For most of us, working has always been social. We’d commute to an office every day where we’d spend our day in strategy meetings and whiteboard sessions, grab a coffee to catch up with colleagues, and catch the boss while walking the hall to provide the latest project update. Once in a while, if we had a personal appointment, a customer meeting across town, or an early-morning conference call from overseas, we’d be able to work from home, logging in from a VPN where we’d have secure access to productivity tools.
But remote work was the exception to the rule, an afterthought for most IT teams still focused on gradual cloud and digital transformation strategies that they thought would play out over the next several years as enabling technology continued to evolve.
That all changed literally overnight. The new normal is filled with video conferencing with colleagues while our kids play in the background, collaborating over Software as a Service (SaaS) platforms with persistent connections, and sharing with our partners and school-age kids our residential-grade Internet connectivity that has been stretched to its limit.
We’re now more than three months in, and it’s clear that things are not going back to the way things were. The future of work has been accelerated. Working from home is the new normal.
The problem is that remote workers pose a major security threat. The Internet remains a cesspool of increasingly sophisticated cyberthreats such as phishing, ransomware, drive-by downloads, and more that are growing bolder every day. Corporate security teams have no visibility or control into communications between remote workers and the web-based tools they need to access, so they’re in the dark about whether users’ credentials or devices have been compromised.
Most remote users are required to log in via a VPN, but a poor user experience exacerbated by the high volume of work-from-home traffic has organizations looking at a new approach. It’s clear that the only way to secure the new normal is to apply security services and policies through the cloud. A cloud-based strategy allows organizations to implement an isolate-or-block approach to cybersecurity, in which known malicious traffic is blocked right away while all other traffic is fetched and executed in a cloud-based browser far from the end-user device. With an Isolation Core that is cloud-based, it doesn’t matter if there’s a known or unknown vulnerability on the endpoint, because no content—whether it is malicious or not—is executed on users’ browsers.
This strategy allows organizations to give users fast access to SaaS platforms while giving security teams full visibility and control to secure those connections through cloud-delivered isolation, URL filtering, acceptable use policies (AUP), data loss prevention (DLP), and SSL inspection.
Delivering security through the cloud isn’t easy, however. Organizations need a pragmatic, incremental approach that allows them to secure remote users today while planning for the future. Read our new ebook, Securing the Future of Work , to learn how you and your organization can intelligently transition to this new normal.
Please do not hesitate to contact us with any questions.
*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by Mehul Patel. Read the original post at: https://www.menlosecurity.com/blog/securing-the-new-normal-future-of-work