Cloud Cybersecurity Risks Rise with Remote Workers

Article By : Ann R. Thryft

The huge expansion in remote workers caused by pandemic-related shelter-in-place orders is starting to look not so temporary. It has spurred an acceleration in the ongoing shift to cloud services.

The huge expansion in remote workers caused by pandemic-related shelter-in-place orders is starting to look not so temporary. It has spurred an acceleration in the ongoing shift to cloud services. In turn, this shift helps to solve some of the huge increase in cybersecurity problems caused by a vastly expanded attack surface, while also spawning new security problems.

As early as March, a Gartner survey of global human resources executives revealed that 88% of organizations were encouraging employees to work from home. An April survey of financial executives conducted by Gartner found that 74% intended to shift some positions to off-site permanently, and a third have or will cut spending on on-premise technology. The reasons are available technology to make remote work feasible, and cost savings that can help avoid bigger cuts. In June, IDC reported over 60% of organizations in Western Europe will retain at least some of their recently implemented work-from-home policies.

Several tech firms have said they expect to let most employees work from home after their offices re-open, either through the end of the summer, the end of this year, indefinitely, or permanently. These include Twitter, Facebook, Google, Microsoft, and Amazon, as well as Square and Quora.


Arm IoT Solution Overview – Deliver Secure IoT Systems to Market Quickly and Efficiently

Moving to Cloud: Good or Bad Idea?
Enterprises have been shifting to cloud services for some time; that part isn’t new. But the unprecedented expansion of remote workers in many sectors has accelerated this change. And it’s been accompanied by a follow-on shift from on-premise cybersecurity solutions to the need for cybersecurity platforms that protect the cloud, as well as increasingly collaborative, remote and mobile workers.

Beginning in January, IDC Research has been conducting global surveys every two weeks in its COVID-19 Impact on IT Spending Survey. Respondents are executives, including IT and line-of-business, responsible for or influencing decisions about IT products and services spending, program vice president for security services Christina Richmond told EE Times.

Cloud migration of data and applications has been accelerating, she said. One repeated question is how actual spending on security products and services will be affected by Covid-19, compared to originally budgeted IT spending plans in 2020 overall. In Wave 6, June 4 to 15, 45.3% say they’re increasing spending, compared to the 12-week average of 36.4% for increasing spending. “When you conflate the increase in acceleration in cloud services with the accelerated spending in IT products or services, it means that the acceleration in the shift to cloud services is also increasing the security spend,” she said.

Meanwhile, attacks on remote-access tools are increasing. As early as April, Kaspersky reported that brute-force attacks on the Remote Deskop Protocol (RDP), used by a large proportion of home workers accessing enterprise networks, had increased from the low hundreds of thousands per country, per day in early March to nearly one million per country, per day by the end of that month. In June, cybersecurity firm ESET reported that brute-force attacks on remote access applications, including RDP, had increased about 300% since January.

Cybersecurity leader McAfee polled its more than 30 million IT professional users worldwide and found that the use of cloud services jumped by 50% between January and April. But the most startling numbers are the 600% jump in the use of collaboration tools between January and April, while threats from outside attackers spiked by 630% during that time, most of them aimed at those collaboration tools. The report also found that access to the cloud by unmanaged personal devices doubled.

(Source: McAfee)
Sekhar Sarukkai

Although threats from insiders didn’t change noticeably during that time, enterprise employees often misunderstand their role in maintaining security in cloud environments. Added to that is the fact that cloud environments are easier to attack by bad actors. “With the cloud, all customers use the same basic APIs to provision and manage their use in a cookie-cutter manner,” Sekhar Sarukkai, McAfee fellow and vice president of engineering for cloud security, told EE Times. “This is a very different situation from the IT world, where you cobble together a lot of disparate technology, much of it proprietary. But once you go to the cloud, every customer has basically the same platform interface, with the responsibility for securing the interface being a shared responsibility — much of this is up to the customer.”

This makes it much easier for enterprise employees to make mistakes, because they can misunderstand the divide between their responsibilities and the cloud services supplier’s responsibilities in creating a “seam.” “Bad actors also realize this,” said Sarukkai. “And they realize that in moving applications and data to the cloud, instead of working through a complexity of interconnected technologies that’s different for each enterprise, they can just attack the seams exposed via standard cloud APIs.”

But Cloud Environment, Network Access Remain Unprotected
Because organizations had already begun moving collaboration to the cloud, which increased even more due to Covid-19, the amount of cloud attacks have become more significant than attacks on the enterprise. “Bad actors can easily navigate through the cloud environment and launch cloud-native attacks, bypassing traditional security like firewalls and proxies,” said Sarukkai. This can be invisible to customers because legacy processes and tools don’t account for visibility and control over data in the cloud. In the last couple of years, most customers have been moving to cloud-based platforms like Office365, AWS and Salesforce. “Once you’ve moved everything to the cloud, what other data of interest to bad actors is there within your enterprise network?” he said.

Although more than 80% of IT professionals in a recent Bitglass survey expect to continue support for remote workers after shelter-in-place orders are lifted, 41% haven’t taken steps to expand secure access for them, even though two-thirds said network access is their primary security concern. Half of respondents said proper equipment is their biggest barrier to securing access. Consequently, 65% of organizations now enable personal devices to access managed applications, even though about half think that’s a significant  security risk.

(Source: Bitglass)
Kevin Sheu

In the last five to 10 years, there’s been discussion around zero trust, endpoints, and mobile devices, and even before Covid-19 the number of things accessed grew a lot, said Kevin Sheu, senior vice president of marketing for cloud cybersecurity company Bitglass. “Year-over-year adoption of cloud security controls has been incremental, so in some regards if we had been following some of these trends introduced in the last five to 10 years, the expansion of remote workers shouldn’t be a new problem,” he told EE Times.

Covid-19, however, has highlighted the need for security. Its lack is caused partly by budgets. “But it’s more a matter of emphasis: even with an infinite budget, what would you spend it on?” said Sheu. So the adoption of cybersecurity for remote and mobile devices is likely to increase quickly.

Until Covid-19, nothing really pushed organizations into accepting remote workers, so people thought they could get by with managing by exception. But  with Covid-19, now everyone is an exception, said Sheu. “We’re not going to go back to a 100% in-office environment, because we’ve found that we can be incredibly productive by not going into the office. More likely, a blend will occur.”

In this hybrid environment with many exceptions, the different types of devices people use will also expand dramatically. Bring-your-own device is no longer the exception, more unmanaged devices are becoming the norm rather than the exception, and the expansion of cloud security will need to accelerate much faster, said Sheu.

Subscribe to Newsletter

Leave a comment