Tackling endpoint security in the age of work from home
By Peter French, Synapsys Managing Director
It was only a few short months ago that I attended the inaugural Acronis Global Cyber Summit in the US, where Acronis CEO, Serguei Beloussov, announced the company's innovative, unified approach to data protection and cyber security.
One of the challenges Acronis Cyber Protect would address, he said, was the increasing complexity in corporate IT ecosystems, thanks to the dramatic rise in endpoints. Acronis predicts that by 2030, we’ll have more than 500 billion devices globally, and only 1% of these will be in the core network.
Fast forward a few short months, and due to the COVID-19 pandemic, this forecast has started to materialise at an astonishing rate. Almost overnight, around the world, companies have had to transition to remote working operations, with employees accessing corporate networks from a plethora of devices, across a range of broadband connections, with dogs, cats and toddlers playing havoc with work and private devices.
This is the acceleration of a well-established trend: the industry has been actively mobilising workforces for a number of years, and thanks to the cloud and mobility, many people are enabled to work remotely. Logistically, in Cape Town as an example, some companies were prepared for this overnight shift thanks to business resilience plans put in place during the 2018 drought. And the City of Cape Town has repeatedly encouraged businesses to embrace flexible hours and remote working as a way to reduce traffic congestion over the past few years.
Today, the remote work horse has bolted, even for companies that haven’t spent too much time thinking about it, or indeed, have actively resisted it. There is almost no technological need for many employees to be in a central location at a set time anymore, and some very compelling reasons for them not to be.
What is an endpoint anyway?
An endpoint is any device that people, or machines in the case of IOT, use to compute. Some endpoints remain within a company network, or move backwards and forwards across a corporate firewall, and today many are remote. These remote endpoints are increasingly a vulnerability risk, because, if unprotected, they offer a doorway into a corporate network.
Now, add the uptick in cyber crime. Today it’s around the COVID-19 pandemic – the Acronis Cyber Protection Operation Centers have detected a spike in malware attacks recently – but at other times this could be due to any large global event or crisis. Combined, you start to see the makings of an infosec nightmare.
The top three things to prioritise when updating your data protection and cyber security –cyber protection – for this new way of working:
1. People first
We all know this one. Even when implementing a technology solution to a technology-driven problem, people need to come first. They are still the weakest security link, and today are anxious, confused, navigating new work habits, and desperate for information, all of which is being exploited by increasingly savvy cyber criminals.
But remember, users aren’t the only people in the equation. The IT team is now stretched, suddenly supporting a remote work organisation while working remotely themselves. New strategies to increase remote endpoint protection need to be simple, scalable and integrated to support the people at the frontline of cyber protection in an organisation.
2. Acknowledge it’s a balancing act and make the best call for your organisation
Cyber protection is a complex challenge covering data protection and cyber security, and so needs a multi-vector approach to solving it. Acronis has a useful way of summarising these cyber protection vectors: SAPAS.
- Safety: Is your data kept safe, and can it be recovered?
- Accessibility: Can your people access the information they need, wherever they are and at any time?
- Privacy: Do you know who can see and access different types of data?
- Authenticity: Are you certain a copy is the exact replica of the original data?
- Security: Is all your data, including backups, protected against cyber threats?
A further complexity is that sometimes these vectors shift and work against each other. Like today, IT teams need to work to ensure that data, applications and systems are accessible to their people wherever they are to ensure business continuity. But what does this mean for other vectors such as privacy or safety?
3. Wash your hands: AKA your remote endpoints are your first line of defence
Just as we are all going to get used to sanitising our hands and having our temperature taken before entering hospitals, offices and practically anywhere to prevent the spread of COVID-19, remote endpoint protection is going to be critical in preventing malware from entering corporate networks and spreading. And here, SAPAS applies too: each organisation is going to need to balance the competing cyber protection vectors on remote endpoint devices to keep their network and people secure. These vectors of protection are close-knit, and the structural integrity of an organisation’s cyber protection relies on each vector being present and supporting each other.
Without making any predictions about the length of level four restrictions and how they will be relaxed, we need to assume we are in it for the long haul when it comes to this new way of working. And this won’t be reversed, not if you want to hire the best people. Take a quick look through recruitment site, Offerzen’s company listings: hiring companies highlight remote and flexible working as a benefit as often as no dress code and a barista coffee bar. So a small silver lining is that the changes that need to be made today to protect remote endpoints are not a temporary band-aid. In fact, companies are laying the foundation for the next phase of doing business in a post-pandemic world.
Let us know if you would like an introduction to one of our MSP partners offering Acronis Cyber Protect and to find out more about cyber protection for remote work.