Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints

A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.

As states and cities look to lifting stay-at-home orders, the increased level of employees working remotely will not disappear. That means many businesses will be moving more of their infrastructure to the cloud and having to deal with the security challenges that come from a hybrid infrastructure, experts said this week.

Almost three-quarters of companies (74%) expect at least 5% or more of their former on-site employees to work from home on a permanent basis, while nearly a quarter of firms are planning to keep at least 20% of their workers out of the office post-pandemic, according to a survey of chief financial officers by market research firm Gartner. 

With remote work comes greater cloud usage. That could be a problem for many companies that have issues with visibility into the security of their cloud components, and that often rely on perimeter and on-premise security software and appliances to keep their systems and data safe, says Michael Sentonas, chief technology officer at security services firm CrowdStrike.

"It's my feeling that after the pandemic has subsided, we are going to see a major shift in the workplace as more businesses turn to remote-friendly cultures," he says. "This shift will cause cloud and SaaS adoption to be more important than ever. The cloud will ultimately secure workloads regardless of where employees are located, which will be critical to secure endpoints now and moving into the future."

Prior to 2020, telecommuting grew slowly despite the benefits of remote work, such as greater worker retention, lower employee stress, and more flexibility in work hours. The coronavirus pandemic changed companies' reliance on on-site workers, with many technology firms now relying almost exclusively on employees working from home.

IBM, like so many other businesses, has moved almost entirely to remote working, with 95% of its current workforce working outside of the company's offices. The move is a reversal from when the company revised its work-from-home policy in 2017, forcing thousands of employees in a variety of positions — from marketing to information technology — to come back to the fold and work from an office in one of six cities.

Yet the company — a major player in the cloud — was far more prepared for the challenge than many companies' IT and information security groups, says John Wheeler, business information security officer (BISO) and vice president of strategy and innovation at IBM. Turning the weeks-long disruption of enforced remote working into a business strategy will require a transformation for many firms, he says.

"Coming out of this, CIOs and CISOs need to embrace the fact that we need to continually be ready for a full remote workforce," he says. "We need to assume we are going to have a resurgence of what we are dealing with today, so we are prepared for it. We don't know what the future will be like over the next 12 months."

In a forthcoming report, CrowdStrike found that 89% of business decision makers are now working from home, a 56% increase from before the COVID-19 pandemic. Six in 10 remote workers are using personal devices to do work, and almost all of those workers believe — naively — that their devices are secure, CrowdStrike's Sentonas says. 

Attackers have focused on targeting remote workers, virtual private networking (VPN) technologies, and collaboration software, such as Zoom, in their attempts to take advantage of companies' now much-more-distributed attack surface area, he says.

"Today's stealthy adversaries are keenly aware of this and have been opportunistic as such, using the increased amount of devices to gain access to corporate networks and data," Sentonas says. "With no sign of attacks slowing down, it's more important now than ever for companies to be vigilant about their security posture and train employees on possible risks to protect and defend against rising threats."

IBM has seen a massive increase in coronavirus-related phishing, spam, and malware attacks, says IBM's Wheeler. Many companies do not have the ability to lock down employees' laptops no matter where they are, he says.

"Effectively overnight, your attack surface increased dramatically because any workforce is now outside any perimeter security that you possibly had within an office space," he says. "So you are totally relying on the security that you have built into the endpoint, the security awareness that you have instilled in the users, and any forced connectivity that you have using a VPN back to your own infrastructure."

Complicating matters will be employees' decisions to use unapproved cloud services for work, so-called shadow IT, and the unique risks that remote privileged users pose to network security. In addition, managing the security operations center remotely also poses significant challenges, Wheeler says. About a third of companies struggle with gaining visibility into the security of their cloud infrastructure, according to the "2019 Cloud Security Report."

"Endpoint security is absolutely critical," he advises. "Second, companies really need to focus on end-user security awareness. Finally, cloud is here to stay. Collaboration tools are here to stay. Your employees are going to be hooked on them, and they are going to allow you to be more productive and things will be done, but attackers will focus on those weak points as well."

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register.  
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15564
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be map...
CVE-2020-15565
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs....
CVE-2020-15566
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, o...
CVE-2020-15567
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes...
CVE-2020-15563
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM g...