COVID-19 Remote Work Orders Create New Security Issues for Businesses

April 17, 2020 | By Bob Moore, Managing Director, Edgile


The COVID-19 global pandemic has caused modern enterprises to rethink how they do business. According to an analysis of 2019 U.S. Census Bureau data by Global Workplace Analytics, just 3.6% of the U.S. workforce works remotely half-time or more. The reaction to COVID-19 and the nationwide call for social distancing has caused that number to skyrocket. This rapid transition is creating new security, privacy and compliance issues for modern enterprises.

An expanded remote working strategy means that large numbers of mobile devices will be more widely distributed geographically. In addition to vendors and customers accessing data in the cloud, thousands of additional employees will be transmitting sensitive corporate intellectual property across many different networks.

Protecting this far more porous environment is going to take a lot of very different—and possibly more complex—security approaches. Continuous authentication, behavioral analytics and robust cloud protections will be essential.

Another problem with a wholesale shift to remote work is that many companies did not have a viable protocol in place. Fortune 500 companies may have trouble adding thousands of additional remote workers to their network of contractors, major customers and partners in a matter of days. Bandwidth has to be allocated, security plans must be rewritten, training has to happen, new software licensing deals have to be negotiated, just to name a few of the necessary action steps.

Enhanced Secure Collaboration Across the Distributed Enterprise

For over 20 years, Edgile's mission has been to Secure the Modern Enterprise. The definition of a modern enterprise is always evolving. Today’s modern enterprise is now the extended—or distributed—enterprise, where robust and secure remote collaboration mechanisms must be embraced. What we need to protect is changing rapidly and our solutions are changing as well.

Post-COVID-19, the clear benefits of remote work for both workers and companies is projected to create permanent changes in the workforce. Kate Lister, a recognized expert on the impact of work-at-home programs and President of Global Workplace Analytics estimates that 25%-30% of the workforce will be working at home multiple days a week within two years. The solutions that must be quickly implemented to secure the enterprise because of the pandemic will need to become a permanent part of security, access and compliance programs.

None of us knew about social distancing a few weeks ago. Now we are learning how to operate with less physical interaction and recognizing the many advantages of virtual meetings. Companies need to respond quickly to the current situation and develop a comprehensive approach to their business continuity plans.


Partner Spotlight:  Secure External Collaboration with Microsoft Teams 

Microsoft Teams provides a robust and secure collaboration platform. Some of the enterprises we work with own the Microsoft licenses with Teams security and compliance (Microsoft 365 E3). Most enterprises now own the advanced security and compliance capabilities found in Microsoft 365 E5. Typically, organizations use Teams for meetings and file organization. Now that business operations have shifted to include more remote work environments, Teams can be the platform for external collaboration.

Teams is highly configurable for specific users and groups and global administrators can create a secure environment that matches the purpose of each Team.

Groups can create naming standards, restrict users, exclude guests or allow guests only from specific domains. A Team can have an expiration with owner notification, archiving and data retention policies. The security and audit capabilities of the foundational components—Office 365 and Enterprise Mobility Suite—are available in Teams.

But there is a problem: open collaboration is the default configuration. Users can create teams, invite external guests, allow guests to create channels, access sensitive information, and more. Teams is a tremendous tool to support the immediate need for external collaboration but must be properly configured to enable long-term secure virtual productivity.

Edgile has developed a one-week, remotely deliverable Teams Workshop to triage your current configuration and create an instance for secure external collaboration to meet immediate needs. We make recommendations for platform configuration steps to address the larger business continuity challenges.

Areas of focus include:  

  • Remote application access for large scale workforce  
  • Data classification, encryption and exfiltration monitoring  
  • Risky behavior identification and action  
  • Mobile device and data protection 
  • Advanced audit and case management  

These areas are critical components of a secure and robust enhanced collaboration solution. For most companies that have Microsoft licenses, the capabilities are already owned. It’s the policy, configuration, end user communication, security and audit configuration that’s needed.

Connect with us to get started or attend one of our upcoming webinars

 


About Bob Moore
Managing Director, Edgile

Bob leads a team that helps large companies execute Digital Transformation successfully; on plan, on time and on budget. Bob introduces new technology built on AI and machine learning and works with CISOs and CIOs to quantify the value proposition based on cost recovery, productivity, new value creation and risk management. Bob manages implementation and business process change to ensure value realization.
 

Edgile is a Microsoft Gold Partner, was named the 2020 Security System Integrator of the Year and is the trusted advisor to many Fortune 500 companies and highly-regulated global enterprises.

Previous Article
8 Suggestions from U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA)
8 Suggestions from U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA)

Next Article
NIST Offers A Structure For Easing Privacy Compliance Burdens
NIST Offers A Structure For Easing Privacy Compliance Burdens