Once, it was relatively simple to keep corporate data secure — with everyone working in the office, you just need to block the perimeter, right?
But how do you do that in a world where seemingly everything has to be stored in the cloud and each remote employee introduces a security risk?
It requires a fundamental rethinking of what security looks like, to start.
During CDW’s Tech Talk, “Optimizing the New Workforce Dynamic,” Duo Security Advisory CISO J. Wolfgang Goerlich said that the sudden complexity was created by the mass shift to remote work.
“Now that everyone has shifted to work from home, it’s as if we’ve got 10,000 branches,” Goerlich said. “So the techniques we use aren’t scaling, the approaches we use aren’t scaling, we don't have the manpower, the technology to possibly secure 10,000 branches.”
That added complexity means security approaches that once defined work styles for decades now have to be reconsidered or retired — which means the moat needs a rethink.
“We start to talk about traditional IT as being this environment that had a hard-candy shell around it, or a castle with a moat,” said Kevin Swanson, a Microsoft Surface Specialist. “And you protected all of these outside threats from the things that were important to your business on the inside.
“That dynamic is changing.”
WATCH: Get Goerlich's full session here and find out what he had to say about security in the new normal.
Build a Secure Infrastructure with Identity at the Center
During his session, Swanson said that the loss of a broader barricade around the organization’s overall structure requires a rethinking of where security considerations should come into play.
“And instead of thinking about this as, we harden the environment around them, well, maybe we start to take a look at how we secure the data and secure the applications,” Swanson explained. “But more importantly, with something from an identity perspective.”
Identity confirmation, as offered by technologies such as Windows Hello’s infrared camera on Microsoft Surface devices and other Windows laptops, can help to validate users and confirm data is being accessed by a trusted user. The facial authentication data is itself secured.
“I think it’s important to note that we’ve really built a secure platform, but we’ve also secured identity,” he added.
This may require changes to the infrastructure to adapt. Swanson pointed to Microsoft’s global network, which has been battle-tested in part because Microsoft is one of the most targeted entities in the world.
Swanson noted that Microsoft’s secure infrastructure is scalable — something that is particularly important right now, given the shifting nature of the market. It can even provide resources to customers from access points close to where they live, potentially offering a better experience than they might get in an office. And as needs suddenly emerge, it can adapt to those needs.
“If you have a temporary staff that needs to come in and work for a short period of time, that’s another aspect of this,” he said. “Because, as we start to go through a pandemic, if you do see your business scaling, how do you scale in a time when people are physically separated from one another?”
The Case for Fewer Steps for End-User Security
The problem for those working remotely in this environment, of course, is that security often gets pushed off to the side in no small part due to its complexity.
How can you find a way to balance security considerations with ease of use? Goerlich recommends finding approaches that remove steps from the process for the intended end user by implementing design thinking around security issues.
Goerlich cited Apple’s implementation of the Touch ID sensor on the home button for many iPhone devices as a brilliant way to meld security with design. The secret is in the way it combines two steps when using your phone: opening up the device and using your fingerprint to secure it.
“Within a year, adoption jumped to 80 percent for people who are locking their phone. Fantastic,” Goerlich said of Touch ID’s initial implementation in the iPhone 5s in 2014. “Why? Because they’re looking at the steps of the user, reducing them and making them more familiar at the same time.”
But while the addition of security into the phone’s home button simplifies security for the end user, Goerlich said, it actually makes it harder for criminals to attack — which offers a design philosophy worth following.
“We want to be increasing steps for the criminals when it’s invisible to the user,” he said.
Follow BizTech’s coverage of CDW’s Tech Talk series here. Insiders can register for it here.