Cybersecurity Embraces the New Normal: Sponsored Content
Remote work, distributed networks emphasize different approaches to network security.
The COVID-19 pandemic has forced federal agencies and private businesses around the world to adapt to a new reality, one where most of their employees now work remotely and communicate virtually. This “new normal” imposes changes on how organizations protect and manage their networks, making chief information officers (CIOs) and chief information security officers (CISOs) adapt procedures
to operate in this new reality.
The “new normal” caused by the stay-at-home orders imposed during the COVID-19 pandemic reflects the current state of remote work and its security requirements, says Rob Carey, vice president and general manager for Public Sector at RSA.
What is dramatically different from last year is the percentage of the federal workforce telecommuting from home. This went from 5 to 10 percent (one day every two weeks for some people) to nearly 100 percent of the personnel in some agencies, Carey explains. This massive realignment has a major impact on cybersecurity because with so many people working outside agency firewalls, the available attack surface for hackers has grown by orders of magnitude.
Another aspect of the “new normal ” compounding security concerns is the concept of “everything over mobile” as federal personnel work from home on laptops and smartphones connected via WiFi to home routers. The “new normal” changed this paradigm because it forced CIOs and CISOs to look, scan and protect myriad devices outside the firewall, and to manage centrally how their organizations secure remote workers.
One aspect of this change is the accelerating use of identity credential and access management (ICAM) techniques and zero trust architectures. Many of these concepts have been around for years, but the pressures created to suddenly secure a large remote workforce forced agencies to begin implementing these policies, by connecting network, application and data access to identity credentials, he explains.
The situation has created a new set of concerns for CIOs and CISOs. “Do I have sufficient identity and authentication management? Do I have data-centric security? Can I scan all these devices accessing my network? Can I provide the security that I was providing to the desks in the office buildings that are now not there?” Carey says.
A final consideration for the new normal is that hackers and other cyber threats “are better at this game than they were a year ago” and there are many more targets for them to attack, he adds.
Adapting business operations to
the new normal
In this new environment, public and private organizations need to secure their networks to ensure mission success. CIOs and CISOs are thinking about how to better secure a more diverse network infrastructure because with remote work, the network is now the heart of most organizations, Carey says.
Due to this need, he notes that the new normal also requires organizations to have more robust cybersecurity protocols and a more diverse set of tools to allow security operations centers (SOCs) to better centrally manage this more varied ecosystem and protect the network.
Another major impact is that organizations are learning to function without daily face-to-face interactions. Working remotely has dramatically affected how organizations, especially federal agencies, conduct daily operations. Specifically, Carey says it affects the speed at which decisions are made and carried out because their staff—especially middle management and their teams—don’t have the ability to immediately communicate issues with each other. He noted that the importance and power of teams is very different in the COVID-affected world.
Carey adds that many federal agencies are struggling with this challenge as they adapt to the new conditions. Government and private organizations will ultimately find new, more efficient ways to operate, but the current effect has been a slowdown in how many organizations function since March.
No going back
The changes wrought by the new normal on how organizations operate and secure their networks are here to stay, Carey says. Citing the Department of Defense (DOD) as an example, he notes that after shifting most of its workforce to telecommuting, the Pentagon discovered it didn’t lose any productivity, and is considering allowing its civilian agencies to work under the current setup indefinitely. This also means the existing network configuration to support these workers most likely won’t change back to pre-normal after the pandemic.
“It stays where it’s at and it’s going to embrace the fact that workers can be wherever they happen to be, as long as they can securely authenticate as required to the network and their applications and data,” he says.
An important part of securing these newly dispersed networks is to implement methods like zero trust procedures. Carey describes zero trust, simply put, as the concept of least-privilege carried out across every digital handshake in a network transaction.
While zero trust architectures were already in use in some parts of the federal government, the move to remote work adds new considerations. Traditionally, in the DOD and intelligence communities, only a few people with access to sensitive or classified data could work from home and they were required to use expensive physical encryption devices or digital credentials to remotely log into the network.
The federal workforce was also required to have smart card readers or smart card software on their home computers to even access the virtual private network. Using the banking industry as an example, where online banking is increasingly moving to two factor authentication and other risk-mitigation techniques to create a secure customer experience, Carey notes that federal agencies can mandate and establish base security requirements for home workers and then layer on additional features within ICAM technologies like biometrics, one-time passwords etc.
Agencies are also looking at the location of their remote users, specifically where their login credentials say they are. This borrows a feature used by online banking to determine if someone accessing an account from a foreign location is really the user, who might be travelling, or someone trying to hack into the account. These considerations can be applied to government personnel remotely accessing VPNs from their home computers, Carey explains.
One factor in the “new normal” is that an organization’s overall attack surface is greatly increased, meaning that remote personnel become tempting targets for hackers. A dispersed workforce and the need to react quickly to network intrusions means that many public and private entities are increasingly using automated techniques to identify and sandbox threats such as malware. This trend was already underway before the pandemic, but the current environment has accelerated this process, Carey says.
Artificial intelligence and machine learning techniques are making a major impact on cyber defense and offense, but organizations should note that training algorithms to identify threats and provide analysts with meaningful data isn’t easy, Carey observes.
If an AI system is being introduced to a network, there is a certain amount of grooming and education that has to take place before it can produce accurate threat information. This includes learning the parameters of the organization’s IT footprint, from its facilities and data centers, to its cloud infrastructure extending out to the home workers remotely accessing the network.
“How do I keep an eye on all of that?” Carey says, noting that the increasing use of AI is giving organizations’ security operations centers a more central leadership role in network defense.
Risk management is an important part of cyber defense, and while there are unknowns, the goal is to apply energy and resources in the form of technologies such as AI where the risk is highest. For example, well-trained AI systems can potentially identify and mitigate malware on the network at machine speed before alerting an analyst. In an existing network with its firewall and security stack, AI permits faster, more accurate decision making, Carey says.
Embracing the new normal
The new normal is ultimately a hybrid of previous security and network techniques accelerated and put into widespread use to meet a unique situation and the need to support and protect a distributed workforce. Cloud infrastructure has a central role in this new environment because it allows organizations to scale quickly and securely to meet varying demands, Carey says.
“We’ve been talking about things like FedRAMP for more than 10 years, and now we’re finally able to deliver the secure cloud that everybody needs,” he explains, adding that as the threat continues
to evolve, so must cyber defense.
“I think the thing that the new normal presents is really different—we’ve been at this not quite six months yet—so it’s sort of here and you’re seeing trajectories for transformation building off of this, not where they were before. They [organizations] literally dropped where they were before,” Carey says.