The rapid move to remote work can raise security questions for organizations that must now lean heavily on their cloud resources. In some cases, teams may be relying on familiar systems and platforms that were established well in advance because of accelerated digital transformation and cloud migration. For other organizations, this may feel like a trial by fire. Security solutions company Optiv and enterprise software developer Atlassian offer some insight on what organizations should consider when it comes to cloud security concerns during the COVID-19 outbreak.
Adrian Ludwig, Atlassian’s chief information security officer, says his company has employees around the world and the majority of the business is cloud based. “With two exceptions, we don’t run our own data centers,” he says. Employee laptops make up the primary hardware used by Atlassian, Ludwig says, and in recent years, the company put security measures in place to authenticate devices people use. Even with those steps, he says the company still ran into some hiccups in recent weeks when the entire team was directed to work from home. “The capacity we had for our VPN was nowhere near as large as it needed to be,” Ludwig says. “That was found out in a rolling cascade of failures.”
This led to changes in routing, he says, in order to restore secure access to services. Atlassian follows the zero-trust networking principle with different corporate applications assigned varying levels of protection. “Our most sensitive applications are only accessible from a corporate device,” Ludwig says, with less-sensitive areas available through personal devices.
Read the rest of this article on InformationWeek.