce.
Reduced network responsiveness
The exponential increase of remote employees accessing corporate resources has reduced network responsiveness and increased an organizations’ need to scale their cloud services use.
Strained networks ran slower, frustrating employees and reducing productivity.
Increased credential theft attacks
According to a Cybersecurity and Infrastructure Security Agency (CISA) April 2020 alert, successful phishing campaigns leveraged COVID-19 related themes to steal credentials. Stolen credentials make intrusion more difficult to track, particularly with organizations already struggling to manage the rapid move to remote work. Disguised as legitimate users, malicious actors are more difficult to detect the incident, increasing dwell time.
Lack of security and DevOps collaboration
Although not a problem specific to 2020, lack of collaboration between security and DevOps teams exacerbated other issues facing organizations. DevOps teams became fundamental to new remote work plans, pushing out changes to line-of-business applications and deploying new features that support remote workers. Unfortunately, DevOps teams often view security as a barrier to agile development.
With everyone working remotely, security and DevOps teams need to collaborate more directly to secure the agile development process. More cloud workloads lead to additional misconfiguration risks that cybercriminals use to infiltrate systems. In fact, research indicates increased attempts to “poke holes” in weak configurations.
Centralized Log Management: The Answer for a Hybrid Workforce
Companies can respond to these challenges with centralized log management. Establishing best practices and sharing data within a centralized solution allows the different IT areas to collaborate better, ultimately strengthening business processes and security.
Increase network responsiveness with load balancer logs
Collecting and analyzing network load balancer logs provides visibility into network responsiveness with traffic pattern data that helps verify network performance as intended. However, as companies move towards a multi-cloud infrastructure, monitoring within vendor-provided tools becomes time-consuming and cost-ineffective.
Centralizing the network load balancing logs in a single solution enables organizations to gain high levels and granular visibility into network performance. For example, rather than monitoring AWS and Azure consumption in separate tools, centralized log management aggregates all data in a single location, correlates disparate terminology, and provides a holistic view of overall performance.
Detect anomalous user activity
A robust Identity and Access Management (IAM) program detecting anomalous access is a primary Identity perimeter defense. Problematically, each Software-as-a-Service (SaaS) application that enables remote workers increases infrastructure complexity. Access logs provide valuable information that can detect outlier access and help identify credential theft.
Centralized log management brings all IAM event logs into a single location so that organizations can analyze and correlate data more effectively. This enables proactive alert prioritization and response, preventing attack success.
Collaborate across departments
Collaboration between DevOps and security teams shifts them to a DevSecOps model. Event log data creates a shared language that helps build security into product development. Centralized log management solutions enable collaborative data collection and contextualization for a more secure, proactive DevOps strategy.
Centralized log management for a hybrid workforce
Centralized log management provides visibility into multi-cloud infrastructures and correlates disparate event log formats in a single location. As companies scale their digital transformation strategies, event log data becomes fundamental to mitigating risk at the ever-expanding Identity perimeter. IT departments can leverage centralized log management to maintain and secure hybrid workforces by addressing network performance while also gaining actionable insight into potential weaknesses.
Lennart Koopmann is Founder and Chief Technology Officer of Graylog.