This new normal will bring dramatic increases in hybrid environments for working in offices and at homes, particularly for knowledge workers. It’s not just about enabling people to work from home; it’s about making sure that they are productive and secure. Employees are more frequently using the same device for work and personal use, which creates a more significant and more varied attack surface. So, it’s essential to develop a robust security posture for bring-your-own-devices (BYOD) as you do for company-owned.
For many companies, business continuity plans will need updating. Organisations will need an evergreen business continuity plan. It will enable a business to quickly get up and running with no data loss, such as having multiple active cloud data centres in various regions so that if one goes down or is unavailable, the other one takes over in real-time.
Other vital considerations include enabling employees to work from anywhere; greater geographic diversity in the supply chain; remote customer service and support, and remote IT support as a rule, not the exception. There will also be more risks of breaches due to employee negligence or ignorance.
With the Network Operations Center and Security Operations Center personnel working remotely, you’ll need a plan. Traditional NOCs and SOCs are dead. Next-generation NOCs and SOCs will require a centralised view of incidents, higher degrees of automation with lower false-positive rates, security-focused case management and, finally, real-time collaboration among analysts working from their homes all over the world. A new remote SOC model should be based on cutting-edge tools; is highly automated; is powered by machine-learning algorithms for massive intelligence; and enables coordinated and highly efficient responses to behavioural anomalies in infrastructure, applications and data.
For IT and security teams, focus on leveraging signals from data to learn what is working versus what is not, and quickly iterating on tools and technologies that customers and employees are comfortable using. We cannot expect our workers to engage in safe practices if they don’t know what they are. It is our responsibility to make sure they are informed and provide training and enforcement of security policies. Constant communication is needed.
While the future is impossible to predict, your organisation will benefit from adapting to all these changes.
There will be a new normal. It has already begun.
Learn more about the new normal by watching the RE:IMAGINE Executive Briefing Event recording.