The shift to remote/hybrid work brought on by the pandemic shows no signs of going away. So how does that fact increase the need for IT leaders to modernize their existing data-protection strategy?
That’s the question we posed recently to members of the Foundry/IDG Influencer Network, a community of industry analysts, IT professionals, and journalists. While nearly all Influencers acknowledged that the hybrid workplace is here to stay, their prescriptions for modernizing data protection ranged far and wide.
With hybrid work, a company’s “attack surface” is spread across many different locations and devices. Without training or specific instruction from their employers, employees could be less likely to observe stringent data management practices and may opt for convenience over data security. So said Sridhar Iyengar (@iSridhar), Managing Director of Zoho Europe.
“A robust data protection strategy for hybrid working should equip workers with enterprise software, which has been built with data protection in mind, to nullify the security weaknesses associated with the new working practice,” he continued. “This must also meet all working needs, including enabling seamless communication, so that workers can collaborate easily and safely and have no need to turn to unverified third-party applications to complete their work.”
Peter B. Nichol (@PeterBNichol), Chief Technology Officer at OROCA Innovations, agreed.
“By embracing a hybrid workforce, you accept the expansion of your organizational threat footprint,” he said. “It’s now easier than ever for bad actors to find an entry point into your organization’s network. The proliferation of remote networked endpoints is a risk multiplier that IT leaders must take seriously. Securing critical infrastructure, applications, network, cloud, and IoT security requires new approaches to data protection. Multi-factor authentication, employee education, and single sign-on help secure our hybrid workforce.”
Frank Cutitta (@fcutitta), CEO and Founder of HealthTech Decisions Lab, said one only needs to see a webcam or audio that wasn’t turned off after a call to reinforce the need for enhanced security. Add to this that company-confidential material can be shared in a chat or screen shares that can be easily hacked when archived.
“The other aspect is that with 5G technology used in the hybrid workplace there must be a modernization that parallels the speed of technology change,” he added. “Technology leaders must upgrade their breach response to mirror the modernization of technology. In other words, how can a breach response communications strategy be modernized using technologies that were never available before?”
A call for Zero Trust
Scott Schober (@ScottBVS), President/CEO at Berkeley Varitronics Systems Inc., said that IT leaders must clearly express cyber guidelines for data wiping and encryption. They also need to encourage best security practices for remote workers without impeding their flexibility and workflows established at home.
“Implementing a Zero Trust model whereby users are only given the minimum level of access needed to perform their specific task or job is essential to securing data integrity,” he observed.
“Daily backups and hourly snapshots aren’t sufficient to protect enterprises, and IT must modernize their data-protection strategies to support issues arising from data’s increased importance—from human errors to SaaS outages and ransomware attacks,” said Isaac Sacolick (@nyike), StarCIO leader and author of Digital Trailblazer.
According to Jack Gold (@jckgld ), President and Principal Analyst at J.Gold Associates LLC, “the single most important step in extending the security blanket to a hybrid workforce is to create and maintain a security policy that can be enforced. To this end, security policies should not be created in a vacuum within IT, but must also involve the entire community of users, HR, line-of-business management, etc.”
Will Kelly (@willkelly), senior product marketing manager for Section, an edge computing platform, pointed out that home network security is not in the purview of corporate security.
“Corporate-owned and employee personal devices spend more time outside the corporate network than inside,” he added, “changing how the IT department must manage device security and access to corporate data.”
To reduce the risks of an accidental or intentional cybersecurity incident, companies must deploy an effective data loss prevention and associated data retention strategy across endpoints and data storage locations, including cloud services, noted Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC.
“Many data breaches would have been less extensive and severe if organizations had automated data disposition schedules, as threat actors cannot steal what companies are not storing,” he continued. “Data covered by one or more regulatory or statutory requirements should be automatically labeled where possible so that controls (like encryption) follow the data regardless of storage location.”
As Jason James (@itlinchpin), Chief Information Officer at Net Health, pointed out, the network is no longer contained within four walls. Hybrid workers move from on-premises to remote locations frequently and without prior notice.
“This requires creating frictionless access to data no matter where the end user is located while validating the identity of the user accessing the data,” he said. “Solutions like always-on VPN, privileged access management, mobile device management, and multi-factor authentication are just some of the solutions needed to modernize data protection.”
Steve Guilford (LinkedIn: Steven Guilford), CEO of AsterionDB, was blunt: Evolve and adapt or die.
“It’s that simple. Your legacy applications and IT infrastructure will not be easily retrofitted to match today’s security requirements,” he said. “Having a unified approach to IT asset management and security for both cloud and on-premises systems is where you need to be headed.”
Nikolay Ganyushkin (LinkedIn: nikolaygan), CEO and Co-Founder of Acure, had the last word.
“You need to build a more sophisticated threat model and protect each service individually and monitor data security more closely,” he said.
To learn how Veritas provides a unified solution for enterprise data protection, click here.