Managing Complexity and Consistency, and Giving Users the Simplification, Automation, and Security They Want.
By Laurence Pitt, Global Security Strategy Director, Juniper Networks
Innovation is at the heart of cybersecurity – both because cybersecurity professionals are inherently curious by nature and because threat actors are continually innovating and evolving their attack approaches and the exploits themselves. Nonetheless, the last several months have demonstrated the need for change and new directions of innovation.
A recent presentation by cybersecurity specialist Robert Hannigan examined the great work from home migration and the changes it’s driven. He examined some interesting phenomena, such as how Security Operations Centers (SOCs) are experiencing a drop in the number of alerts – but not because volumes have reduced. Rather, it is because alerts have moved beyond their purview on the corporate network. Today, we’re assuming that many of what would formerly be SOC issues are instead sitting on home Wi-Fi.
Threat actors understand this and are exploiting it actively. Some of the early confusion caused by contact tracing applications and COVID packages gave them early and easy entry points for data theft and ransomware, as well as phishing schemes that played on emotions with “must click” links purporting to offer information on COVID-19 spread and government stimulus programs. Instead, these dropped malicious payloads. In the most recent shifts, we’re seeing scammers targeting online shoppers looking for pre-Black Friday deals, as well as bored home workers seeking free (but illegal) downloads of television shows and movies.
As we move into this mid- and the post-pandemic world with remote and in-office work blending, what must organizations consider, in order to sustain data and application security and privacy while still considering the best user experience? How does remote work change the security stack mix? And what’s still missing?
Experience Must Come First
These questions take us beyond initial inquiries about connection speeds that, until only recently, dominated remote work conversations but are now taking a backseat to blended remote work/in-office security. More timely questions include: What do VPNs protect or leave exposed? What needs to happen next?
Experience is an important, if subjective, metric. It helps us frame and prioritizes issues around user access, usage, and interaction with business-critical applications and services, shifting our thinking on necessary protections. Our job has not fundamentally changed, but the factors we must recognize and compensate for have expanded, just as much as having the “how” and “where” of our daily interactions.
A good experience makes users more loyal to and comfortable with the applications they depend on. Without a good experience, it is all too easy for a competitor to redirect users with a few simple clicks, showing the potential of a shinier, more responsive alternative. Think about your smartphone, as an example. We all download new applications every week or so, looking for a tool to simplify a task in our lives. But if that app doesn’t prove its worth or is cumbersome from the start, a new app quickly replaces it and is readily available in the app stores.
What Users Want: Simplification, Automation, and Security
Talking to users about their experiences helps in sorting through what works and what does not. Understanding how they prioritize activities will help you pull this insight into the context of delivering services and applications for a modern enterprise.
- They want to simplify their environment to deliver a slicker customer experience, which can often be achieved simply by maximizing existing investments in technology.
- They are leveraging data and analytics for automation of tasks, giving time back to the IT team with a focus on innovation rather than management.
- They need to secure what they have with effective data usage and automation to ensure consistency and reduce false positives.
Managing Complexity and Consistency
A frequent theme among customer requests centers around reducing complexity and making more from existing investments, while overcoming the daily struggles of too many management interfaces, sites, and overlapping technologies. The hurdles are not only technical but also staff-related in ensuring specialists are well-trained in their roles.
How can things be made simpler? Talk to users and consider ways to streamline activities. Automation rules could dynamically change traffic behavior or routing to make sure that services are correctly prioritized and delivered for users. For more granular but consistent control, multi-tenant options would make a good conversation. It provides role-based management at different levels, reducing individual workloads yet still maintaining overall control of the environment.
Remote Possibilities – Funding the Work from Home Migration
So, what about remote users? For the IT team, this has meant an increased workload. They have moved from managing a small number of remote users to dealing with hundreds or thousands of remote users acting as ‘micro-branches.’
For many users, the experience at home is not an issue, but it certainly is one for organizations whose remote workers need access to sensitive data or real-time systems. Those users will be using the same Virtual Private Network (VPN) client as everyone else to achieve this and it is no longer suitable. A VPN punches a big hole in the side of the network, allowing users access but also leaving gaps at the edge for attackers to sneak in. It protects only data in transit, leaving much else exposed.
Instead, organizations should look at the latest technologies which extend the corporate network into the home. It’s past time to give home workers the exact same high levels of reliability they had when working exclusively in the office (henceforth to be referred to as “the good old days”), but with the benefits of management, security, and visibility for the IT team. All are ensuring the best and most secure user experience.
Employees quickly embraced working from home as a benefit, with many now saying they would prefer to remain fully remote. Others want to sustain partial remote work, even while they are now reentering or looking to reenter office environments.
There is a potential cost-saving here, as organizations look to shave real estate costs through hot-desking and smaller offices as options instead of allocated per-user spaces. Rather than reincorporating these savings into the bottom line, they should be reallocated towards new and innovative ways of improving the overall user experience across the business.
Of course, the business will want proof of the return from any new investment and cybersecurity ROI has always been a challenging topic. Nonetheless, the result of the sensible investment will be happy and loyal users, reliable and innovative services, and measurable business and competitive benefits for the organization.
About the Author
Laurence Pitt is the Global Security Strategy Director of Juniper Networks. He is passionate about technology, particularly cybersecurity. His depth and breadth of knowledge of the dynamic security landscape is a result of over twenty years’ experience in cybersecurity. He understands the security concerns businesses face today and can bring insight into the challenges they will face tomorrow. Laurence joined Juniper Networks in 2016 and is our senior security specialist in EMEA. Security throughout the network is a key area where Juniper Networks can help as business moves to the cloud and undertakes the challenge of digital transformation
Laurence can be reached on Twitter at @LaurencePitt and at https://www.juniper.net/us/en/