There have been many uncertainties due to the global pandemic affecting all areas of life this year. Businesses, individuals, and families have all had to make adjustments to adapt to the “new normal.” Out of all the uncertainties, there is one thing we do know. As with many aspects of life, the future of work will never be the same. Businesses are now having to think outside the box of a traditional on-premises workforce. What does that mean?
The global pandemic has brought about changes that would have never happened otherwise. In a short time, organizations had to shift to a remote workforce and transition communication, access to applications, and workflows to enable employees to work together effectively, despite being distributed across many different locations. It has emphasized the ultra-importance of being digitally ready to carry out business-essential operations regardless of employees’ physical location.
Those organizations with little or no remote technology infrastructure in place suffered the most impact due to the pandemic. But one of the positive outcomes of COVID-19 is it has helped organizations understand how they can do business more effectively and efficiently with technology. Overall, this has made most companies more robust and resilient to future disruptions. What has enabled this change? Cloud.
The cloud revolution has enabled a mindset shift where physical location, or even the device used to access business-critical data, no longer matters. Employees can be productive, effective, and efficient, regardless of location. Businesses can now effectively conduct critical operations in a virtual workplace using powerful cloud applications and platforms. This involves using cloud Software-as-a-Service (SaaS) environments (such as Google Workspace, formerly G Suite, and Microsoft 365, formerly Office 365), cloud data storage, file sharing, cloud mobility and access solutions, and embedded video collaboration.
But what security challenges has this tremendous shift to cloud and remote work caused? And how does this affect the future of work?
Security’s critical role in the cloud-based future of work
As organizations start shifting quickly to using cloud platforms to carry out business-critical processes, it can become challenging to manage and prioritize security. This year, many organizations have transitioned swiftly from traditional on-premises infrastructure management to cloud SaaS and other cloud tools. Just look at Microsoft Teams alone. According to subscription statistics, that service grew to over 75 million subscribers in April 2020, up from 20 million subscribers in November 2019.
Given this shift, what security challenges are organizations facing? Here are four big ones to consider:
1) Employee auditing: The cloud provides tremendous mobility and ease of access to data and services. However, this can be a “dual-edged sword.” With the ability to access data from anywhere and on any device, it can be difficult to secure business-critical data and know who is accessing it. Businesses need to answer the following questions when it comes to cloud data:
- Where does the access originate?
- Which IP addresses are accessing resources?
- Is access originating from suspicious or abnormal geolocations?
- Which applications are accessing the environment?
- Are those applications sanctioned?
2) Securing file sharing and data access: Along with effective employee auditing, ensuring secure file sharing and data access is crucial. Sharing data from cloud environments like Google Workspace and Microsoft 365 is made easy. Data sharing outside the organization can happen inadvertently or intentionally. This can lead to exposing sensitive information or an all-out data breach accidentally or on purpose.
In thinking about the future of work and leveraging cloud solutions, you must control and secure how users access files and share data outside the organization. It’s also necessary to have visibility into who is accessing your data, from where, and from what applications.
3) Ransomware: Ransomware is one of the most dangerous risks to your business-critical data. Attackers are using ransomware effectively to lock up business data. Merely moving to the cloud does not effectively protect your data from ransomware. Attackers have even escalated cyberattacks since the beginning of the COVID-19 pandemic. Cybersecurity experts have reported 4,000 attacks a day since the COVID-19 pandemic began, accounting for a 400% increase.
Ransomware can infect cloud SaaS services such as cloud file storage as well as even cloud email environments. As your business looks towards the future of work, properly securing business-critical data means protecting your organization against ransomware. It requires the right incident response tools and disaster recovery solutions to automate ransomware monitoring, detection, and prevention and launch a granular recovery of the damaged data to reduce downtime.
4) Third-party apps and browser extensions: Cloud SaaS environments like Google Workspace and Microsoft 365 offer a healthy ecosystem of third-party app integrations with their respective cloud SaaS platforms. These offer the ability to extend the capabilities provided natively. It’s essential to control third-party applications and browser extensions that access business-critical data and fully understand their scope of permissions. This can help to ensure data security and confidentiality.
Malicious apps or browser extensions may request end-users to grant permissions to cloud data only to inject ransomware or steal sensitive information. Third-party applications will undoubtedly be a part of future work solutions that can extend capabilities in the cloud. The malicious extensions are the latest attempt by cybercriminals to hide code in add-ons for popular browsers. In February, independent researcher Jamila Kaya and Duo Security announced they had discovered more than 500 Chrome extensions that infected millions of users’ browsers to steal data.
How to Protect Cloud Resources
The future of work as we know it has certainly changed. The cloud is introducing new ways of doing business and is allowing organizations to continue carrying on effectively despite current and future challenges. Along with leveraging cloud solutions for productivity, using an effective cloud security solution to meet the security challenges listed above is essential.
Organizations should look for cloud security solutions that leverage technologies like artificial intelligence (AI) and machine learning (ML) to effectively protect cloud SaaS environments. This means giving IT the ability to implement cloud security policies, allow/deny cloud application usage, identify connected devices, determine who or what has access to cloud data, understand where data is shared, provide ransomware protection, establish cloud-to-cloud backups, and more.
With the right cloud security solutions in place, you can more confidently shift toward a digitally ready work environment using cloud SaaS solutions. The future of work will revolve around effectively using cloud technologies to conduct business, no matter what challenges are on the horizon. Security plays a critical role in that future.
Darren T. Kimura is Executive Chairman of Spin Technology.