5 min read
Masterminding your strategy for ethical AI with a conscience
In an era where AI is reshaping the very fabric of our digital world, as a Digital Leader you’re not only a pioneer of technology advancement but a...
The events of this year forced a large-scale shift to remote working and many analysts are predicting the “death of the office as we know it”. A recent BBC Survey of Britain’s 50 biggest employers uncovered that they have no plans to return staff full-time to the office in the near future, demonstrating that extensive remote working is here to stay.
As part of their crisis response, many organisations changed or accelerated their digital workplace strategies, with some rapidly adopting technologies like Microsoft Teams to maintain effective communication and collaboration with their staff now working remotely.
With cyber security already high on every CIO’s agenda, a key concern is how this change in working has impacted data security. By shifting to a new working model at pace, have organisations exposed themselves to yet unidentified vulnerabilities? Do existing business continuity plans take these risks into account?
A survey conducted by Barracuda Networks found that “almost half (46%) of global businesses have encountered at least one cyber security scare since shifting to a remote working model during the COVID-19 pandemic”
As organisations have rapidly increased their digital footprint to support remote working, they have faced new and increased security challenges to protect their networks, devices, and data. For many, there have been new risks in unmanaged devices and a rise in shadow IT. Rapid deployment across remote access networks has increased the attack opportunity for threat actors and cyber criminals, creating new challenges for cyber security teams to address.
The insider threat posed by employees, usually through poor user practice rather than malicious intent, has been heightened. With a significant portion of the workforce now sitting outside the corporate network and the security protection it provides, it is even more important to reinforce security awareness and good practice to mitigate the risk of social engineering attacks, e.g. phishing.
Not only is it vital that cyber security teams implement a Modern Digital Workplace Security approach that effectively mitigates and manages the new and increased risks, they must also have the right security software and tools available to them to combat the threat.
Requirements for digital workplace security have already changed with traditional security methods relying on established perimeters, password authentication and manual permission management now being obsolete.
Pre-COVID, remote working was already on the rise, with employees using cloud-based SaaS platforms such as Office 365 to meet their communication, collaboration and information management needs and this has only accelerated during 2020. There has also been an increasing mobile first approach, with employees utilising third-party mobile applications and their own devices such as smartphones and tablets to perform essential work functions, often outside of core office hours. Perimeter-based security systems are insufficient in such an environment.
An effective Modern Digital Workplace security approach should extend the perimeter to include all cloud-based SaaS, IaaS, and PaaS element of your IT estate and digital footprint.
It is also important that your approach is aligned to your overall cyber security and information assurance strategy. Our recommendation is to benchmark your approach, security systems and tools against the NIST Cyber Security Framework and ensure that it enables you to effectively:
Extending your perimeter to encompass all the cloud-based services and systems you use may mean that the current security approach, software, and tools used by Infosec and Information Protection teams come into conflict with the cloud platform offerings or are rendered obsolete and need replaced.
Microsoft 365, a popular digital workplace platform, is supported by a range of software and tools from Microsoft, enabling you to secure your cloud infrastructure and services by effectively managing identification, protecting services and data assets and enabling you to detect & respond to incidents:
For information protection and compliance, Microsoft Office 365 includes in-built tools and features to help you manage, protect, and govern business-critical and personal data while the Microsoft 365 Compliance Center helps you manage and monitor compliance:
Ultimately, it is down to you to make sure you use these tools effectively. Your security approach needs to be embedded in your Operating Model for implementing and supporting the platform with all relevant stakeholders in your business (including the Infosec and Information Protection teams) bought in and aligned to the model. Only then can you be assured of effectively adopting and exploiting the platform in a secure way that ensures your data is protected in the cloud.
Our Modern Workplace and Cyber Security experts help our customers plan effective and secure digital workplace strategies, designing and implementing operating models that are aligned to their business needs, their IT operations, and their risk management and compliance needs. If you have concerns about digital workplace security or your remote working set up and are looking for support, please get in touch with us.
Back to all insights5 min read
In an era where AI is reshaping the very fabric of our digital world, as a Digital Leader you’re not only a pioneer of technology advancement but a...
4 min read
Generative AI is beyond a fun toy to illuminate your children's bedtime stories (try that if you haven’t!), but now a formidable asset for CIOs to...
4 min read
If ever there was a strong case to accelerate cloud and climate sustainability, look no further than the power of AI. It could offer significant...
At the heart of agile working is the idea of bringing people, processes, technology, time and place closer together to find the most appropriate and...
There has been a huge increase in the use of Microsoft Teams to support the shift to home working during the COVID crisis. If you haven’t already,...
One of the impressive and more positive aspects of the COVID-19 pandemic has been the way that technology functions across all types and sizes of...