Enterprises across the globe adopted a work from home model for business continuity during the pandemic. This led to a revamping of traditional B2B communication...
Watch your step: the security cracks in work from anywhere
4 mins read
Full-time remote workers are set to grow 300% compared with pre-pandemic levels (Forrester, 2020)[1]. In this blog post, Avinash Prasad, Head of Managed Security Services, Tata Communications, discusses how to address security challenges in a new-look world, where mixing work and personal life across devices is the norm.


According to Gartner, by 2023, 60% of enterprises will phase out their remote access VPNs in favour of zero-trust network access (ZTNA). [4] For Work From Anywhere to be effective, new security solutions and processes are required – digital certificates to authenticate the user’s device. But even with a secure headquarters and secured individual users, encrypted connectivity is needed to stop any breaches midway. A more granular way of assessing user activities is required. That's where Zero Trust comes in – a verification approach that makes the whitelist dynamic. #3. Protecting the growing use of cloud services Another potential chink in the armour is the growing use of cloud services. In 2020, account hijacking was the fifth biggest cloud threat, according to CSO Online. [5] To address this, the IT team needs to define what is acceptable and “normal” behaviour, i.e. set thresholds for content downloads. A user connecting to a cloud service on the whitelist is fine, but if they try something unusual, then additional layers of verification are required. The key is to make better use of data analytics – looking back across longer periods of time, identifying unusual behaviour over a few months, determining what is normal and acceptable, and what is not. #4. Inability to have a complete view and ability to act across all potential threats In the past, analysing system logs made organisations feel safe. But now organisations need more data – not just looking at the past but expanding into behaviour patterns and data modelling."What’s needed is a new clear perimeter for each individual – in other words, their own fortress."
Adopting advanced threat management increases the speed for both detection and response, across network, endpoints, and cloud – layering in external cyberthreat intelligence such as the type of attacks, bad actors, and the main vulnerabilities. Of course, all this should be automated so that if a major attack is likely to take place, it is already on the radar. To cope with the data volumes required to deliver this kind of protection at scale, organisations also need to deploy machine learning or AI. #5. Security impacting productivity “We often think of insider threats as malicious employees bent on doing harm. While that’s often the case, more than 60% are simply those of negligent employees” (SC Magazine, 2021)[6] Balancing security and productivity for remote workers is not straightforward. For instance, Tata Communications was working with an IT services organisation that supplied software developers to a banking client. The developers were accessing cloud-based services to develop code for the bank’s digital services; understandably, the bank had very stringent security requirements and also high expectations on productivity for these remote employees, so we had to define a security model that aligned with their service and used analytics to help highlight the productivity."From user behaviour analytics to threat analytics and analysis, this insight means organisations can start to predict the most likely threats and begin to protect themselves."

In this context, we needed to address the requirements of the digital banking support staff versus the requirements of the developers, i.e. looking at what was blacklisted, ensuring the system was connecting appropriately, and that no personal devices were used. We also had to look at the device real-time – how long it had been idle and whether it should be stopped with fresh verification and authentication initiated. To conclude, CISOs are thinking about the challenges described above; and key to solving these is empowering the security teams to develop an end-to-end view of their infrastructure and software stack mapped to threats. It’s now about how they further develop an integrated approach to enable Endpoint Detection and Response. Managed Security Service providers can bring this complete package; however, a fundamental change in both mindset and execution are required. They should start by considering: What are the areas we need to address first? Which areas are most mature? What is our cost-benefit analysis? Where do we need to balance security and productivity? As organisations move forward, business logic and cost analysis will increasingly be applied to security. This evolution will support organisations as they move from functionally protecting devices to the ultimate goal of hunting for threats. Finally, the concept of building digital trust will continue to evolve. As Gartner states “ CISOs will need to strike a balance between what is needed in a security program and the risks to undertake for the business to move forward.” (2021) [7] Discover more about building digital trust through cybersecurity."To address the needs of both the software developers and the digital banking assistants, the security model had to be tightly defined with very clear guard-rails of what the users should be doing."
Leaders In Our Own Right
Explore related solution
Enterprises across the globe adopted a work from home model for business continuity during the pandemic. This led to a revamping of traditional B2B communication...
In this blog, Srini CR predicts the upcoming tech trends that are going to dominate digital transformation in 2021. 2020 was quite a year. Hijacked by a global pandemic...
What’s next?
Explore Our Solutions
Explore our solutions through immersive platform demos or engage with our surveys and pricing calculators
Explore Our Solutions
Explore our solutions through immersive platform demos or engage with our surveys and pricing calculators
Explore Our Solutions
Explore our solutions through immersive platform demos or engage with our surveys and pricing calculators