Over the last several weeks, organizations across the globe have scrambled to provide millions of employees with the tools necessary to work from home.
Employers are tasked with everything from providing laptops, improving VPNs and investing in additional teleconferencing and collaborative work tools, to expanding cloud infrastructure to accommodate the increase in data being sent and stored over the internet.Remote collaboration platforms like Microsoft Teams are reporting a 500% increase in the number of meetings, and a 200% increase in usage on mobile devices. Unsurprisingly, analysts are also predicting growth for endpoint security players like Citrix as organizations adapt to support remote work for an increasingly diverse set of vocations. Even internet service providers have made changes to accommodate, in some cases suspending data caps to lessen the financial consequences faced by a workforce newly reliant on their home WiFi connections.
For employers of the nearly 41.6 million Americans who already had the ability to work from home, according to 2017-2018 data from the U.S. Bureau of Labor Statistics, current conditions mean an exponential increase in technology practices that might have already been in place. Securing so many additional endpoints with traditional encryption, for example, takes time and means a significant increase in the number of keys managed by IT. But for those employers for whom remote work has never been common practice, such as many healthcare providers, adapting for today’s conditions is not a matter of broadening existing security practices but of creating them on the fly. And the information at stake is some of the most sensitive traveling across the internet today.
Even for longtime users, deploying comprehensive encryption solutions while managing keys, tokens and HSMs in the cloud has proved nearly impossible. Cloud platforms provide a bevy of onboarding tools to make easier to migrate workloads to the cloud, but human errors, typically referred to as misconfigurations, were still the leading cause of data breaches in 2019. Encryption alone has sufficiently protected organizations from common missteps like leaving storage buckets unsecured.
Now, as IT workers at organizations like healthcare practices make unfamiliar telehealth models work in the cloud to keep non-essential visits at bay, we are poised to experience a slew of data security vulnerabilities in the coming weeks. Healthcare is not the only industry migrating new, sensitive workloads the cloud to adjust to global conditions. In industries such as finance and in geographical pockets of Europe, work environments that have been slower to embrace remote work are now forced to do so almost overnight. It only follows that the data security vulnerabilities that have been commonplace already will increase as a result.
New use cases are not the only data security threat faced by organizations and individuals today. Unfortunately for many, an increase in free time has been another product of the global pause on previous norms like school. Cloudflare sites a historical spike in the number of data security threats documented while schools are on break, attributing the cause to an increase of free time across the population of “capable hackers”. That phenomenon has the potential to explode as students are sent home and unemployment grows during government-mandated shelter in place orders.
Rightfully, new data security challenges are just one line-item on a very long list of concerns for organizations across the globe, at the top of which is the health and safety of employees. As those that are able to make work-from-home possible grapple with an impossible set of new concerns, taking additional steps to obfuscate data now can go a long way to mitigate data security fallout in the future. Avoiding misconfigurations and the increased risk of malicious attack altogether might be impossible for most given the speed with which new processes are having to be deployed to the cloud, but those that can take steps to reduce the sensitivity of data itself through techniques like microsharding will drastically lessen future security fallout.