By James Tucker, sales engineering director at Zscaler
It is safe to say that a huge percentage of the working population has become accustomed to working from home throughout the last 18 months. The initial rush away from corporate offices at the start of the pandemic and the struggle to provide secure remote connectivity to applications and data in multi-cloud environments and the data center, has resulted in IT teams adopting new technologies and processes. These new ways of operating have made it easier for enterprises to meet the new requirements and ensure productivity levels remain sufficient within a remote workforce, which has kept many companies functioning throughout such a turbulent time.
With vaccination levels rising on a global scale, many employers are hoping staff can return to the office environment, and somewhat revert back to normal sooner rather than later. That being said, it is essential for companies to adopt a cautious approach that progresses, rather than impedes, digitisation efforts and takes into account the related security risks. Although it is understandable that some workers are eager to get back into the office to meet with colleagues, this may result in less caution and a higher risk tolerance with the virus leading to potential security threats for the organisation.
The cyber pandemic
For the duration of enforced remote working, IT security professionals have been fighting against malware that was not only trying to compromise the end-user device, but also infiltrate infrastructure such as virtual private network (VPN) devices exposed to the open internet. Many devices such as laptops were removed from the corporate environment and out of the immediate control of IT teams, and were therefore largely unmanaged for more than a year. Bringing these devices back onto a trusted network is bound to lead to an increase in security incidents as malware, that has been specifically engineered to lay dormant until the host device returns to the corporate network is activated. Proper planning, ideally including a full Zero Trust strategy, is going to be key in minimising this risk.
Best practices for organisations
It is paramount for organisations not to make the mistake of interpreting the return to the office as simply reverting back to normal, and ignoring what has happened in the interim period since staff left the office en masse. Inevitably, a number of initiatives have been introduced or accelerated to facilitate an effective and secure remote or hybrid working environment, with applications moving to multi-cloud setups and security moving to the cloud. A Zero Trust approach has been increasingly adopted for remote access, with processes such as Zero Trust network access (ZTNA) being highly effective in defending corporate networks from attack. These should be maintained as we head towards another new normal.
In addition, returning to the office should not result in taking a step back with regards to digitisation and the implementation of new security models. One key reason why many companies struggled at the beginning of the pandemic, was because they were unprepared to support such a high amount of staff working from home. As many workers are now reluctant to return to the office full time, they will be seeking a hybrid working model going forward in their professional lives. In addition to becoming accustomed to a greater level of flexibility in their personal and professional lives, the performance of many high-speed internet connections available from home and the benefits of virtual meetings has been a draw for many.
Organisations can expect to be impacted if they are willing to have the same amount of employees using collaboration tools and generating real-time traffic on-premise, with more cloud-based applications. This sudden shift in the working environment will result in office networks that are dependent on legacy components, and will be tested to the limit when it comes to reliability and bandwidth capabilities. Organisations need to ensure they are fully prepared for this transition, otherwise they are at risk of experiencing security problems. They can do this by implementing ZTNA, which is where security policies are based on the identity of communicating workloads and are tied directly to the workload itself, resulting in security staying close to the assets that require protection.
Complacency is a high risk strategy when it comes to security, which must be seen as an ongoing process that needs to continuously adapt to the new work reality. Companies that are keen to see their workforce return to the office as soon as possible should enforce scanning and updates for every single device before they allow them to return to the on-premises network. It is never too late to implement a Zero Trust approach to enable a future-proofed and secure agile working environment.