Poorly designed or implemented security policies can be bad for the employee experience: Verizon Business Group

Securing the workplace amid its ongoing digital transformation will require enterprises to continue their shift toward a Zero Trust model of security. The Zero Trust model requires verifying a user's identity and role in the organization before giving them access to only the applications they need for their function.

With Covid numbers increasing and certain cities imposing restrictions again, the return back to the office is far from sight. How are organizations planning to up their security as we look at remote working in the long term?  To know what’s “best” for your organization’s future when it comes to remote work, you have to put it in the context of all the things that you are looking to achieve. 

Here, Prashant Gupta, Head of solutions – South East Asia & India, Verizon Business Group, tells more. Excerpts from an interview:

DQ: How are organizations now looking at security with WFH nearly permanent?

Prashant: It is clear that remote working is the new norm. As India battles the second wave of Covid-19, companies are doing everything in their capacity to keep employees safe, which has got them to consider remote working as a long-term solution.

Our Mobile Security survey observed that nearly four-fifths (79%) of organizations saw remote working increase. Overall, the share of remote workers grew from around a third (32%) of the average workforce before the initial lockdowns began in 2020 to nearly twice as many (62%) during that lockdown.

What is also interesting to note is that companies have taken cognizance of its implications on their IT infrastructure and security. Nearly all (97%) security leaders consider remote workers to be exposed to more risk than office workers. Moreover, almost half (49%) said that changes during lockdown conditions affected mobile security for the worse.

In addition to rapid changes in worker location, not all types of work were optimized or tested for performance and security over remote access connections, leaving some specialized requirements to assume usability success using conventional solutions. For extreme cases, such as financial trading services, the need to quickly replicate high-performance connectivity within the confines of strict security handling is a significant technical challenge for engineering and operations teams.

A “Security First” design approach using next generation capabilities to adapt quickly to protect hybrid traffic flows, detect vulnerabilities to shared un-trusted (home user) networks, and mitigate targeted attacks against business critical workloads (such as financial traders or key leadership personnel); a next generation security approach is needed.

We saw an order-of-magnitude increase in purchases of our mobile device management (MDM) solution. Furthermore, companies including IBM, MobileIron and Wandera have also reported seeing an increase in new license sales.

India is considered as the technology back office of the world, and with new and exciting possibilities for the future of work, we are gradually seeing enterprises upping their security, bracing for changes. However, India’s awareness of the implications of remote working on mobile security specifically is yet to reach its peak. Despite not even having some of the most basic precautions in place, most survey respondents thought that any device security or misuse issues would be spotted relatively quickly.

The future is SASE (Secure access service edge) which will converge network and security services including Access, SWG, CAASB, Fwaas, Dns protection, SDWAN and ZPA.

DQ: How many businesses (and verticals) have reported their businesses were left vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely? What is being done about all this?

Prashant: Almost half (49%) of the respondents from our survey said that changes during lockdown conditions affected mobile security for the worse. Moreover, almost half of respondents admitted that their company had knowingly cut corners on mobile device security, and over a third of respondents said that their company had relaxed authentication requirements to cope with COVID-19 restrictions. Expediency and convenience were the main justifications cited for sacrificing security, with COVID-19 in the picture.

In terms of what is being done to avoid data breaches and cybercrime, the Government of India, as well as the Computer Emergency Response Team – India (CERT – India), have issued multiple guidelines and published possible sources and best practices for ensuring data safety. Furthermore, with the return to office far from sight for most organisations in India, t the value of cybersecurity is being realized and companies are increasing investments towards the same. As Dennis Hoffman from Dell Technologies once said, “The day before a breach, the ROI is zero. The day after, it is infinite.”

DQ: How are they ramping up their digital transformation agendas?

Prashant: The challenges of securing a remote workforce will be lasting, as companies across industries are now expecting their initially temporary moves to WFH to become permanent.

Once India emerges from the effects of the pandemic, the post-Covid wave of remote working will call for organizations that wish to drive sustainable competitive advantage, to resolve a set of challenges across both technologies and people. Organisations would need to piece together talent attraction and retention, employee engagement, and partner engagement effectiveness in a cohesive manner.

Underlying this wave will be the emerging deployment across key industries of a set of new technologies now taking shape, such as artificial intelligence (AI), machine learning (ML), and spatial sensing and mapping. For example, remote workers will need access to experts, call center operators will need an environment where security and data privacy issues are well addressed. It’s critical to start with the user’s needs and create a user experience that threads back through the supporting technologies to create a user-friendly and highly functional working environment.

