As the COVID pandemic continues to mandate remote working measures around Asia, along with a rising trend in the Bring Your Own Device (BYOD) movement to accommodate a rapidly evolving workforce, one question comes to mind: How are IT and security leaders handling this sudden wave of unmanaged devices that are now under their watch?
The new norm
As remote work environments grow, so do challenges ranging from managing device access to handling urgent mobile security concerns. 49.3% of Singaporeans and 65% of Malaysians shifted to work-from-home since the pandemic swept the globe. And remote work looks to be the new normal; 9 in 10 Singaporeans want to continue working from home.
With more enterprises shifting to permanent remote work or hybrid work models, more devices are connecting to corporate networks, whether they are company-issued or personal devices. Contractors and suppliers who bring their own devices can access the company’s email systems, cloud apps, or even private apps.
The danger of ignorance
The more devices that are connected to the company network, the greater the opportunity for attacks to rise. A hacker who compromises a contractor’s device suddenly has entry into the larger enterprise.
Bitglass, a Forcepoint company, and industry research firm, Cybersecurity Insiders polled hundreds of cybersecurity professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced by personal mobile devices being connected to corporate networks and resources. Data protection was on top of IT and security leaders’ minds – 62% of respondents listed data leakage/loss, such as corporate data removal by a former employee, as their top concern. This was followed by users downloading unsafe apps or content, and unauthorized access to company data and systems.
However, the most surprising finding from our research was that organisations today do not have the visibility to properly manage and secure the growing number of unmanaged devices connecting to corporate resources. Asked if any of their BYOD devices had downloaded malware in the past 12 months, 22% of respondents said yes, but a surprising 49% said they were “not sure.”
Also, when asked if any of their BYOD devices connected to a malicious Wi-Fi in the past 12 months, over half (51%) said they didn’t know. Device apps that organizations have the most visibility into include email (74%), followed by calendar (58%), contacts (55%), and messaging (51%).
Lacking this fundamental level of visibility across these basic applications does not bode well for enterprise BYOD security. Even though organizations have visibility over email traffic on BYOD devices, they lack visibility on data-centric applications, such as file sharing and cloud backup – which are key to data protection. This is how malware and threats can spread rapidly.
Power in visibility
Legacy security technologies such as VPN and SWG fortify the front door, delivering security for users on managed devices within the company.
However, they cannot secure remote workers, contractors and suppliers on unmanaged devices connecting directly to cloud applications and networks. VPNs are an access tool – not a security tool. They were not built for today’s mobile to cloud enterprise work environment, where they run into scalability and performance issues as well.
To deal with today’s evolving threats, IT and security teams should consider a modular approach to support hybrid workers, integrating Zero Trust Network Access (ZTNA) for their access to private or on-premises applications, a multi-mode Cloud Access Security Broker (CASB) for all types of cloud services, and web security on-device to protect user privacy and remove performance bottlenecks.
ZTNA provides secure access based on adaptive controls; it also monitors user activity and performs continuous risk assessment. ZTNA reduces the enterprise’s attack surface and increases IT’s visibility into user activity and applications. Rather than giving excessive access to the network and all internal resources, ZTNA gives secure access only to specific authorized resources one at a time based on a user’s access context.
Take control of your network’s resources today. To ensure your network is secure, especially in these times where the number of unmanaged devices continues to spike, full visibility and control over all your data across all types of devices and apps is non-negotiable.