We live today in a brave new world. No, not the world envisioned by Aldous Huxley in his dystopian classic “Brave New World,” but a world very different from the one we had just a couple of years ago. The COVID-19 pandemic has been a catalyst for a seismic shift in the way companies do business and how individuals connect and maintain productivity. The wheels of digital transformation were already in motion, but the pandemic greatly accelerated those efforts—introducing unique risks and security challenges at the same time.
Adapting and Embracing Change
When the COVID-19 pandemic first took off in early 2020, companies around the world suddenly switched to remote, work-from-home business models overnight. As nations implemented lockdowns and quarantine restrictions, businesses of all sizes and across all industries were forced to adapt and find new ways to engage with customers and continue business operations, while also struggling to deal with the pandemic themselves—along with the repercussions of partners and suppliers scrambling to address it as well.
If there is a silver lining to the pandemic, it’s the fact that it happened in 2020, rather than 1990. We have the technologies and the infrastructure today to enable remote productivity, but 30—or even 10—years ago it would have been a completely different story. Thanks to broadband internet, cloud platforms, SaaS (software-as-a-service) applications, and open-source technologies, the transition from a traditional office to a work-from-home business model was relatively seamless for many organizations.
As we enter 2022, the COVID-19 pandemic continues to have a significant impact, but many regions and organizations have attempted to resume normal operation on some level. For many, the new normal will be a hybrid model that incorporates the traditional office with the flexibility of working remotely. One thing is clear at this point, though: the definition of “normal” has shifted and much of the operational business models and digital transformation organizations have embraced to get through the pandemic will remain—in whole, or in part—as we move forward.
Adjusting Security for the Hybrid Work Model
The dramatic overnight shift to a completely remote, work-from-home business model vastly expanded the attack surface and introduced unique security concerns for IT security teams. Many organizations had already adopted cloud platforms and SaaS applications to some degree—which helped to streamline the transition—but suddenly the concept of the network ceased to exist, and organizations had little visibility or control as many employees turned to personal computers connected over home Wi-Fi and broadband networks to get their jobs done.
The hybrid working model of the new normal means that the security challenges that arose from the pandemic are likely here to stay. Organizations need to recognize that the entire internet is the “network” now, and every employee or endpoint is the “perimeter.”
The cybersecurity status quo is not adequate to defend against today’s threats or to protect such a broad and diverse attack surface. It will take new tools and new strategies to properly secure and protect network assets and data. In particular, hardware encryption tools, centralized visibility, and inspecting source code play important roles in this hybrid working model.
Hardware Encryption
Threat actors are constantly evolving new techniques and finding innovative ways to compromise systems and evade detection. Hardware-based security and hardware encryption coupled with software can play a vital role because software-based security alone can be subverted or compromised.
Intel is at the forefront of developing hardware that can help secure the future of work, having developed a variety of hardware-enabled security technologies. Hardware encryption is essential for ensuring that attackers cannot access or intercept data. Intel Advanced Encryption Standard New Instructions (Intel AES-NI) are built into Intel Core processors to implement some of the complex and performance-intensive computing in order to accelerate encryption. Intel Hardware Shield on the Intel vPro Platform includes Intel Total Memory Encryption—which encrypts the computer’s entire memory with a single key so that all memory passing to and from the CPU is encrypted.
These hardware encryption tools often act as the first line of defense for businesses and will prove to be increasingly valuable as hybrid working practices become the new standard. While Intel may be ahead of the curve in developing these solutions, we are only on the cusp of the hardware security hype in the future of work.
Centralized Visibility
It is a common mantra in cybersecurity to say that you can’t protect what you can’t see—or don’t even know about. That is true. That is why visibility is crucial.
The shift to a hybrid working model has made visibility simultaneously more important and more challenging. With employees connecting from virtually anywhere and from any device, the challenge of maintaining an accurate view of the assets that are connected to the network as well as their current security posture or risk exposure has skyrocketed exponentially.
IT security teams need to have an effective way of maintaining and managing visibility across their entire environment—including home networks and personal devices used for work purposes by employees—from a unified, centralized view.
Inspect Source Code
Open source software and frameworks have been around as long as there have been computers. Developer tools like Intel oneAPI and OpenVINO leverage open source components including pre-trained models and languages to improve time to value for developers. These tools are created and maintained by volunteer engineers, developers, and data scientists, and made available to the community for free.
That is a huge benefit, but it also comes with some risks. On the one hand, because the source code is open to the public, it means that potentially more people—and people with more diverse skill sets and perspectives—have the opportunity to review the code and identify potential issues. On the other hand, because open source projects are community efforts there is typically nobody specifically in charge of finding and fixing security issues, and nobody, in particular, to blame when they arise.
In December of 2021, a critical vulnerability was revealed in Apache Log4j—a logging function built into the open source Apache web server platform used by millions of websites around the world. The process of identifying and remediating affected systems is complicated, though, by the fact that many other applications may be using vulnerable snippets of code.
As organizations rely more on open source applications, or software that is built around components from open source applications, inspecting the source code to identify flaws and vulnerabilities is crucial.
Securing the New Normal
The hybrid work model and the concept of giving employees the flexibility to work remotely from home are here to stay. The COVID-19 pandemic accelerated digital transformation and forced organizations that were not prepared and perhaps had no immediate plans for digital transformation to make the leap anyway.
The good news is that not only have digital transformation and technologies like cloud platforms, SaaS applications, hardware encryption tools, and open source solutions enabled companies to keep the lights on and continue operating through the pandemic, but studies indicate that productivity has gone up in many cases along with improvements in work-life balance and employee happiness. It appears that this is the new normal and that most businesses will adopt some version of remote work or increased flexibility even once the pandemic is under control or behind us. That can be a win-win for businesses and employees, as long as organizations also recognize the unique security concerns and have the right tools in place to protect this vast attack surface against emerging threats.
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024