A new report from Bitglass examines how businesses adjusted to the shift from offices to working from home; 84% support remote work, but are ill-equipped to keep data secure.
Companies have accepted the new normal of employees working from-home, despite some credible concerns about security. Still, 84% say they’re “somewhat likely” to continue increased work-from-home capabilities after the COVID-19 pandemic, due to increased productivity benefits. Some were even more confident: 44% said they were “very likely” to continue telework, as reported in the new Remote Workforce Report from Bitglass.
The report revealed a “massive shift” toward remote and home-based work environments, due to the COVID-19 pandemic. Prior to the shift, 63% of companies had less than 25% of staff work remotely. Today, 75% of companies said they now have more than 75% of their workforce telecommuting.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
Top concern: Security
Security was, and still is, a major concern. When asked how prepared the company was from a security perspective, 70% were “only moderately prepared to not at all prepared.” Security access capabilities were not expanded by 41% of respondents, and the way organizations did so was to purchase more user licenses for existing apps (39%), followed by adding new vendors/solutions (26%), and purchasing more hardware (18%).
While some businesses provide staff with company-owned laptops, many employers relied on those working remotely to use their own equipment; a total of 65% allow access to personal, unmanaged devices. And yet 55% see the scenario as a significant security risk.
Remote work equipment was deemed the biggest impediment to scaling security (50%), followed by bandwidth restrictions (37%), and not enough software licenses (26%) as the key barriers. A further 24% cited the logistics of installing agents on employees’ personal devices, with 21% declaring there have been no security scaling issues.
SEE: COVID-19: A guide and checklist for restarting your business (TechRepublic Premium)
Of the apps remote workers use, from a security perspective, organizations are most concerned with the most fundamental of business applications companies rely on: file sharing (68%), web applications (47%) and video conferencing (45%). Other concerns were messaging (35%), social media (27%), and websites (26%).
Only 34% of respondents reported any endpoint compliance in security controls, with 18% having cloud DLP. When cloud, BYOD, and remote work work are enabled, organizations must deploy security solutions, so numbers for solutions like CASB, UEBA, ZTNA, and web filtering should be higher.
Security measures most frequently employed by respondents were:
- 77% anti-virus/anti-malware
- 77% firewalls
- 66% virtual private network
- 66% multi-factor authentication
- 53% backup and recovery
- 52% password management
- 50% file encryption
- 50% endpoint security (EDR)
Pre pandemic, organizations reported having varying degrees of preparedness with a business continuity/disaster recovery plan that included a rapid shift from on-premises to a remote workforce: 29% reported being “fully prepared,” 38% replied “moderately prepared, 27% admitted being “ill-prepared,” and 6% said “not at all prepared.”
Fears of the coronavirus accelerated the migration of 54% of user workflows to cloud-based applications. Bitglass warned that companies need to explore security, since securing applications in the cloud is markedly different than from on-premises.
SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)
“Without the ability to see user activity, organizations will be faced with unauthorized data access, inappropriate external sharing, and more,” said Anurag Kahol, CTO of Bitglass. “Consequently, they should use cloud data-loss prevention (DLP) tools that prevent data leakage by identifying and controlling sensitive information at rest and upon access. Likewise, agentless identity and access management tools must be utilized; for example, step-up, multi-factor authentication (MFA) detects abnormal user activity on any device and requires additional authentication in real time.”
The threat vectors the companies were most concerned about with employees working from home were:
- Malware 72%
- Phishing 67%
- Unauthorized user/privileged access 59%
- Unpatched systems/vulnerability exploits 44%
- Identity theft 41%
- Malicious websites 33%
- Insider attacks 26%
Move to permanent remote work?
On May 13, Twitter founder and CEO Jack Dorsey announced that the company would be a remote operation “permanently,” but only 33% of those polled are considering making some positions permanently remote (that used to be on-site) after the pandemic, and another 50% are unsure of what will happen, and a mere 17% replied with a definitive “no.”
“Due to the COVID-19 pandemic, more people are working remotely than ever before,” Kahol said. “With this shift, organizations must ensure they are taking the correct steps to maintain comprehensive security, since leveraging cloud-based tools is a fundamentally different way of conducting business than the traditional, on-premises approach.”
Respondents addressed the key security challenges in increasing the remote workforce and cited:
- User awareness and training 59%
- home/public WiFi network security 56%
- Use of personal devices/BYOD 43%
- Sensitive data leaving perimeter 41%
- Increased security risks 41%
- Lack of visibility 33%
- Additional cost of security solutions 32
Regarding productivity, almost half (46%) report it at “about the same” as when the majority worked on-premises.
But companies have gleaned a good deal from the months in lockdown. And, it’s left employees optimistic. In fact 44% continue to support increased work from home capabilities in the future because of increased productivity and other business benefits; 44% said it’s “very likely” to support more employees, with another 40% indicated “somewhat likely.”
Two-thirds of organizations believe remote work environments have an impact on their compliance posture (63%). GDPR tops the list of compliance mandates (50%):
- GDPR 50%
- PCI DSS 38%
- Others requiring security breach notifications 38%
- HIPAA 33%
- GLBA 17%
- FISMA 12%
The Bitglass online survey, conducted in May 2020, consisted of 413 US IT and cybersecurity professionals, ranging from technical executives to IT security practitioners, a balanced cross-section of organizations of varying sizes across multiple industries.