Cloud cybersecurity in a hybrid working world
Thu 8 Jul 2021 | Finbarr Toesland
“Remote working is clearly here to stay with cloud-based technologies playing a central role in enabling this mobile future.”
From staff at Swiss banking giant UBS to head office workers at Asda, employees at a diverse range of businesses are being offered the ability to mix working from their homes with office-based work. A growing body of research is finding that the shift to hybrid working models isn’t set to end as the pandemic recedes, with both companies and staff seeing benefits from this approach.
Released last month, the Embedding new ways of working post-pandemic report from the Chartered Institute of Personnel and Development (CIPD) finds that 40% of employers said they expect more than half their workforce will regularly work from home after the end of the pandemic.
Additional data from the CIPD illustrates just how major the change in business sentiment towards hybrid working has been in the past year. While 65% of employers did not provide a working from home option before the pandemic, this figure is set to fall to 37% after the pandemic ends.
Remote working is clearly here to stay with cloud-based technologies playing a central role in enabling this mobile future. Working from home, the office or a co-working space has been made increasing convenient thanks to the emergence of easy-to-use cloud software. But cyber attackers also see the growing usage of cloud technologies as an opportunity.
Netskope, a security cloud provider, recently released their Cloud and Threat Report that found as cloud activity is growing across the world, with 53% of all web traffic activity now being cloud-related, so too is the threat from cyberattacks. A troubling 61% of all malware is delivered from a cloud app, up from 48% last year, indicating the urgent need from companies to secure their cloud operations.
“Cybercriminals increasingly abuse the most trusted and popular cloud apps, especially for cloud phishing and cloud malware delivery,” said Ray Canzanese, Threat Research Director at Netskope, when the report was launched. “Enterprises using the cloud need to quickly modernise and extend their security architectures to understand data content and context for apps, cloud services, and web user activity.”
Unlike fully remote workers, who are outside of the central office IT infrastructure, those employees who spend a few days in the office and the rest of the week at home or in a cafe present unique issues to IT security. When hybrid staff return to their office, they could bring with them malware that can infect the entire network.
Finding the balance between security considerations and usability is an ever-present debate for businesses. Locking down all data, no matter if it is sensitive or not, with multiple authentication tests will slow down staff and damage productivity, but at the same time, neglecting security considerations to give employees a completely frictionless experience when working outside the office leaves the network wide open to hackers.
Beyond traditional security methods, including multi-factor authentication, keeping up-to-date with anti-virus software and utilising single sign-on, that can help improve cyber defence by enhancing access requirements, businesses that introduce virtual private networks (VPNs) can ensure the creation of a secure connection. Workers using a VPN from their home are able to access company data securely with cybercriminals only seeing encrypted data.
Deploying cloud security solutions is one of the most effective ways to block off routes of access to hackers looking to attack an enterprise. Dozens of cybersecurity firms offer advanced cloud security services, including McAfee, FireEye and Netskope, many of which support real-time data visibility and analysis.
Gaining a complete view of what data is stored in the cloud, who is using it and where it is being accessed can be vital in uncovering the presence of malicious actors. When enterprises have a handle on their cloud data, unusual user behaviour can be detected and, if found to be suspicious, access can be blocked.
In increasingly complex IT ecosystems, enacting Zero Trust policies where only essential resource access is provided to users limits the surface available to hackers in cloud environments. Encrypting sensitive cloud data can also help secure data if it is stolen. But protecting the IT infrastructure of an enterprise requires more than just technological tools.
The human aspect of cloud security is an important factor for companies to secure. According to the 2021 Data Breach Investigations Report from Verizon, 85% of breaches involved the human element. While the right cloud security software can assist staff with understanding potential threats, such as alerting users to external links or suspicious emails, training is also vital.
For example, just a few months ago the California State Controller’s Office (SCO) fell victim to a phishing attack that successfully stole sensitive employee data, including Social Security numbers, as well as allowing hackers to send phishing emails to more than 9,000 contacts.
No matter where employees are based, all users should receive some level of education on prominent cyber threats they can expect to face during their work. Providing comprehensive training can support hybrid workers and empower them to make full use of cloud collaboration tools without being too concerned about cyber criminals accessing their data.
Transitioning to a hybrid working world and managing the diverse range of remote connections from different devices is no small feat. Clearly defining a cybersecurity strategy that takes into account the complex realities of a cloud-based working environment can help make the transition smoother and threats can be prepared for before facing an enterprise.