By Jon Oltsik, CSO | APR 16, 2020
Phase 1 was all about employee access, network communications confidentiality/integrity, and basic endpoint security. The next phases will move quickly from risk assessment to mitigation.
As most CISOs know all-too-well, large-scale work from home (WFH) initiatives due to COVID-19, where the priority was getting users up and running as quickly as possible, forced security leaders into an unanticipated follow-on sprint to deliver elementary security safeguards for remote employees (i.e., VPNs, endpoint security controls, network security controls, etc.).
This is the new reality, and it’s an ongoing scramble, but what comes next?
Let’s call the current situation phase 1, which is about employee access, network communications confidentiality/integrity, and basic endpoint security.
Since posting my last blog, which described how COVID-19 is changing CISO priorities for 2020, I’ve heard of additional IT efforts to address network performance and user productivity (phase 1A). Some organizations are implementing split tunneling so key employees can access VPNs and the internet simultaneously. Some are paying to upgrade employee bandwidth — especially for executives spending their days on videoconference meetings while their children use the same networks for homeschooling. My colleague Bob Laliberte also tells me about companies instrumenting key employee systems with WAN optimization software. Back at corporate, there’s also lots of load balancing and SD-WAN activity.