Joyjeet Bose, Sr. Vice- President, Tata Teleservices
The economic landscape transformed overnight due to the involvement of hybrid work culture model. This not only applies to India but across the globe with multiple organizations working in versatile industries. In the hybrid workplace models, businesses have allowed their employees to work from any location, whether it’s the office, their home, or even a site of their choosing. Businesses are now considering how this long-term hybrid workplace be kept safe and ensure that their new ways of functioning do not provide possibilities for hackers to cause havoc. That implies rethinking traditional cybersecurity strategies so that work-from-home employees and resources are equally protected as the resources on-premises.
This massive transition into the digital workspace where more sectors are data driven, requires companies to turn to novel solutions while retaining the essential operating principles of performance, and system stability, without jeopardising the security perimeters. Hybrid IT, a mix of on-premises hardware, software, and computer processing that operates in public and private clouds is typically used to support the hybrid workplace. Thereby, IT organisations must protect the perimeter while ensuring business continuity and that employees have seamless access to a rising variety of apps hosted in private, and public clouds, as well as on-premises IT systems. For example, a real estate firm deployed new practices to build a comprehensive cybersecurity framework which further streamlined their overall threat monitoring mechanism without multiple security tools for different endpoints. In the current scenario, organisations need to reimagine and re-strategize cybersecurity considerations for their Operational environment and IT−Operational Technology integration.
Start With Zero Trust
Zero trust network access (ZTNA) abstracts and centralizes access mechanisms & grants appropriate access based on the identity of the humans and their devices, plus other context such as time, date, geolocation, historical usage patterns and device posture. This results into more secure & resilient environment with flexibility & better monitoring
Zero-trust models require all users to be authenticated and permitted before accessing any company data or apps, whether they are logging on inside or outside the company’s network. It uses an allow list method to access resources to safeguard the company’s infrastructure from end to end. No access
can be provided based merely on a user’s physical location or the location of their network in the zero-trust paradigm. That implies users and devices, remote or otherwise, can only access resources for which the cybersecurity policy has explicitly granted permission. Controlling the asset and being able to defend it through monitoring, patching, and ensuring identities are registered with multi-factor authentication are all part of zero-trust models. This concept has been widely adopted during the pandemic as it has a high correlation with cybersecurity success. According to an industry estimate, successful companies are more than twice as likely (138 percent) to have adopted zero trust as their less-successful peers based on objective cybersecurity measures. The study also predicted that more than 60% of businesses plan to implement zero-trust by the end of 2022.
Protect the Cloud
Cloud offers organizations with benefits including scalability, cost-saving and improved collaboration. However, data breaches in and from the cloud are a real risk due to operational complexity caused by usage of multiple cloud providers.
The Cloud data is typically protected through backups, Cloud storage, and disaster recovery. Thus, to ensure that data remains within an organization’s possession in the event of a malware breach, data loss, or other events three important steps to be considered to protect Cloud would be data security (MFA) , data Protection (FW) & Data breach (Prevention).
In the hybrid workplace paradigm, some businesses have enhanced their cybersecurity by moving to the cloud. Businesses expedited their adoption of services like Microsoft Office 365 and migrated their files to OneDrive, SharePoint, Teams, etc. during the pandemic. This is all part of a larger shift in how people think about workspaces. There is less of a need to return to the data centre as more and more apps migrate to the cloud. However, companies must ensure that they have the appropriate security architecture in place to protect the data. Cloud security software can provide a real-time perspective of security dangers to the cloud. The security teams can utilise the software programme to prevent critical data from being uploaded to unapproved cloud services (shadow IT), limit access to various cloud services based on device status and even prohibit malware-infected files from being downloaded.
Secure the Endpoints
Adopt a holistic approach to endpoint security. Cybersecurity professionals already understood the necessity of endpoint security, but they should also be aware that, with the introduction of zero-trust models, endpoint security has become even more significant. Endpoints are no longer just company-owned, devices such as laptops, phones, tablets, etc. all of which may be owned by the user/employee or the company are used. Thereby, the endpoint protection software should be compatible with a variety of operating systems. If the systems or devices they use can be hacked, the resources they use can be hacked as well.
Organisations can consider the six-point framework:
· In-depth security assessment
· Incident response and cyber crisis management plan
· Security processes, protocols, and controls
· Awareness and training across organisation
· 24×7 monitoring via a robust next-gen IT-OT security operations centre (SOC)/threat intelligence centre
· Red teaming
Employee Cyber Security Training
Studies suggest that human error is responsible for 85% of the data breaches that happens. Securing the hybrid workforce will not just necessitate a technological redesign, but also employees that are familiar with cybersecurity best practises, regardless of the kind of business they are in. If employees are prepared and trained properly, they would be better at identifying phishing attacks, understand how to use a virtual private network (VPN) securely, secure their home network, and follow the data protection requirements of the company. The employees must comprehend how everything works and what their responsibilities are.
The contemporary business environment has triggered a tremendous transition and ensuring that every organisation has robust measures in place to drive the business forward while remaining secure becomes critical.
