Coping with life in the wild

The emerging anywhere/anytime working model requires a distinctly different security posture to ensure the organisation is resilient in the face of changing security threats.
Peter Clarke
By Peter Clarke, Founder and MD, LanDynamix
Johannesburg, 17 Jun 2022

In my previous article, I argued that disaster recovery as a service (DRaaS) was making it possible and affordable for a much wider range of organisations to recover from a catastrophic event, be it a cyber attack, a fire or other incident that makes it impossible for normal business premises to be used.

But a disaster is highly disruptive − so while it's important to have DRaaS in place, it needs to be complemented by effective security to protect the organisation, and hopefully mitigate the risks of a disaster ever materialising.

Physical security of the organisation's offices is part of the equation, including access control, plans for preventing and combatting fires, and power and water backups. The real challenge is cyber security, given the fact that business and technology are now so tightly integrated that they are virtually inseparable.

There are two key trends that are creating security headaches for CIOs:

A daunting threat landscape: Highly-skilled cyber criminal cartels have the time and resources that in-house security teams lack. Even the most cursory search on Google will quickly demonstrate just how serious the problem is. Recent high-profile incidents include the demand of R225 million in ransom from TransUnion and the exposure of client data at Dis-Chem. South Africa seems to be a particular target, and is ranked in the top six nations threatened by cyber crime.

The emerging work anywhere/anytime model: The explosion in smartphone usage and the bring your own device revolution initiated what looks like an unstoppable trend: employees choosing to work where they want, when they want and, increasingly, on their own devices. COVID-19 and the move to remote working really put wind under this trend's wings.

In effect, the company has become a distributed organisation, and its systems and data are no longer protected behind high corporate firewalls. CIOs and CISOs need to rethink how they approach security.

In the new distributed corporate model that's in development, the organisation has to learn how to secure its vital data and digitalised business processes as they stretch beyond the corporate firewall.

The key vulnerability now moves from the outer defence to the endpoint − the device on which the employee is working and accessing the corporate data and applications. Accordingly, the security focus is shifting from the firewall to the endpoint.

The firewall remains in place, of course, because much of the work will continue to take place in the corporate offices, as before, but the security posture needs to accommodate the fact that a variable proportion of the work will be done elsewhere.

In effect, the company has become a distributed organisation, and its systems and data are no longer protected behind high corporate firewalls.

When confronting this challenge, CISOs need to factor in the following:

Move the security stack onto the endpoint: Some vendors are leading the way by creating security clients for endpoint devices. These are designed to provide each individual endpoint with the same type of security as a device connected to the corporate network at head office.

Artificial intelligence and machine learning are playing an increasing role here. For example, anti-virus software is moving beyond its traditional definition-based approach to identifying suspicious behaviour. It can spot behaviour that is not usual for humans (for example, rapidly encrypting files). In time, machine learning will also enable the endpoint security to accumulate data on how the specific user operates, and so refine its ability to identify uncharacteristic behaviour.

For example, if the user habitually logs into the corporate network during certain hours from Johannesburg, a log in from China at an unusual time will raise an alert.

Implement user awareness training and testing: Users have always been the system's greatest vulnerability and this vulnerability is exacerbated by the new working patterns. Users need to know and be constantly reminded about basic security like locking their devices when they are not using them, and spotting phishing scams.

Protect data: It makes sense for data to remain off the vulnerable endpoint. Corporate data should be backed up to the cloud and remote users given access to it there. The data should also be encrypted.

Govern user access rigorously: The principle here is that users should only have access to the data they need to do their job, thus limiting the system's exposure in the event of an endpoint breach. Over the longer term, the zero-trust network architecture will become mainstream.

This means that users will be given access to the network not only once their credentials have been verified via multi-factor authentication, but also once the security posture of the device they are using has been approved. The posture check has to be dynamic, so that the moment it changes, the user is taken off the system. Of course, all of these checks need to be automated to make the system as seamless and accurate as possible.

DRaaS combined with a security architecture that is appropriate to the changing world will create a more resilient organisation, able to adjust to a business environment that is perpetually in flux.