NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Dispatches from Anywhere: Securing the Next Wave of Work

May 21, 2021

  • Blog
  • Archive

After the 2020 pandemic tipped our traditional way of work on its head, companies scrambled to support fully remote workers. But as the vaccine roll-out continues, many organizations are welcoming workers back to the office. However, that doesn’t mean all companies are planning to go back to exactly the same way things were before. Some companies, like Nationwide and VMware, have announced their decision to stay “remote first” for the long-term, while others are looking at flex solutions like 2 days in office and 3 days home -- or one week in office and the next week home. The implications for IT and ITSec departments is that they must prepare to support fully or partially remote workers well into the future.

3 Focuses for Security Operations in the Era of Remote & Hybrid Work

What does support for a hybrid workforce look like for security operations? To ensure that corporate assets are protected and not exposed to excessive risk, SecOps teams will need to focus on three areas for remote and hybrid-remote workers: physical, digital, and human.

1. Physical: As the days of always (or mostly) in the office wane, security teams face an expanded attack surface. Now, every work-from-home (WFH) or work-from-anywhere (WFA) employee’s home, or even local coffee shop, can be an extension of the corporate network. And though this has increasingly been the case with mobile and mostly remote workers pre-COVID, the big change now is the sheer scale of employees working remotely.

In the next wave, look at extending in-office physical policies out to the next wave of the “anywhere office.” For example, if you’re a “clean desk” company that requires employees to lock up laptops and turn off monitors when they step away, expand those policies to the “anywhere office” too. Though all employees may not have access to a locked cabinet at home, they probably can shut down their laptops and put them away in a drawer. Similarly, provide guidelines on how to keep critical hardware, like cable modems and Wi-Fi mesh routers, out of harm’s way from curious cats and capering kids. And for companies that can afford it, consider going one step further and purchasing hardware for remote workers to ensure that they’re using corporate approved vendors and versions.

2. Digital: Keeping data safe for remote-first workers intersects with digital transformation and the ongoing shift to cloud. Identity-centric security supports both people and machines -- and getting it right is critical as 80% of data breaches are connected to compromised credentials, according to Forrester Research.

Scoping access for identities via focused, need-to-know roles is a necessary first step. A recent Forrester Consulting survey commissioned by BeyondTrust, found that 60% of respondents believe they will have “to treat more employees as privileged users due to remote access infrastructure” in the next two years. Where possible, minimize proliferation of privileges and ensure that unneeded access is culled when no longer required. Where privileged users (again both human and machine) can’t be avoided, keep it controlled through a PIM (privileged identity management) tool that supports elements like server privilege management, credential rotation, just-in-time (JIT) access control, and granular audit capabilities.

Other areas for remote work digital security include hygiene and configurations on home devices and training users how to securely set up their home networks. Some remote-first companies who supply equipment (e.g. laptops) to employees may also look at developing “push button” setup scripts for home employees, or shipping equipment pre-configured to company standards.

3. Human: Last, but certainly not least, is the human element. MIT neuroscientists discovered that when rodents are put under chronic stress, they choose higher risk paths. This can happen with humans too. Working from home can mean a reduction in commuter stress, but an increase in ambient home stress from children, partners, and pets. Not to mention the stress of jumping from meeting link to meeting link and having to look at oneself in video meetings. A stressed workforce may be tired and more likely to forget safety protocols, such as checking links before clicking or downloading software.

Training that worked in an office context may need to evolve or become more frequent in this next wave of work. Also, management style and culture can do a lot to alleviate stressors: for instance meetings can be set at 25 or 50 minutes to give people a bit of breathing room so they don’t have to multi-task all their emails during calls.

Next Steps in Preparing to Securely Address the Remote-First Workforce

No matter where your company lands on the next wave of work spectrum, creating a plan for addressing the physical, digital, and human elements will keep data safe and people sane. For a further exploration on this security topic, check out my on-demand webinar: Privileges & Pajamas: The Security Impact of Remote Working. And for related reading, check out this blog from Morey Haber, BeyondTrust CTO & CISO, on how the attacker’s path of least resistance is shifting and how you can adapt.


Photograph of Diana Kelley

Diana Kelley, CTO, Executive Mentor, Research Analyst, Security Keynote Speaker

Diana Kelley’s security career spans over 30 years. She is Co-Founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and Board member at Sightline Security, Board member and Inclusion Working Group champion at WiCyS, Cybersecurity Committee Advisor at CompTIA, and RSAC US Program Committee.

Diana produces the #MyCyberWhy series, hosts BrightTALK’s The Security Balancing Act, and is a Principal Consulting Analyst with TechVision Research and a member of The Analyst Syndicate.

She was the Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), and a Manager at KPMG.

She is a sought after keynote speaker, the co-author of the book Cryptographic Libraries for Developers, has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year, and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From May 18, 2021:
How to Mitigate macOS CVE-2021-30657 with BeyondTrust Privilege Management for Mac
From May 27, 2021:
BeyondTrust Privilege Management for Windows & Mac Introduces New Integrations with VirusTotal and MFA, & More in New Release

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.