Security nevertheless remains an ever growing challenge for organisations that wish to encourage remote working and yet a number of companies have yet to define a public or private cloud strategy. In fact Computerweekly recently cited a survey on this issue, conducted by cloud application performance monitoring firm VMTurbo, which found that 65% of 1,370 organisations had not created one, and yet these firms are using one or another – users largely being individuals whom are able to use a credit card to get into the public cloud and therefore able to access shadow IT without the knowledge of their CIOs and CTOs. This failure can lead to security breaches, and so organisations ideally need to put a formal strategy and a cloud applications policy in place to ensure that they remain secure.
This problem arises across small or medium-sized enterprise (SME), through to large enterprise. The failure to think ahead, ensuring that shadow IT doesn’t leave remote users, internal users and the company itself out in the cold, can lead to increased downtime, financial and reputational loss at a time when there is an increased threat from ransomware. Research by SophosLabs, for example, finds that cyber-criminals are more often than before designed to attack individuals and corporations in specific countries, tricking their victims into downloading malware. According to Computerweekly, this emanates from crafted spam that employs the vernacular - brands and payment methods - to look like it is culturally compatible and therefore more able to fool individuals into downloading malware or ransomware that is often arrives as an authentic-looking email or notification.
The potential vulnerability of remote working could forestall any interest in it - there is no substitute for experience. Chester Wisniewski, a senior security advisor at Sophos, therefore advises individual users and their organisations to look harder for fake emails. He says they also need to become more aware of the tactics that the hackers are using in each region to enable organisations, their employees, their partners and other authorised third-parties to maintain a high level of IT security against cyber-crime.
Over confidence
Yet a recent press release from Tripwire, dated 11th May 2016, warns that the financial services sector’s IT professionals are overly confident about detecting breaches. This attitude may occur in all of the industrial sectors, and it can in itself lead to complacency, damaging and costly security breaches. All IT professionals and the C-Suite therefore need to keep ahead of every security threat.
With this in mind it’s worth noting that Tripwire’s ‘Identity Theft Resource Center’s 2014 and 2015 Breach List Report’ found that the number of data breaches within the banking, credit and financial sectors “nearly doubled between 2014 and 2015.” In spite of the display in confidence, the study found that 60% of the financial respondents “only had a general idea of how long it would take to isolate or remove an unauthorized device from their organisations’ networks, [and] 87% believes they could perform this task within minutes or hours”, writes the release.
The other financial services findings include the following:
• Only thirty-seven percent said their automated tools were able to identify locations, department and other critical details of network devices with unauthorized configuration changes.
• Eighty-two percent believe they could detect configuration changes to a network device on their organizations’ networks within minutes or hours. However, fifty-nine percent acknowledged they did not know exactly how long it would take to do this.
• Ninety-two percent believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network. However, seventy-seven percent say they automatically discover eighty percent or less of the devices on their networks.
• Twenty-nine percent do not detect all attempts to access files or network-accessible file shares without the appropriate privileges.
• Forty percent said less than eighty percent of patches are successfully fixed in a typical patch cycle.
“More than ever we are dealing with sensitive personnel and commercial data that must be encrypted before it hits the communication network, but now we have a compounded problem”, says Trossell. That problem has arisen because organisations and their remote workforce are now asking data to travel much further than ever before. For example, a remote office could be situated anywhere in the world, even in China, and encrypted data is becoming ever larger. “This process is going to be slow as these factors combined together defeat traditional WAN optimisation techniques, but data acceleration can be achieved with solutions such as PORTrockIT and WANrockIT.”
Centralising data
Remote offices and remote working are a now like a sitting room sofa: part of the furniture of a business. However, organisations are concerned about how to address the problem of bringing data – created remotely - into central locations. Claus Rensdal writes in his SC Magazine article of 14th April 2016, ‘The Vulnerability of Remote Working for Financial Institutions’, that remote working can make financial services organisations a hot target for cyber-criminals. The sector sits at the top of many hackers’ most wanted lists, as they face 300 percent more attacks than any other organisation. Still, organisations from other sectors also need to consider the detrimental impact of such malicious activity. Cyber-attacks and data breaches can damage reputation and finances, lose customers, and create an inability to deliver online products and services. Yet they can be prevented.
As shown by the VM Turbo and Sophos surveys these challenges are going to become increasingly prevalent. IDG Connect argued on 8th March 2016 that there is a competition going on between ‘Overpriced Smart Cities vs. The Death of the Office’. In the article Kathryn Cave looks at the workplace of 2026, and finds that more people will be working remotely than there are today – many of them will be working from home. This will help to reduce commuter congestion and she claims this will mean that fewer people will have to live in overcrowded, overpriced cities for work.
The customer factor
“The internet and the cellular phone network has revolutionised the remote office and the remote worker, and many of the tasks that were once dominated by head office have now been devolved out to the remote office and customer facing staff, and the associated data has joined them”, he explains. The problem is that this can lead some remote users, such as field salespeople out in the cold without access to the updated and relevant information they need to serve their customers. Trossell is subsequently sympathetic to their plight as it can lead to poor customer service – and in the case of sales people their jobs are on the line if they aren’t enabled to reach their sales targets.
Trossell recognizes that it’s quite often not their fault as individuals, but for businesses, good service is a key differentiator. It make the difference between doing business with one company over another in what is today an ultra-competitive work. So their organisations should be giving them the training and the technological tools, the innovation and infrastructure to increase their productivity as remote workers as it’s about service excellence, good customer management and business success.
Slow connections
A slow data connection can lead to poor customer service, data packet loss and in the event of a human-made or natural disaster, it can make restoring data from back-up way too slow. The remote user in many circumstances needs data now, and for it to be securely backed up to ensure that data can be recovered whenever a calamity occurs. People nevertheless remain a key factor, because everyone buys the things that matter to them from people – even in the internet age of online commerce. A field salesperson’s interaction with a customer can lead to a long-term and profitable relationship, or conversely a short one or no relationship whatsoever.
Technology is only one aspect of the paradigm, but in today’s world, customers may not feel satisfied or impressed if the remote salesperson doesn’t have the right tools in place to offer the right products and services. So Trossell rightly points out: “There are those that have a well-connected sales team that understand your business with the ability to obtain information at will, or, the others!”
This means organisations that have remote salespeople, for example, need to continue to evolve by investing in core technologies to permit ever increasing performance levels. These technologies as well as training and the recruitment of the right talent can “lead to ever changing and innovative business methods, but don’t forget the basic principles of efficient infrastructure processes that support and empower those people out there generating business”, Trossell concludes. So with the right technology, training, security policies, supporting infrastructure, remote users can be brought in from the cold. By embracing innovation, firms can also achieve business success.