By Zohar Rozenberg, VP of Cyber Investments for Elron
[Editor’s Note: This article is included in a series of current commentaries on the broad-ranging technical and economic effects of the Coronavirus outbreak. Due to the significant impact of Coronavirus on cybersecurity challenges and responses, Cyber Defense Magazine will continue to feature this topic on the CDM home page rather than waiting for publication of the next monthly edition.]
Employees quarantined by their employers, by government action, or upon their own initiative, are forcing organizations to allow access to critical data remotely. Coronavirus is presenting organizations with a unique opportunity to adopt modern security protocols and enable an efficient remote workforce.
Fear of Coronavirus infections has resulted in organizations ruling out large meetings. Healthy individuals are in home-quarantine for weeks at a time, even though they are not necessarily thought to carry the virus. This large number of individuals complying with house arrest is putting a strain on many organizations that have not shifted their working styles to accommodate large-scale remote workers.
Sales forces are accustomed to working “from the field.” Accounting, R&D, marketing, and analysts are used to operating under the security of in-office connectivity. Today’s worker needs to collaborate with global data amongst international teams requiring robust security measures for identity-based access, secure data collaboration, management of digital rights, data transfers, etc.
A predicted shift
While many experts proclaimed “perimeter is dead” some years ago, most organizations still handle most of their operations from within the perimeter. As companies rely on employees working from the office, Coronavirus’ forced changing of the status quo comes with unignorable risks such as unsecured home Wi-Fi networks, unsecured smart devices, and countless other variables that can turn an employee’s laptop into a trojan horse.
The home environment is not the only issue. In today’s world, most organizations use 10s of SaaSs, various cloud environments, and other services still controlled at the HQ. Moving to a remote workforce requires the usage of adequate identity verification measures, including unique Multi-Factor Authentication protocols, access permission measures that enable working in a multi-environment organization, wider usage of encryptions, and more. Managing and keeping up with regulatory compliance must also be managed more closely with a remote workforce. Being able to track accessed data, along with where the data is stored, is a challenge when working remotely. On the other hand, many traditional security solutions, which were built to monitor network traffic, analyze it, detect anomalies in it, etc. are much less relevant when everyone works remotely and uses multiple environments.
This calls for a fundamental re-architecture of security facilities all across affected organizations.
Adaptive security
The segmentation of solutions offers ways to let employees work remotely while preserving high-security levels, sometimes even higher than those within the perimeter. Solution approaches such as Zero Trust, Software Defined Perimeter, and others provide organizations with new ways of building their architecture, taking into consideration the fact that there is no longer a real perimeter.
For some organizations, moving to this type of architecture and “way of life” may seem like too big of a change, even an unnecessary burden, in some cases. Some fear change, while others feel their legacy system is “good enough”. The opportunity they are missing is that modern systems offer fewer constraints, more flexibility, more freedom, and usually help move things faster through the network. They allow for better mitigation techniques when problems arise, demonstrating how decentralized systems are generally stronger and more resilient than centralized ones.
Silver Lining
But now, the Coronavirus is forcing organizations to unwillingly adapt to a remote workforce. It is well established that “Necessity is the mother of invention,” so why not leverage the Coronavirus situation as a catalyst to adopt these new, more efficient practices? If typical organizations had already been adjusted to secure remote workers, it is likely that the harmful effects on the global economy would have been lessened and better managed.
Adapting to today’s and tomorrow’s security needs demands new architecture, new processes, and new methodologies. Change is usually scary and mostly unwelcomed because most of us prefer stability. The Coronavirus situation is a constraint. It is a problem that jeopardizes organizations, resulting in losses and unwanted exposure.
My advice is to leverage the new requirements to make the right change. By making informed decisions and implementing appropriate measures in a timely manner, the Coronavirus threat can be turned into a positive development.
About the Author
Zohar Rozenberg serves as VP of Cyber Investments for Elron, investing in early-stage cybersecurity, and enterprise software startups. Zohar also serves on the board of directors for several technology companies.In his previous role as an IDF 8200-unit Colonel (retired), Zohar assisted in the founding of Israel’s National Cyber Bureau, formalizing the country’s national cyber strategy. His final role with the IDF was as the head of its cyber department.He is always looking for bold and innovative entrepreneurs whose ideas promise to shape our tomorrow.