Arraya Insights | February 16, 2022
As we move into year three of the COVID-19 pandemic, there’s no better time to reflect on the lessons we’ve learned over the past two years and how we can best plan for our “new normal” moving forward. While the hope is that many aspects of life will return to the pre-pandemic ways we used to know, there’s no doubt that some things will never be the same.
While some offices are slowly opening back up, remote or hybrid work is here to stay. The remote workforce was slowly growing prior to 2020, however, the pandemic accelerated this to an entirely new level. Remote employees were given the opportunity to prove their capabilities off site and the great resignation forced employers to reconsider their prior on-site policies.
Considering this expanded remote workforce combined with the growing risk of cyber attacks, looking forward it’s clear that security remains the moral of this story. It’s now more important than ever to stay in front of your vulnerabilities. Arraya’s Cyber Security team recently sat down to discuss what we’ve learned over the past two years and how we can apply this knowledge as we move into 2022.
It’s Time to Get Off-Premises as Cloud Adoption Dominates
Just like remote work, cloud adoption quickly accelerated thanks to the pandemic. Today, if your employees aren’t required to be in the office, there’s no reason to host servers on-prem either. On-premises servers are more expensive due to the overhead of maintaining the data center and server on-site, along with the staff it takes to manage them. As businesses reach the end of their lease terms, many are re-evaluating the need for this physical space.
Adoption of the cloud through a Software-as-a-Service (SaaS) solution offers increased scalability, flexibility, security, and it’s more cost-effective.
For those who keep their servers on-premises, it’s important to keep empty offices secure. Without employees regularly wandering the halls, these servers can be an easy target. While cyber attacks are the most newsworthy, physical security should still be taken seriously.
Following the Journey to the Cloud, Prioritize Security
While transitioning to the cloud offers more security than an on-premises network, many users forget to prioritize security once they’ve made this shift. The cloud requires a completely different tool set and a full security and disaster recovery review is necessary once your business has transitioned to cloud computing.
While on-premises users relied on their own company’s IT team, operating in the cloud is a shared responsibility. New cloud users will need to understand their security obligations versus their cloud providers’ obligations.
For more information on securing your cloud, check out our blog, Prepping for Cloud Security in 2022: Is Your Business Ready?
Large-Scale Vulnerabilities Will Impact All of Us
Large-scale cyber events, such as the SolarWinds attack, the Colonial Pipeline ransomware attack, and the recent Log4J vulnerability are just a taste of what’s to come. Remote work changes how companies can respond to these attacks. Previously, if a company suffered a cyber attack, they could turn off remote access and have employees come into the office to log onto their network and continue operations.
Now, as employees are fully remote, this type of attack can force a company fully offline and business interruption costs to skyrocket.
The Zero Trust Security Model is a Win
Just like the acceleration of cloud adoption and remote work, employing a Zero Trust security model became a priority during the pandemic. This model means always assuming breach and verifying each request as though it originated from an uncontrolled network, rather than believing everything behind the company firewall is safe.
With this model, users should:
- Always authenticate and authorize based on all available data points
- Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection
- Minimize blast radius and segment access by verifying end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses
Regardless of where a request originates, we should “never trust, always verify.”
Education & User Awareness Significantly Reduces Risk of Human Error
While the latest security tools and solutions can drastically reduce your cyber risk, human error continues to be a major threat. What’s the use of the tallest fence if an employee accidently opens the gate?
Cyber threats are a unique challenge because they are always evolving. Fostering a constant awareness campaign on cyber security is key to keep employees updated and vigilant in identifying and preventing these attacks. As workers log in remotely, these campaigns need to extend out of the office to ensure that every team member is included in this effort.
Rethink the Need for VPNs
Traditionally, VPNs were given to most employees to allow them to work from home. With growing SaaS services, which can provide federated access, the need for VPNs is slowing. In adopting SaaS and cloud-based services, you’re eliminating the single point of failure as your provider will have multi-home internet connectivity.
Even if there is a failure, it’s not your company’s responsibility to resolve this issue. In essence, your company is offsetting this liability onto your SaaS provider. While VPN has historically been the most secure option, that’s no longer always the case.
Next Steps: Staying Ahead of Your Vulnerability
Companies and enterprises are increasing their cyber security resources and budgets, and for good reason. A strong cyber security posture is now an essential part of any business’s risk management plan.
At Arraya, we can help your company analyze and discover your potential vulnerabilities through our security and penetration testing solutions. Further, we’ll remediate the issues, once detected.
As we move into 2022, a proactive approach to your vulnerability is essential. Contact an Arraya expert to get started today.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.