The pandemic turned remote work from a trend to a necessity and ultimately to a new normal. According to Pew Research from January 2022, 59% of workers that could work remotely were doing so full-time. Coupled with the explosion of smartphone ownership (up in the U.S. from 35% in 2011 to 85% in 2021) and a crystallized picture emerges of what is currently keeping Chief Information Security Officers (CISOs) awake at night and forcing systemic change in the approach to enterprise data security.
The company office once served as a fortress of sorts, employing all measures of operational technology (OT) and information technology (IT) security that protected their workers seamlessly and allowed them to move about their jobs confidently.
Cloud As A Service
Remote work and the proliferation of cloud computing (a market that is expected to grow from USD $429.5 billion in 2021 to about USD 1.02 trillion by 2028 according to Pew) has changed that “perimeter” scenario dramatically. “Seemingly overnight, there was no perimeter,” said David Eckstein of Menlo Security.
The remote worker immediately became the weakest link in an organization’s security chain. And the browser became the portal of vulnerability as workers opened ubiquitous software-as-a-service applications, i.e. email communication, customer resource management, document sharing, video conferencing.
Leveraging “the cloud” is no longer something to think about but instead to seriously consider. The volume, velocity, veracity, and variety of data underpinning our cities, communities, and municipalities as we become a continuously “connected” society. As such, the U.S. General Services Administration emphasizes a holistic approach when considering a holistic approach when considering a cloud adoption.
Furthermore, as our world continues to depend more and more, each and every day, on ubiquitous connectivity spanning the nation’s sixteen (16) critical infrastructure sectors, the emphasis we place on the vital machinery and communications for sustainability, resilience, and security is paramount.
Net Net, it is imperative that Government, Industry, and Academia accelerate efforts to integrate the necessary thought leadership, entrepreneurial spirit, and technology solutions to serve a greater good for humanity.
Never Trust vs. Zero Trust
On January 26, 2022, the Federal Government issued M-22-09 to emphasize the integration of zero trust, cloud services, and risk mitigation.
The traditional “Detect and Remediate” methodology of risk mitigation and cybersecurity measures are no longer effective, according to cybersecurity strategists at Menlo Security.
While Zero Trust is the buzzword du jour, a “never trust” mentality has evolved regarding web security. “We suggest you lock the door up front,” said Darren Curtis of Menlo Security. “Why let them in?”
Enter Browser Isolation.
Browser Isolation works in a preventative manner by creating a logical barrier between the web browser and the user, essentially designating all traffic untrustworthy and potentially harmful to organizational networks and devices. It represents an excellent option for both public and private sectors to explore as a risk mitigation measure.
Pete Tseronis the Founder and CEO of Dots and Bridges LLC.