CISO, Security Transformation The Future of Security and The Inevitability of Remote Working
Oct 26 2020

The Future of Security and The Inevitability of Remote Working

By this time in 2020, you’re probably well past the panic of pandemic cybersecurity. The “New Normal” isn’t very new anymore and what was once perceived as short term crisis management of security is looking more like a long term solution.

As we look ahead, it’s important to look at what we’ve learned from this situation, as security professionals and how we can apply that to the long road we still have ahead of us. 

We have reached out to many Security and Technology professionals from across industries to see the trends of what did and didn’t work about their COVID transition, what they would do differently, and how they’re looking at securing this new predominantly remote workforce in the long term.

Here are some of the biggest things we found:

Not everyone was as prepared as you’d expect

The jump to remote working was, for most, pretty sudden and not without its growing pains. While it may have seemed everyone else knew what they were doing when the pandemic hit, the reality is that only 30% of the practitioners we surveyed stated that they felt their company was “very prepared” for this seismic shift to remote working.

Results graph showing how prepared existing security programs were for indefinite remote working brought on by COVID.

In addition to that finding, 60% of the practitioners surveyed noted that the employees at their respective organizations required some level of additional training around security and remote working. Adapting to securing extended remote working is a process, being proactive about making sure people know how to navigate safely isn’t a bad thing

Even if you weren’t as prepared as you would’ve liked in the face of the abrupt shift to remote working, there’s still time to figure it out. Of the practitioners we surveyed, 69% have only somewhat of a long term plan or no plan at all for securing remote working.

Practitioners have a chance right now to define their strategy from the ground up to best suit their organization. So if you’re part of that 69%, there’s no better time than now to take stock of what is and isn’t working and what you need to secure your remote workers for the long haul. 

Security budgets are holding steady and rising

Another trend that we found as a result of this study is that security budgets amid this pandemic are trending upward. 91% of practitioners surveyed listed that their budget either increased, stayed the same, or will have some effect on their budget for 2021.

Results graph showing the how the shift to remote work had an effect on security budgets.

This shows a level of commitment from organizations who see long term remote working as an investment that will only benefit their employees and see keeping those remote workers secure as a high priority.

And while our numbers can’t exactly tell us this, it’s also possible that those who responded that their budgets were staying the same,  meant they were reallocating existing funds as well. When asked, practitioners listed securing network capacity, securing video collaboration, securing network access as their top priorities in the immediate shift to remote working. Now that this has been operationalized, a new set of priorities will emerge for existing security budgets and refocus what other solutions or controls are most important for their organization’s needs.

Either way, It is a clear sign that security for remote workers is still a priority for organizations who see that it isn’t going away anytime soon. But that doesn’t mean there aren’t outliers. 

Some practitioners are still stuck in legacy 

Perhaps the most surprising finding of this survey is that there are still holdouts in the industry when it comes to cloud security and the long term staying power of remote working.

Specifically, 16% of the practitioners surveyed said that they still plan to keep their on-premise solutions and backhaul their traffic to data centers even as a pre-remote working seems imminent.

Results graph showing how the shift to remote has affected the priority of on-premises security.

Coupled with the 17% of who listed that remote work is not here to stay and they in turn don’t have a plan for securing it long term where there is likely some overlap, and it’s clear that not everyone is sold on the digitally transforming world the rest of us are living in today. This result  begs the question, what’s still keeping them on-premise? And if a worldwide pandemic won’t change their minds about the longevity of remote working, is there anything that will? 

For my colleagues who are still in the wait and see position, I urge you to develop a plan, just in case this was a miss and you need to react quickly. Verify and validate your thoughts and ask yourself “What is holding me back? Am I holding the business back? Am I making technology enablement and innovation incredibly difficult for my organization?”

As we continue through the process of re-inventing the security of our own organizations and working remotely, it’s important we continue asking these questions and taking stock of how we can continue to strike the balance between providing flexibility for remote workers and keeping them secure. These trends show that there’s still work for all of us to be doing and that there’s always room for improvement, no matter how prepared you are.

author image
About the author
Lamont Orange has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at Ernst & Young.
Lamont Orange has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at Ernst & Young.