As organisations embrace the distributed workforce and become “Everywhere Enterprises”, digital transformation needs to go hand in hand with data security, says Brian Foster.
There is no doubt that the pandemic has accelerated digital transformation, which shows no sign of slowing down. Businesses had to close physical facilities nearly overnight and pivot to online, virtual, and predominately cloud-based technologies to ensure business continued with minimal interruption. Several months on, the adoption of cloud continues to grow.
Forrester predicts that the global public cloud infrastructure market in 2021 will grow by 35% to exceed £108.3bn as every company doubles down on technology-fuelled experiences, operations, products and ecosystems. As companies continue to make digital transformation a focal point moving into 2021, they must also adopt additional defence capabilities to protect data security.
Currently, a majority of companies are operating as “Everywhere Enterprises”; a term recently coined by Gartner to describe the distributed modern enterprise, in which employees, IT infrastructures and data are everywhere.
The Everywhere Enterprise, while fuelled by Coronavirus, will continue long after it has ceased. A recent MobileIron survey, which polled office workers worldwide, showed that more than 80% of employees don’t want to return to the office full time, ever. This study also found that employees within the Everywhere Enterprise are making IT security’s job harder by not prioritising, or even circumventing, security protocols. In fact, one-third of workers considered IT security to be a low priority.
It seems that employees scattered across the Everywhere Enterprise are blind to the threats and vulnerabilities specifically targeting them. Threats have risen since the start of the pandemic and, according to Google, at one point in April the company blocked 18 million phishing scam emails in a day. Yet our research found that nearly half of employees (43%) don’t know what a phishing attack is. So, how do companies protect data security during digital transformation with the added challenge of a distributed workforce?
Zero trust approach
Adopting a zero trust architecture is rising in popularity as a direct response to a diminishing perimeter. Gartner predicts that, by 2022, 80% of new business applications will support zero trust network access (ZTNA) for third-party partners and, by 2023, ZTNA will have surpassed VPN use in over 60% of enterprises. Zero trust considers an organisation’s network to be already compromised and, as a result, applies a “never trust, always verify” logic to network access. By implementing a zero trust approach, organisations can ensure only verified users and trusted applications, devices and networks are being used before granting employee access to the data they need. This is the only way businesses can ensure that its dispersed employees remain secure and productive, wherever they work from.
Elimination of the password
One of the weakest links in enterprise security is the password. Authentication has come a long way, but cybercriminals are never far behind. Passwords are still the norm, but even the strongest passwords aren’t strong enough, especially as mobile, the IOT, social media and other technologies expand attack surfaces. Decades of breaches show that companies across the globe have one thing in common: they do not put enough effort into securing passwords. From weak passwords to repeat passwords, they are the result of an obsolete data security system.
Companies can eliminate passwords to increase security alongside fast-tracking employee access to enterprise data with zero sign-on. Zero sign-on replaces single sign-on and provides adaptive authentication, including multi-factor authentication, based on risk. Zero sign-on technology moves beyond identity and access management and simultaneously verifies the network and device, establishes user context, checks app authorisation, and detects and remediates threats, all before granting secure access to the user.
Advanced threat detection
Threats to data security are much more sophisticated than they were even five years ago. Successful enterprise attacks are rarely executed by a lone hacker and instead come from professional cybercriminal networks. These networks are driven by the profitability of ransomware and the sale of confidential consumer data, intellectual property, government intelligence, and other valuable data. While traditional PC-based antivirus solutions can offer some protection against these attacks, organisations need highly adaptive and advanced threat detection solutions. These solutions deliver unparalleled mobile security that enables enterprises to monitor, manage, and secure devices against mobile, device, network and application cyber attacks.
Threats can be stopped on-device before they cause damage. Users are not required to take any action to deploy or activate the application, and they cannot uninstall the protection. This is a great option for companies as there is no disruption to employee productivity, and mobile devices are prevented from impacting the corporate network and risking data loss or data breaches.
Practice good hygiene
Good security hygiene is always of significant importance in considering the protection of data, but even more so when an organisation migrates to the cloud. To best achieve secure access to cloud data, companies must understand the environment their employees are working within, as well as the devices they use. Only after understanding those elements can they implement appropriate security protocols.
This is where enrolling devices in a unified endpoint management (UEM) solution becomes essential. Enrolling devices ensures that devices are encrypted and allows IT to enforce appropriate authentication and security policies. It also allows IT to delete dangerous apps over the air and stop business data from seeping between different cloud-based apps. Enrolling devices in such a way not only serves to maximise the gains in productivity that cloud computing has to offer, but also helps to ensure data stored in the cloud is secure.
Mobile devices are everywhere and have access to practically everything, yet most employees have inadequate mobile security measures in place, enabling hackers to take advantage.The adoption of the Everywhere Enterprise model of work throughout the pandemic has increased the use of mobile devices to access critical business data. Our research shows 72% of employees agreed that their mobile device is important in ensuring their productivity.
Every company should consider a mobile-centric security strategy that prioritises user experience and enables employees to maintain maximum productivity on any device, anywhere, without compromising personal privacy, or critical data as companies’ digital transformations continue.
By Brian Foster, Senior Vice President of Product Management, MobileIron