Oct 02 2020

VMworld 2020: How to Secure Remote Work for Business Continuity

With more devices connecting to the network than ever, organizations need to make sure their connections are protected.

There’s been a lot of discussion about how the workplace has changed since the pandemic began. 

But not all of those changes have been entirely new concepts, said Harsha Nagaraju, senior product marketing manager at VMware. Mostly, the pandemic has accelerated trends that were already gaining steam, like remote work and security that moves away from perimeter defense.

“They wanted to work from anywhere,” said Nagaraju, speaking at VMworld 2020. “They wanted to use the device of their choice, and apps were also moving away from a traditional data center to the cloud.”

Despite the fact that remote work and mobility may not be new trends, the rate at which they’ve expanded has been daunting for businesses. 

“Now we have a situation where the majority of the workforce is remote,” Nagaraju said. “I was just looking at a Gallup survey that talked about how, in a pre-COVID world, pre-pandemic world, there were only about 3 to 4 percent of the workers who were working remotely. That number has now jumped up close to 75 percent. So it's dramatic.”

Organizations have had to make a lot of adjustments to respond to this growth, and that includes security measures. Once the dust settled on the transition to remote work, businesses had to turn their attention to how to secure those connections in the long term. 

The Security Challenges Businesses Have Faced During Remote Work

When the pandemic began, businesses had to get employees up and running incredibly quickly. Because of the speed needed, many organizations turned to familiar technology, like VPNs, to connect workers.

But few, if any, had the infrastructure in place to support a fully remote workforce in that way, and the result was new gaps in security. 

“We started seeing security vulnerabilities and threats go through the roof, across the board,” said Nagaraju. “If you look at just malware or ransomware, our own VMware Carbon Black Tech research group saw ransomware attacks go up 150 percent. Other third-party reliable sources have put phishing attacks up 600 percent, just over the three to four months into the pandemic.”

The use of new devices made it more difficult for organizations to see who was connecting to their networks.

“We are living in an environment where employers or enterprises are flying blind here,” said Nagaraju. “They don't have much visibility into what endpoints are getting into their enterprises. They don't understand what kind of applications are being accessed, on which network and from where.”

MORE FROM BIZTECH: Three keys to a future-ready workforce.

How Businesses Can Adjust to New Security Concerns

Now that enterprises are adapting, Nagaraju said that they’re looking for better quality service along with workspace security, something that requires integration within solutions.

“It is a whole category of products that we are building out by pulling together the best-of-breed management software with VMware's Workspace ONE for managing all your endpoints, and combining that with the best-of-breed, next-generation, cloud-native endpoint security solutions coming from Carbon Black,” he said. “So you now have one platform, one console, to manage and secure all of your physical endpoints.”

It comes down to three buckets of protection, Nagaraju said: prevention, visibility, and detection and response.

“This tight integration, we believe, is completely going to change the game in the way you manage and secure your endpoints,” he said.

The sheer number of users connecting to the network also makes it more important than ever to implement zero-trust security principles. That starts with access management.

“The enterprises need to put solutions in place to ensure that the person is legit, that the username and password that you're seeing is accurate,” said Nagaraju. “You need to have technologies around multifactor authentication. You need to look into their behavior anomalies and then allow or restrict access.”

Taking these steps can protect operations, information and devices at a time when many organizations are in a state of flux.

“This is about ensuring end-to-end security,” Nagaraju said. “To make sure that the access pathway, from the user to the crown jewels, your data and applications, is completely secure.”

anyaberkut/Getty Images