The COVID-19 pandemic drove many organizations to switch to a remote workforce without fully considering the security implications. As companies mull over the possibility of extended remote and hybrid work models, these oversights need to change. Remote workers are a serious security risk, and companies need modern security solutions – such as secure access service edge (SASE) – to make a productive, secure workforce possible.
COVID-19 Transformed the Modern Enterprise
During the COVID-19 pandemic, remote work suddenly became business as usual for many organizations. Companies that had no telework plan – and potentially claimed that remote work was “impossible” for them – were suddenly sending their employees to work from home indefinitely.
Making this transition forced organizations to reconsider how they did even the most common daily tasks. Meetings that would normally have been held in-person in conference rooms now were hosted on teleconferencing platforms. Employees’ need to share information and collaborate with colleagues sparked interest in corporate collaboration platforms and cloud-based applications.
The transition to telework was jarring for employees as well. Many of them needed to learn new skills and tools to continue doing their job in the age of COVID-19. The need to continue doing business in the face of confusion and shared challenges encouraged a culture of collaboration and understanding. In some cases, it also created a mentality focused on getting the job done at all costs.
Remote Employees Are Endangering Corporate Security
The rapid switch to remote work created several security challenges for organizations. In many cases, companies needed to rapidly deploy new infrastructure to meet the needs of their suddenly remote workforces. This created security gaps as organizations focused on enabling employees to get back to work rather than ensuring that they could do so securely. For example, many organizations deployed virtual private networks (VPNs) and RDP without thinking through the implications, causing significant problems with both performance and security.
However, issues with their infrastructure are not the only security challenges organizations face due to remote work. Suddenly freed from working from the office, their employees created additional problems, including clicking on potential phishing links, using personal accounts and devices for work, and downloading unapproved apps to corporate devices. All of these behaviors place the organization at risk.
While these behaviors can exist in the office, they feel freer to do so when working remotely, according to 30% of employees. One of the main reasons for this belief – according to 49% of employees – is that teleworkers think that IT cannot monitor them and enforce corporate security policies when they are working outside of the office.
Over a third (36%) of employees have used workarounds to evade and defeat corporate security policies and controls when working remotely. As a result, 42% of employees claim that they have made security mistakes when working from home that will never be reported to the organization. This is because over a quarter of employees (27%) are afraid to admit to IT that they’ve made a security mistake, and others are deliberately evading security controls.
With the move back to the office after the COVID-19 pandemic is over, many organizations hope to bring their employees back into line. However, 40% of employees plan to bring their personal devices with them to the office, potentially bringing malware infections and other security issues with them.
How SASE Can Help Reduce Security Workarounds
One of the main drivers of the poor security habits of the remote workforce is a belief that these activities are invisible to IT. And this belief is not an unreasonable one.
Many organizations have perimeter-focused security strategies designed based on the assumption that employees and corporate resources are located on-premise. With the growth of remote work and cloud computing, employees can reach corporate assets and the public Internet without the need to pass through the traditional network perimeter and its array of security solutions.
Effectively securing the remote workforce requires moving security from where IT infrastructure and employees used to be (i.e., on-prem) to where it is today (everywhere). SASE accomplishes this by deploying security at the network level using cloud-based points of presence (PoPs). With SASE’s integrated SD-WAN capabilities, all business traffic can be routed optimally over the SASE network from the PoP nearest its source to the one closest to its destination. While this can improve the performance of business network traffic, it also has the benefit of providing visibility and the ability to enforce corporate security policies for this traffic.
By making a move to SASE, an organization ensures that it has complete visibility into all business traffic and the ability to enforce security policies and zero-trust access controls. This can help prevent dangerous behaviors that get remote workers in trouble and minimize the impact of security incidents caused by infected systems and other security compromises.