This article is part of our Essential Guide: Essential guide to operation-centric security

Protecting remote workers an opportunity to do security better

Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report

Guaranteeing appropriate access to enterprise systems for remote workers has been the biggest cyber security challenge faced by IT teams during the pandemic, but it’s a good opportunity to improve business resilience by committing to a far higher standard of security, ready for whatever the future holds, according to a brace of new reports published by network security experts at Cisco.

Cisco probed 3,000 IT decision makers and 2,600 consumers on a worldwide basis to produce its reports, The future of secure remote work and the 2020 Consumer privacy survey. It found that IT buyers had been largely unprepared for the reality of supporting a fully remote workforce, but were now accelerating the adoption of appropriate technologies, and 85% of them rated cyber security as extremely or more important than it had been before the advent of the Covid-19 pandemic.

“Security and privacy are among the most significant social and economic issues of our lifetime,” said Jeetu Patel, senior vice-president and general manager of Cisco’s Security and Applications business.

“Cyber security historically has been overly complex,” he said. “With this new way of working here to stay and organisations looking to increase their investment in cyber security, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and users.”

The research indicated that less than half of organisations had had sufficient security resource in place at the outset of the pandemic to support the shift to remote working – 52% they were only somewhat prepared and 6% said they were not prepared at all for the accelerated transition.

With employees connecting to corporate resources with a greater number of personal and unmanaged devices, half of respondents said endpoints – including enterprise-owned devices – had been a challenge to protect, followed by customer information and cloud systems, cited by 42%. Just under two thirds said that the ability to securely control access to the enterprise network had been the biggest challenge they face.

There is no doubt that the race to solve the immediate security issues around remote working has been a burden for IT departments, and security teams in particular, however, confidence is high that security budgets will increase going forward.

Read more about the pandemic’s impact on security

Cisco set out three key recommendations for security decision makers as they lean into the new normal.

First, it said, it is important to recognise the future of work will be dynamic and security must meet the needs of a distributed workforce, The creation of a flexible, safe and secure hybrid environment, with employees accessing critical services with the same level of protection no matter where they are, must be prioritised, and policies and controls that used to reside on-premise tweaked to enable this.

Second, successful hybrid working depends on preparation, collaboration and empowerment, which for IT departments means bringing together networking and security teams and functions, while solid employee training is necessary to create an effective, company-wide security culture.

Third, said Cisco, security needs to be made simpler and more effective to build business resilience, which ideally means that it should be incorporated within the foundations of any digital transformation project, not superglued on top of it afterwards.

For the consumers and users surveyed for the second report, the biggest concerns were found to be the privacy of the tools they used for remote work – this perception likely reinforced by high-profile security issues at some of the pandemic’s “breakout” tech firms, such as Zoom. They were also more likely to be sceptical that companies are fulfilling their obligations to protect their data, and tended to be highly supportive of government-backed privacy regulations.

Cisco said organisations now have the opportunity to build confidence and trust by embedding privacy into their products and services and, vitally, communicating this in an effective and simple way.

“Privacy is much more than just a compliance obligation,” said Harvey Jang, vice-president and chief privacy officer at Cisco. “It’s a fundamental human right and business imperative that is critical to building and maintaining customer trust. The core privacy and ethical principles of transparency, fairness and accountability will guide us in this new, digital-first world.

Read more on Network security management