Work from home means far less security visibility
Nearly 80% of enterprise security officials said they encountered widening visibility gaps during the COVID-19 pandemic, as the rapid shift to work from home made it more difficult to monitor the security of remote workers, according to a study by Enterprise Strategy Group, commissioned by Axonius. The study included 500 IT and security decision makers across North America, Europe, the Middle East and Africa and the Asia-Pacific region.
For 79% of respondents, there is a widening visibility gap in their cloud infrastructure, while 75% said the gaps had widened for end-user devices and IoT environments. Organizations, in some cases, reported 3.3 times more security incidents, according to the report.
About three-quarters of organizations expect the number of remote workers at companies to increase, even after pandemic recovery begins and workers begin to return to the office. Four of every five respondents said their companies will invest more money into securing corporate assets.
Since the early days of the pandemic, companies have struggled to get a clear view into security threats and employee endpoints. Companies made immediate decisions about sending employees home from the office a year ago, and the environment became increasingly complex as companies in many cases had to move their various streams of data into multiple buckets.
"The shift to remote happened overnight, and that's where we're seeing a lot of the visibility challenges," Nathan Burke, chief marketing officer at Axonius said. "Now you're using four or five or more cloud providers, rather than 'Am I cloud, am I on prem or am I hybrid,' it's how cloud am I?"
Companies have also had difficulties monitoring their systems for security threats, Burke said. Companies have security tools that scan for various vulnerabilities, however the tools that may work for on-premises environments may not be able to move at the speed required for a cloud environment, he said.
The report echoes previous findings about the rapid shift to work from home, as companies rushed to keep the enterprise afloat at the start of the pandemic. Security considerations often became an afterthought.
Research from Gartner shows that companies have struggled to manage security in an environment where you have to scale the number of remote workers over long periods of time.
"It's essentially not a case of blind spots but a change in dynamic as to what to monitor," Pete Shoard, Gartner Research VP said via email. "As security professionals we have historically focused on what crosses the threshold. The remote work environment and the need for cross-platform compatibility has meant abandoning the perimeter as the primary focus and moving towards monitoring of behaviors of individuals (or their accounts) when interacting with systems and applications."