In 2020, just under half the UK workforce worked from home at least some of the time, according to the Office of National Statistics. In the United States, a survey by Upwork found that over a quarter of professionals expect to work fully remotely within the next five years.

Working from home has been propelled into the mainstream by the COVID-19 pandemic as well as the resulting lockdowns and restrictions on traveling to work. But the pandemic only reinforced and accelerated a trend that was already evident.

And that trend towards remote and flexible working is changing the security threats facing all organizations.

Changing Threats

Flexible and remote working – and by extension, working from home – demands a different IT architecture to the conventional workplace. Employees using mobile devices, potentially including privately-purchased hardware, presents a different risk to corporate desktops that are deployed and managed by the IT department.

Working outside the corporate firewall and across networks – domestic broadband, public WiFi, and 4G and 5G cellular – presents a different attack surface. The perimeter is far more dynamic, if there is a perimeter at all. Devices and applications are less easy to update or patch. And physical security comes into play. Devices can be lost, stolen, or potentially tampered with.

But the “back office” has changed, too. Flexible working is only possible if employees have reliable, consistent, and secure access to business applications and data.

Previously, organizations relied on virtual private networks to connect remote workers to enterprise applications. VPNs proved vulnerable to attack during the pandemic, and they quickly became a bottleneck.

With larger numbers working away from the office, relying on VPNs is no longer viable. Instead, the emphasis is now on software-as-a-service and web applications. But these, too, will need to be secured.

Security in (Read more...)