According to a recent report from McKinsey, in April alone, an estimated 62% of those employed in the United States had started working from home due to the pandemic. In comparison, that percentage was just 25% before COVID-19 became a seismic event in all our lives.
While there are very real benefits to remote work—beginning with companies being able to keep the lights on during the pandemic—one major drawback is ensuring company data is protected.
Even in the best of times, protecting sensitive information requires diligence. In the current environment, many employees typically not accustomed to working from home often will be doing so without adequate data security and protection training. Having the right technologies, policies, and governance strategy is more crucial than ever—let’s take a closer look.
The data economy
Increasingly, companies of all sizes are striving to democratize their data.
In my opinion, the goal of data democratization is to ultimately increase the velocity of insight. To increase that velocity to insight, people throughout your organization need access to the same data.
When such barriers are removed to provide that access, things can get tricky.
- Take a moment to imagine your data scientists, who are training new algorithms from an existing data set to create a new model for further inferencing on even newer sets of data, are working not only remotely but potentially across countries.
- Now imagine your HR, marketing, sales, and engineering teams are all potentially accessing the same sets of data in varying chunks and trying to extract insight via various business intelligence and visualization methods.
- Can you imagine your IT teams scratching their heads on how to secure this process?
Just reading this is probably making you sweat as an IT organization, and we haven’t even scratched the broader surface involving external contractors, external partners, and cross country/continent access.
While the value and competitive advantages of data democratization are proven, we cannot overlook the fact that it increases every organization’s risk profile. Further complicating the scenario is the compounded risk of an increasingly remote and dispersed workforce. For many enterprises, the rush to enable remote employees and contractors has led to gaps in the entire data governance process.
According to numbers compiled by Statista, more than 160 million records were exposed through data breaches in the United States in 2019 alone. And that number was actually much smaller than the previous year, when the amount of records exposed topped a whopping 470 million.
Most data breaches can have a significant impact on an organization. Beyond substantial fines and, in some cases, congressional hearings, allowing customer information to be exposed creates a distrust that can tarnish a brand for months if not years.
Ensuring data is protected
At a high level, the foundation to a successful, scalable, and resilient data security governance framework should consist of at least the following foundational pillars:
- Visibility (monitoring and alerting)
- Dynamic security compliance and protocols
- Increased training and awareness
- Promoting agility in IT and data governance
Each of these pillars—which should be in place even in normal times—have taken on a heightened importance in our present reality. That means the first step every organization should take to protect their data is to review their existing framework, protocols, policies, and procedures.
This review should be holistic and touch every segment and aspect of how an organization gathers and uses data such as:
- A review of data cataloguing, including use, origination sources, destination sources, warehousing tools, data quality, and integration points.
- A review of data movement and tools. This includes where and how often certain types of company data are being transferred between tools and platforms identifying what the common entry and exit points are for external and internal data; mapping certain data movement of employees, divisions, and segments of an organization; and reviewing movement and access frequency.
- An audit of data security, contingency, and response measures in place in order to identify potential risks and gaps in such areas as credentials management, breach protocols, recovery protocols, e-discovery protocols, ransomware protocols, disaster recovery protocols, and many more.
- Assessment of data storage and operations including database management and file storage systems, where and how data resides, data lifecycles, backup and archiving policies, and data resiliency policies that align with disaster recovery protocols.
- IT assets and deployment review. Endpoints and devices; high-risk devices (e.g., USB and thumb drive policies); physical use, storage, and disposal; onboarding/offboarding; Virtual desktop infrastructure, WiFi, & VPN are some of the areas of interest that fall under assets.
Taking these steps should be one of the most important decisions for any organization that has been forced to embrace and/or scale remote work during this incredible period of change for all industries and verticals.
If your enterprise doesn’t currently have the capacity or resources to conduct a thorough assessment, you should consider partnering with a technology solutions provider like Redapt who has the capabilities and expertise in place to guide your organization through every step of the process.
Once you’ve completed your review, the next step is to implement a sound strategy for remote work.
In general, the challenges with remote work can be broken into the following four categories:
1. Onboarding and offboarding
Setting up security compliance, authentication, and access for employees—as well as external vendors and third party contractors—can take days or weeks.
2. Scaling remote work to keep pace with business objectives
Shipping managed devices, especially with border lockdowns and the current shipping delays, is a major challenge.
3. Securing remote work
Not being able to manage identities (including outside vendors and contractors), having an outdated single factor authentication, a lack of integration between various security mechanisms, and a lack of zero-trust network segmentation can greatly impact productivity and increase security risk.
4. Audit/compliance of assets, employees, contractors, and vendors
Not having permissions and auditing policies in place for shared files, or insufficient audit trails and logging policies, can lead to substantial security risks.
Within these four categories, there needs to be acceptance that some tried and true existing technologies could be outdated.
For example, if you need to deploy on-prem VDI, make sure to stick with industry leaders. You will also want to apply a layer of additional security features that may be lacking from such vendors, but are security features that can be managed and monitored effectively within your existing security paradigm.
The cultural shift to remote work adoption and all its various facets is likely going to maintain momentum for the foreseeable future. By focusing on protecting data now, enterprises can mitigate the potential for operation disruptions and major threats to security.
Keep up with Redapt
- Enterprise Infrastructure
- Cloud Adoption
- Data & Analytics
- Cloud Native
- Workplace Modernization
- Code Development
- Multi-Cloud Operations
- Google Cloud Platform (GCP)
- Tech We Like
- Business Transformation
- Security & Governance
- Dell EMC
- Managed Services
- IoT and Edge
- Microsoft Azure
- Emerging Tech