Cybersecurity for remote workers: Lessons from the front
Thanks to a prior life as a paramedic, I’ve spent decades as a part-time disaster responder, jumping into chaotic environments on the heels of natural catastrophes like Hurricane Katrina. I’ve learned that survivors who are able to adapt and rebuild often share two key traits: They react quickly, and they accept their new reality.
This is the challenge facing CISOs today. How can we rapidly shift our operations to a primarily work-from-home model — and ensure strong cybersecurity for remote workers — even while in the midst of a generation-defining disaster that will have repercussions for years to come? While some organizations already supported remote work before the COVID-19 freight train hit, very few supported it at the scale the pandemic required. I’ve heard the same story from multiple IT leaders: “COVID-19 forced us to implement our three- to five-year digital transformation plans in three to five weeks.”
Digital transformation is a bit of a fluffy phrase; in concrete terms, it has three major components:
- migrating back-office applications to SaaS or cloud-hosted application deployments;
- migrating data center applications to IaaS; and
- enabling a secure mobile workforce with diverse endpoint devices.
Many CISOs I’ve worked with were already well down the path of implementing digital transformation projects in early 2020. But COVID-19 forced a dramatic acceleration of these initiatives, often faster than security could keep up. In my CISO role at my own organization, DisruptOps, I decided to approach these challenges like a paramedic deployed to a disaster zone: take stock, respond and rebuild.
Take stock
When COVID-19 hit, we moved fast. Now we must assess where we landed and how to adapt to our new circumstances. Imagine the disaster survivors who packed up and ran to safety; once out of immediate danger, they had to stop, reorient and take stock of what the heck they actually packed — and where to go from there.
In the immediate onset of the COVID-19 pandemic, CISOs and IT teams rushed to support home systems, stand up new VPN servers (on premises or in the cloud) and dramatically expand MFA. Like a family fleeing the fire, the first weeks and months were all about moving as quickly as possible and doing our best, knowing we couldn’t prevent every risk.
DisruptOps had the advantage of being small and cloud-centric; our employees already had the option to work at home, and all our infrastructure was hosted in the cloud. But we happened to close a funding round right as COVID-19 hit, so as we moved to grow the company and implement new initiatives, we also needed to expand our work-from-home program at an unanticipated speed and scale.
Respond rapidly
My most immediate task was ensuring we kept a handle on the biggest potential security gaps — increasing isolation of our production environments and hardening the walls between development and production. Since we were already using mostly SaaS to run operations, and our application is built on IaaS, I partnered with our CTO — a well-versed security veteran — to manage our identity perimeter and remotely onboard new employees via stock laptops we shipped to them.
In this first phase it was all about closing the biggest gaps, and those gaps aligned with rapid growth of remote access and remote collaboration. For most of the other CISOs I’ve talked with, this translated to increasing VPN and SaaS capacity, adding MFA and trying to consolidate onto a vetted set of collaboration tools. Some organizations also increased their migration to IaaS to reduce the staffing requirements at data centers. This initial response came at the expense of some endpoint controls and risk management of certain SaaS platforms.
I think we are all still very much in this response phase. The focus is on identifying and managing the biggest risks so we can move forward and start building longer-term foundations. These will look a bit different for everyone. In…
Read More: Cybersecurity for remote workers: Lessons from the front