Secure by design IT: changing working practices demand a security re-think
The shift to remote working and increased cloud uptake is a security challenge for IT teams. Is your organisation up to the task?
Staying secure is more important now than ever. In our remote working study, we found
that almost half of respondents (48 per cent) said they want to go to the office from time-
to-time. The workforce is becoming more remote and flexible. Keeping your organisation
safe means adopting ‘zero trust’ architecture and finding products and services that are
‘secure by design’. These measures are foundational principles for a secure operation.
Zero trust architecture
Furthermore, half of companies in our survey (52 per cent) increased their use of cloud technologies during the Covid-19 pandemic and many are planning to move more workloads to the cloud in future. Almost two-fifths (38 per cent) plan to move to Azure, with 15 per cent going with AWS and 10 per cent looking at private cloud.
The result is a larger potential threat landscape and a network perimeter, once the frontline of cyber security, that essentially disappears. Today, a growing number of organisations are removing the inherent trust from the network, assuming instead that it is hostile. A new boundary is created around applications and any request to the network must be verified for identity, context and policy adherence.
This zero-trust approach is ideal when cloud adoption and remote working are accelerating, and it is also an opportunity to ensure that the company’s applications are secure by design. When security has to compete with other requirements during development, it can easily be overlooked or given a lower priority, which simply stores security problems for later. More developers and service providers are committing to a secure-by-design approach that embeds security throughout the development process.
Creating a seamless experience
A light touch is really important. Users don’t really want to think about IT and, when it’s working well, they shouldn’t notice it. They want a seamless experience that doesn’t require them to constantly log-in and log-out of various systems and always be authenticating themselves. Fortunately, this can be done without compromising security.
For our respondents who said they plan to adopt more Microsoft Azure, the good news is that much of Office 365 is already set up to support a remote-working, secure by design posture. There are a range of security tools, such as Microsoft Endpoint Manager, InTune, compliance tools, Advanced Threat Protection (ATP) for Sharepoint, web filtering and more. These can be used to create a harmonised estate with licenses you are already paying for.
Cloudhelix has been working with an insurance client to set the whole organisation up on Microsoft tooling, to provide a light touch, simple and consistent network to manage. Security and management best practices are coupled with Microsoft’s best-in-class tools.
The recent changes to working practices can be a source of frustration as IT departments try to keep up, but it’s better to see them as an opportunity to take stock of your security approach and make sure that it is both fit for purpose and does not frustrate users.
Got a question?
Our experts have an answer