11 December 2020
John Grimm, vice president of strategy and business development at Entrust
The Covid-19 pandemic was a catalyst for accelerated worldwide enterprise digital transformation. It created an unprecedented requirement for increased digital capabilities just to ensure businesses could continue to operate. The speed at which the virus spread and its impact forced companies to act quickly, in many cases prioritising temporary functionality over security to simply survive. Now, with government recommendations making remote working the norm rather than a passing phase and a majority of executives and office workers expressing a preference to continue to work some of the week from home after the pandemic, the question then arises; how can security meet the demands of the modern workforce?.jpg?lu=976)
The process of implementing temporary measures to enable this dramatic surge in remote working has put existing IT infrastructure under increased pressure and the security community has raised strong concerns that could endanger business and personal security. In Entrust’s 2020 PKI & IoT Trends Study, when asked about security trends and capabilities, half (51%) of respondents reported that the solutions already in place either were incapable of supporting new applications or that there wasn’t the ability to change legacy applications .
This is a concerning finding, considering the new and numerous demands on enterprise security systems caused by a growing remote workforce. It is not just the sheer number of people now requiring remote authentication and digital capabilities that are putting IT infrastructure under pressure. There are significant security challenges that face colleagues working from home. Unsecured internet connections, personal devices accessing business systems and the presence of smart home appliances put new stresses on business cybersecurity.
These factors expose businesses to a greater attack surface than ever before and with enterprise data being transmitted at a greater rate than ever before existing systems are, in some cases, unable to ensure adequate security. This could lead to data being stolen and sold on the dark web or used to cause data breaches that, according to IBM, on average cost a business over $3.8 million .
The significant cybersecurity threat posed by remote working and businesses engaging in digital transformation programmes led to many IT security professionals implementing infrastructure changes in preparation. In fact, the data would suggest that the rapid increase in issued digital certificates for cloud applications and enterprise authentication is related to organisations creating the infrastructure for remote working and increased digital capabilities as 2020 began. This allowed some businesses to quickly move to a more digitally orientated work style, however, other organisations implemented quick fixes and temporary measures to meet the requirements of the time.
In the UK, businesses outperformed many of their international counterparts with their existing digital security capabilities before the lockdown enforced transition to a remote workforce. Nearly nine in ten (87%) British respondents already had an internally hosted certification authority that could authenticate identities and issue security certificates for enterprise applications. British enterprises also ranked highly with the number of certification authorities per organisation (4th in the world) and the number of applications that require this sort of authentication (3rd in the world). This existing infrastructure ranks the UK as the world leader in internal certification authorities and perhaps indicates the technological advancements the UK has made with a wealth of technology companies calling the UK home.
Even with British businesses’ impressive level of preparation and digital capability, these unprecedented times have called many security systems and protocols into question. Being better than a majority of the international community is an achievement, but it may not be enough. Secure solutions must be implemented at all levels to ensure network integrity and to cover the technical gaps that remain in the British enterprise landscape that may be magnified by the conditions of the pandemic. However, the study would suggest that the technology itself is not the main concern in terms of security. Statistically, the largest hindrance is peoples’ lack of understanding of the capabilities of PKI - with half (52%) of respondents ranking this as the top challenge and two thirds (63%) reporting that organisations may not have a clear idea of who is responsible for PKI ownership .
Organisational issues such as these are amplified by the distinct lack of resources and skilled individuals available to IT security teams around the country with nearly half of British respondents suffering from insufficient resources and skills. This is a global issue however, and a considerable challenge to ensure the security of a growing remote workforce. While not a quick fix, organisations should look closely at the applications that consume certificates from their PKIs and ensure that the PKI is deployed with security measures that match the risk profile for the organisation and the applications. Organisations could also implement stringent guidelines and training programmes to employees to raise the issue of connected device security and instil best practices to reduce human error in maintaining network integrity. As remote working becomes more common, even post pandemic, these actions are a must for businesses to secure a growing digital workforce and protect both the organisation and the employees.
