Can Cybersecurity Rise To the Integration Challenge and Operate Remotely?
The switch to remote work was not a transient response or “a flash in the pan.” According to research, 25% of all professional jobs will be remote by 2022, which will continue into 2023. Interestingly, remote work is growing the fastest in technology roles — which begs the question, will cybersecurity, too, operate remotely?
While the lion’s share of the workforce switched to WFH in the last two years, IT teams and cybersecurity professionals have had to turn up on-premise. It can be attributed partially to the lack of integration between systems and silos that compel cybersecurity professionals to be in the same office if they are to collaborate and resolve issues on time. As remote and hybrid work becomes the “permanent normal” for the upcoming years, we must also revisit cybersecurity workflows.
What Are the Blockers to Remote Cybersecurity Operations?
The systems, devices, and end-users management by cybersecurity are now mostly remote — yet, tools like endpoint detection and response (EDR), cloud security access brokers (CASB), and network security tools have to be managed by the team from on-site. It is because:
● Cybersecurity systems lack integration. As the data does not automatically flow and different stakeholders own different security functions, there is no way to collaborate except in person.
● Traditional systems lack collaboration or connected incident management workflow. Therefore, it is an expectation that a security professional will independently resolve issues relevant to the areas that they have been assigned and only ask for help in exceptional cases.
● Cybersecurity professionals work with large volumes of sensitive data, such as user privilege information, network maps, knowledge of vulnerabilities, etc. Without secure information hosted on the cloud, one would have to carry the data around on a secure USB key physically.
● In some cases, there is also cultural resistance among the cybersecurity team regarding embracing integration, connecting workflows, and collaborating on incident management. In addition, cybersecurity was traditionally a hardware/equipment intensive function, and it is only in the last five years that companies have embraced a cloud-first approach.
What Is the Way Forward?
If organizations adopt remote and hybrid work long-term, cybersecurity cannot be left behind. It hinders the broader strategic plan (e.g., reducing physical office footprint by a certain percentage), but it could also conflict with the expectations of a new generation of talent. Young professionals are now used to the WFH, no commute, flexible-working model, and many cite this as a must-have when deciding on an employer. An integrated cybersecurity landscape is essential for organizations to benefit from new talent.
To achieve this, we have to explore purpose-built solutions like Security Orchestration, Automation, and Response (SOAR), designed for integration and not patched together. In addition, monitoring and incident management tools must be cloud-native so that cybersecurity workers can access them from anywhere without risking data exposure. CyberQ, SIRP, and Siemplify are a few helpful tools in this regard. Finally, one must also look at add on products that can extend collaboration between various information security teams, infrastructure teams, application teams and business process owners on traditional information security tools.