As organizations have adapted their IT infrastructure to support a remote workforce, their security has lagged behind. Security designed for employees working from the office has significant blind spots when employees move to remote work. Cybercriminals took advantage of this in 2020, and therefore sustained, secure remote work requires modern security solutions like Secure Access Service Edge (SASE).
COVID-19 Accelerated Digital Transformation
The COVID-19 pandemic had a variety of impacts on how companies performed their daily business. Within the span of a couple of weeks, many companies went from having most or all of their employees working from the office to a mostly or wholly remote workforce.
With the sudden surge in remote work, organizations needed to identify and deploy solutions capable of supporting their new teleworkers. While secure remote access was a common focus, these organizations also needed to solve the problem of distributed corporate communications.
With telework, many things that were traditionally performed in-person, such as meetings and other routine communications, needed to move to the Internet. As a result, the switch to remote work produced a surge of interest in online video conferencing platforms (like Zoom and Microsoft Teams) and other online collaboration solutions.
Also see: How AI affects employee performance
Cybercriminals Are Exploiting Sudden Cloud Adoption
SaaS solutions like Office 365, Drive, Zoom, and other solutions were essential to enabling businesses to adapt to pandemic-driven remote work. However, they also provided additional opportunities for cybercriminals.
The sudden switch to telework created an atmosphere of confusion and uncertainty that attackers could capitalize on. Employees and organizations were often less familiar with their new SaaS-based tools. As a result, these cloud-based applications were more prone to security misconfigurations that left them open to attackers. Additionally, corporate cybersecurity awareness training often focuses on the threat of emails, overlooking or downplaying other media for delivering phishing content.
In 2020, use of cloud-based applications increased by 20%, and the majority of malware (61%) was delivered via these SaaS applications. As organizations adopted the cloud, cybercriminals followed along right behind them.
Traditional Remote Access Solutions May Be Blind to Cloud-Based Attacks
Cloud-based infrastructure is an invaluable tool for an organization if secured properly. However, many organizations have gotten ahead of themselves in their pursuit of the cloud, and the understanding and implementation of cloud security lags behind cloud adoption.
One of the biggest challenges of securing the cloud is that legacy security models and solutions are no longer suited to the modern enterprise. This issue was made plain by the issues that many organizations experienced when implementing large-scale secure remote access for their employees during the COVID-19 pandemic.
When implementing telework infrastructure, many organizations chose to simply expand their existing virtual private network (VPN) infrastructure. VPNs make it possible for remote employees to connect to the enterprise network via encrypted tunnels, protecting the confidentiality and integrity of their traffic against eavesdroppers.
VPNs have a number of different issues, but a few had an outsized impact during the COVID-19 pandemic, such as:
- Lack of Scalability: VPNs create discrete point-to-point connections for each of their users. This means that these systems scale poorly and the VPN endpoints on the enterprise network can easily be overwhelmed by high traffic loads.
- No Integrated Security: VPNs are designed to provide an encrypted connection and nothing else. To perform security inspection and policy enforcement for traffic carried over a VPN, additional standalone solutions must be deployed behind the VPN endpoint.
- Perimeter-Focused Design: VPNs are designed to provide a secure path between two fixed points, typically between a remote worker and the enterprise network. If the traffic’s destination is not on the enterprise network, it takes a significant detour when traversing the VPN, degrading network performance.
To address these issues, many organizations adopted split-tunnel VPNs. Split tunneling sends Internet-bound traffic directly to its destination and only uses the VPN for traffic bound for on-premises systems.
This approach meant that organizations often lacked visibility and security inspection for traffic to their newly-adopted cloud applications. At the same time, cybercriminals were pivoting to adopt these same cloud-based applications as their primary delivery mechanism for malware.
Designing Security for the Era of Remote Work
Many organizations are considering permanent support for telework in the wake of the COVID-19 pandemic. However, doing so effectively and securely requires designing and implementing security strategies and solutions specifically for a remote workforce.
Legacy secure remote access solutions like VPNs are designed for a perimeter-based security model and organizations whose infrastructure is largely on-premises. This is no longer the case for many organizations, and cybercriminals are taking advantage of the mismatch between companies’ infrastructure and security models.
Cloud-based infrastructure requires secure remote access solutions designed to support cloud environments. SASE is a cloud-native solution that combines secure remote access, SD-WAN traffic optimization, and a full security stack into a single virtualized solution. Upgrading to SASE provides an organization with the security visibility and enforcement needed to support and secure the modern distributed workforce.