June 15, 2020
By CIO Academy Asia

The COVID-19 crisis has led to the accelerated migration of workloads to the cloud and the proliferation of endpoints, as an unprecedented number of people work remotely.

The immediate focus of IT departments has been to ensure that remote workers are able to function and have access to the resources that they need. Many organisations have faced challenges in providing staff with equipment and connectivity, as well as the psychological impact of working from home continuously.

Once employees are working remotely, other challenges soon emerge particularly around exposure to cybersecurity threats.  The necessary enterprise focus on access and enablement, for business continuity, needs to be balanced with security considerations in managing endpoint security and cloud workloads.

Most organisations could not prioritise security as they scrambled to continue operations, when employees were forced to work remotely. Anton Reynaldo Medina Bonifacio, CISO at Globe Telecom pointed out that “There was no pause. We had to keep running even as workloads spiked.”

Rush to the cloud and exponential growth in endpoints create new cybersecurity vulnerabilities.

Typically, enterprises are working with multiple security tools, each addressing different vulnerabilities. The acceleration towards greater cloud usage and remote working has exposed enterprises to even more risks. As well as creating a need for a new cybersecurity posture, this is also making IT management more complex. Attackers benefit from complexity as well. As Jagdish Mahapatra, Managing Director, CrowdStrike Asia commented “Adversaries love complexity. We need to build simplified stacks to manage threats better and faster. Simple can sometimes be harder than complex!”

Enterprises need to re-strategise as existing solutions are now less effective. At a recent leadership panel hosted by CrowdStrike, moderated by CIO Academy, Pravin Saiya, Deputy CISO, Larsen & Toubro Infotech Ltd, remarked that “Enterprises must re-strategise and protect their ‘crown jewels’ in a world where the working environment is boundaryless.” The ‘crown jewels’ for most enterprises are data sets. Accessing valuable data, usually involves targeting endpoints and the users that work with them. Mahapatra continued “Attackers are not interested in routers and switches. They want to reach the user via a specific endpoint.”

Enterprises with most of their workloads already in the cloud generally report that the COVID-19 crisis created fewer security challenges for them. On the same panel, George Do, CISO, Gojek, said that “COVID-19 did not change the company’s cybersecurity strategy. Gojek did experience a rapid increase in attempted fraud and phishing attacks so we needed to be more alert and make sure our users practise good behaviour with respect to cyber hygiene. The threat profile changed but our attack surface stayed the same. We placed more focus on hardening web conferencing security and data leakage.”

IT decision makers also express concern about enforcing security policies and compliance for home workers. There are serious concerns about devices being shared with other family members and confidential data leaking. For example, there is often nothing to stop remote workers from printing our confidential data on their home printers. This kind of data leakage risk poses a danger to organisations across South East Asia.

Security Orchestration, Endpoint Detection/Response and Agility are critical for the ‘Next Normal’.

Given the increasing number of security tools required by organisations, especially in light of the COVID-19 crisis, security orchestration and endpoint detection have become critically important.

Security orchestration helps organisations to consolidate their security tools and to automate alert triage, detection, investigation and incident response. Orchestration offers a single dashboard view of security across all IT assets and endpoints. Cybersecurity skills are in extremely short supply, so visualization and built-in plugins eliminate the need for security professionals to be expert in every tool. Instead, they can focus on the most important tasks. This will optimize the use of existing cybersecurity resources, less is more!

According to Mahapatra, “Organisations need a ‘CCTV’ across the network, to see all the endpoints.” Visibility across all endpoints is now critical to enterprises. Complexity must be managed in a way that can offer a single dashboard view if all IT assets and endpoints. Automation and AI needs to be leveraged to the greatest possible extent, in order to manage cybersecurity risks. In a world, where demand for cybersecurity skills far outweighs supply, automation and AI are now essential components of security solutions.

Enterprises must also adopt a zero-trust security policy. A zero-trust policy requires all users, including those inside the enterprise network, to be authenticated, authorized, and continuously validating security posture, before gaining access or retaining access to resources. Zero-trust is critical as companies increase the number of endpoints  and expand their infrastructure to include cloud-based applications and servers, because these changes make it more difficult to establish, monitor and maintain secure perimeters.

According to Sanjay Kotha, Joint President & Group CIO, Adani Group, “A move to a zero-trust security approach is necessary for the rapid detection, containment and elimination of threats.”

A zero-trust approach should be complemented by a security-first mindset. For unicorns such as Gojek that frequently deliver new app features this is critical. Gojek’s George Do said “A security-first mindset is part of our DNA and is critical because of the speed with which we launch new services.”

Addressing the plethora of new threats emerging from the remote working operating model, requires solutions that can prevent, detect and respond to threats with speed and agility. CrowdStrike’s 1-10-60 Challenge urges organisations to:

  • Detect intrusions in under 1 minute.
  • Investigate and understand threats in under 10 minutes.
  • Contain and eliminate the adversary from the environment in under 60 minutes.

The Southeast Asia Technology Trends & Priorities for 2020 Report, published by CIO Academy Asia in collaboration with the Lee Kuan Yew Centre for Innovative Cities at SUTD, is now available for download.

Visit here to get your copy