The year 2020 saw a dramatic shift in the workplace environment. New IT technologies and infrastructure that support a remote and distributed workforce will continue to be major investments for at least a couple of years down the road. As a result, network security considerations to support these technologies will also be the focus for enterprise IT departments.
Security as a service
A distributed IT infrastructure means that network services such as connectivity are decentralized. Security products that are installed at fixed locations are not flexible enough to support the new, dynamic network of users and applications that has arisen due to the pandemic.
We believe that security at fixed locations will gradually be replaced by security that is delivered as a service. The recent interest in ZTNA (Zero Trust Network Access) and SASE (Secure Access Service Edge), for example, is a strong indication that people are looking for a security model that is compatible with the new distributed IT architecture.
Further, the trend toward decentralization of business operations and workforces is only expected to increase. According to a report commissioned by Upwork, a marketplace for independent talent, the number of remote workers in the US is projected to almost doubleremote workers in the US is projected to almost double over the next five years, to more than 36 million.
The decrease in concentrated clusters of workers means there is less justification for in-house applications which, in turn, accelerates the adoption of cloud applications and cloud services. Securing applications and data in the cloud is a multi-pronged task that encompasses many areas such as SaaS security, security of public cloud and virtualized data centers, container security, etc.
In recent years we have seen the maturation of cloud security product categories such as Micro-segmentation, Cloud Workload Protection Platform (CWPP), and Cloud Security Posture Management (CSPM), etc. In addition to increasing adoption of these products, we have also seen demands for technologies that support hybrid cloud and clouds from different vendors, as enterprises build flexibility and resilience in their cloud infrastructure.
Industry analyst firm Gartner, for example, listed cloud security posture management and simplification of cloud access controls among its top 10 projects in 2021 for security and risk management leaders.
Security of VPN and Collaboration Applications
Attackers are continuously looking for new ways to hack into the enterprise. The remote workforce presents new attack surfaces; VPN, messaging and collaboration software are all becoming targets of attack, for example.
First of all, enterprises need to harden the security of applications and data by introducing multi-factor authentication and device management. What is also important is to monitor the usage of these corporate assets and look for signs of misuse and breach.
During the past few years, geopolitical conflicts, as well as threats and exploits by nation-states, have been on the rise. The importance of data security and privacy have been raised to the level of national security. Major countries and entities have already released regulations that in effect segregate the data collected in different regions. We anticipate that these conflicts will not go away soon, and we will probably see more of the events like the US government’s treatment of TikTok. Enterprises that do business around the world will continue investing to make sure that they are in compliance with all regional regulations.
The global pandemic initially forced IT to rapidly change architectures and models in order to support a remote and distributed workforce. As the pandemic continues into 2021, and enterprises increasingly embrace remote working for some or all of their employees, it is critical to address the network security considerations associated with the distributed work environment.
Key among these considerations are security as a service, cloud security, security of VPN and collaboration applications, and policy compliance. By focusing on developing and refining the network security measures needed for a distributed architecture and workforce, IT managers can confidently adapt to the rapidly changing workforce and network environments.