Poorly designed or implemented security policies can be bad for the employee experience and the performance of the company. Something as simple as a password policy could impede productivity, increase support costs (due to more resets) and potentially increase risks (by driving employees to circumvent the rules).

Well-implemented security solutions can help to reduce risk and remain largely transparent to users. Effective tools can also help reduce the burden on IT teams, provide better reporting and increase visibility into users’ adherence with policies—including those working from home.

Securing the workplace amid its ongoing digital transformation will require enterprises to continue their shift toward a Zero Trust model of security. The Zero Trust model requires verifying a user’s identity and role in the organization before giving them access to only the applications they need for their function. Zero Trust Network Access (ZTNA) is the process of identifying a user accessing networks and authorized applications. The term describes a combination of technologies that an enterprise uses to implement the Zero Trust architecture.

DQ: What are SMEs doing to counter threats?

 Prashant: Powerful mobile devices and cloud apps are enabling SMBs to help employees be productive from virtually anywhere. This helps to explain why many SMBs now have a mobile-first and cloud-first strategy. In our survey, almost half (47%) of SMB respondents said that the shift had reached the point where most of their company’s data processing is now done in the cloud.

SMEs often lack sufficient in-house expertise to react quickly and mitigate the damage. And they can find it difficult to bounce back from the financial losses. Almost two-thirds (65%) of SMBs that responded to the Mobile Security Index (MSI) survey said that they have more to lose from a security breach than larger enterprises.

We saw a huge increase in cloud-based security solutions including VPNs, Identity and access management, Cloud Brokerage and zero trust arch solutions. We will see an increase in cloud security investment in 2021 as well.

DQ: How much is the effect of the pandemic on the workforce going to have a lasting impact?

Prashant: In the past, working from home was thought of as a special case. That attitude had been changing, slowly. Then, the pandemic hit, and companies were forced to re-evaluate virtually overnight. The shift may not have been by choice, but now even some leaders with the most entrenched objections to working from home have changed their minds.

The initial stages of the switch to the virtual workplace brought about its own concerns on employee productivity and efficiency. However, surprisingly, three-fifths (60%) of respondents to our survey said that the productivity of remote workers was at least as high as those onsite. And one in five (20%) said that it was significantly higher. It seems that necessity is also the mother of evolution.

The global COVID-19 pandemic may have disrupted business as usual, but it has not derailed digital transformation initiatives. A Verizon-IDG survey of 100 decision-makers in U.S. businesses found that 60% are making progress with their digital transformation initiatives and that 72% are accelerating those efforts, with nearly one-third saying they expect the pace of transformation to accelerate significantly in the wake of the virus. Results indicate that business strategies have moved beyond crisis response and into a long-term planning mode for a new business environment characterized by a greater volume of virtual interactions, electronic transactions and multimodal communications.

The increasing urgency around digital transformation projects is an outgrowth of the broad adoption of cloud and automation technology that was sparked by a sudden change in the business climate, compounded by the need to accelerate decision-making in an uncertain environment. Organizations that did not have the luxury of planning for shutdowns and workforce relocations found that cloud services accommodated their needs with little difficulty.

The success of those early adopters suggests that the digital business shift will continue. Of the 90% of respondents to the Verizon survey who are working on a digital transformation initiative, 41% report that at least half of their initial objectives have been achieved and 60% report at least some progress toward their goals. Success breeds ambition.

Organizations that have progressed at least halfway towards their objectives are nearly twice as likely as others to anticipate that their initiatives will move at an even faster pace in the future. They also cite improved customer experience as a significantly more important goal. The results further indicate that priorities may have been affected by recent events. Indeed, three-quarters of respondents anticipate that digital transformation initiatives will change over the next 12 months to meet immediate business needs.

Those include business resiliency, tighter digital security, improved customer experience, increased network scalability, and better business agility. Collectively, these results indicate that early transformation projects are guided more by bottom-line considerations but that as organizations gain maturity, their goals evolve upwards.

The “new normal” remains uncertain, especially in India, but it’s a safe bet that more flexible working arrangements are going to be part of it. With many employees working from home, cybercriminals have adapted their techniques to take advantage of the disruption. Nearly all (97%) security leaders consider remote workers to be exposed to more risk than office workers, but as I mentioned earlier, they are still looking at it as a long-term solution, prepared to invest in order to improve their security infrastructure.

Leave a Reply

Your email address will not be published. Required fields are marked *