This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Workspot Chief Product Officer Jimmy Chang offers three key steps to improve security posture while transitioning to the cloud.
The Great Resignation has added multiple layers of complexity for business leaders aiming to maintain IT security and productivity amid the shift to remote work. With 4.3 million people quitting their jobs in January 2022, record turnover rates have given employees the upper hand, placing intense pressure on their employers to adopt a remote or hybrid work model. To accommodate this level of flexibility while also preserving company security, enterprises are choosing to migrate their data to the cloud.
However, transitioning isn’t just about moving the location of services from on-premises to another location. It requires a new set of strategies that align people, processes, and products/tools to make the jump smooth and secure.
Transitioning to a cloud environment is a relatively new undertaking – even five years ago, many enterprises did not have a cloud strategy. Pre-pandemic, it was generally assumed that working in the office was the norm, with remote work as the exception. In this context, IT personnel only had to worry about security within their own company network, with the exception of a handful of remote employees to monitor. Now that the norm has flipped to the work from home model, IT leaders are faced with the unprecedented challenge of maintaining security across a vastly increased threat surface.
Security must now extend beyond the confines of the office into whatever network an employee happens to be working from – residential areas, airports, Starbucks, etc. How can you trust that employees are who they say they are when you aren’t even sure that these networks have security guardrails that meet your company’s standards? The answer is, that you can’t – well, not if you rely on end-user behavior to follow the right processes and use the tools appropriately. Remember the simple fact that security fails in this order: people, process, and then products/tools.
Remote work is here to stay, meaning that every company’s threat surface has become too vast to manage themselves – IT can’t control end-user behavior, so a different approach is necessary. Hence, the rising popularity of cloud migration. In making the transition to the cloud, here are three key considerations for improving overall security posture:
1. Adopt a Zero Trust IT Strategy
Remote work based on providing PCs to employees amplifies cybersecurity risks. The less control an employer has over company resources, the higher the likelihood of a security incident because this type of security model relies on individual people to follow processes they might not remember.
When moving to the cloud, organizations have a unique opportunity to strengthen their security posture by focusing on creating a strong front door and putting all data and applications behind that door! Zero Trust is a popular framework that supports a strong front door.
Simply put, Zero Trust means trust no one, always verify– inside or outside the organization. With a Zero Trust model in place, access to company data is granted on the basis of identity verification, rather than the outdated device-based access management method. Furthermore, zero trust continues in the cloud by leveraging comprehensive security measures for ongoing observation and verification of access to apps and data.
2. Leverage Cloud PCs
Once you have a strong Zero Trust front door protecting access to applications and data, how do you provide access to that data and applications and increase operational security?
A cloud-based virtual desktop delivers a more secure experience than a fleet of distributed laptops and desktops by shrinking the footprint of data and access. Centralizing virtual desktops in the cloud removes the dependency on user behavior to ensure security and makes it easier for IT to ensure operating systems and application patches are consistently applied, reducing the chances a bad actor could exploit a software weakness. Some Cloud PC platforms even make it possible to prevent any data from being stored or copied to the endpoint, reducing the risk of data theft or misuse.
Today, the public cloud offers both elasticity and security. Customers have the ability to run software in dozens of cloud regions worldwide – essentially every organization now has relatively local access to these data centers, which is the key to providing great performance to end-users. From a security standpoint, when desktops are running in one of the dozens of Google Cloud and Microsoft Azure data centers around the world, companies can operate with peace of mind knowing that these cloud providers invest billions of dollars in cutting edge data and network security, with world-class security specialists, and concrete security practice processes. Their investment in people, processes, and products/tools for security is more than most companies can do themselves.
3. Ensure Comprehensive IT Visibility and Monitor Everything
After building the strong front door and centralizing all applications and data onto the cloud that you control, prioritize holistic, real-time visibility into your IT landscape. Monitor all successful access and unsuccessful accesses into your cloud environment to ensure that your Zero Trust framework is operating correctly. Cross-reference access with other signals. Cloud desktops simplify monitoring by reducing the surface area to watch and can also provide those additional signals to verify your Zero Trust framework data.
Without comprehensive visibility into an organization’s IT infrastructure, IT teams have no way of properly monitoring users and desktops and will fail to detect risks proactively that can impact business continuity.
As you are considering zero trust and cloud desktops, understand the capabilities that each vendor can provide relative to not only desktop performance and availability, but additional data that can sync with SIEM systems, such as log-on attempts, user locations, and other security events.
Andy Grove, founder and former CEO of Intel once said, “only the paranoid survive.” Although spoken in the context of business management, the sentiment also applies to data security. Given that businesses suffered 50% more cyber-attack attempts per week in 2021, in today’s remote workforce, there is no such thing as being too paranoid. To succeed in transitioning to the cloud, IT leaders must address reliance on legacy security protocols, shortfalls of cloud built-in security capabilities, visibility gaps, and third-party workflow dangers. With these factors top of mind, enterprises can operate safely while ensuring business reaps the benefits of the cloud in these challenging times.