Accelerated cloud migration made sense during the pandemic's peak; but, enterprises may confront new challenges in the future.
As potential "new normal" operations take shape, organizations that expedited their deployment of cloud-native apps, SaaS, and other cloud-based resources to cope with the epidemic may have to assess other security concerns. Thus, even though many businesses continue to benefit from remote operations, hybrid workplaces may be on the horizon for some.
According to Guy Podjarny, CEO and co-founder of Snyk, the rapid shift to remote operations and work-from-home settings have inevitably raised new worries regarding endpoint and network security. His firm recently released a report called "The State of Cloud-Native Application Security," which looks at how cloud-native adoption affects threat defenses. Security had to distinguish between authorized people who needed access from outside the office vs. serious threats from bad actors as more operations were shifted offsite and to the cloud. Security had to distinguish between authorized people who needed access from outside the office vs serious threats from bad actors as more operations were shifted offsite and to the cloud.
Decentralization was already ongoing in many businesses before COVID-19. However the pandemic response may have accelerated the process. "Organizations are getting more agile, and the notion that you can know everything that is going on is no longer true," Podjarny argues. "The pandemic has forced us to look in the mirror and realize that we don't have a clear view of everything going on."
This resulted in the dispersal of security controls to allow for more autonomous use by asynchronously managed independent teams. "This necessitates a greater investment in security training and education," adds Podjarny.
However, this could cause challenges with decentralized activity governance and accompanying security measures. He argues, "People don't feel they have the means to understand what's going on." According to Podjarny, the overall changes that organizations have made in response to the epidemic and what may come after have been mainly favorable. "It takes us toward more scalable security solutions and adapts the SaaS, remote working reality."
At the start of the pandemic, the rush to cloud-based applications like SaaS and platform-as-a-service prompted some understanding of the need to provide means to keep operations running under quarantine parameters. "Employees were just trying to get the job done," Jim Brennan, BetterCloud's chief product officer, explains. He claims that putting such technologies in place enabled his team to achieve their objectives. He claims that putting such technologies in place enabled his team to achieve their objectives. This contrasts with the past when such "shadow IT" activities would have been viewed as a threat to the company. "We heard from a lot of CIOs who said it altered their thinking," Brennan adds, which led to initiatives to make such tools more readily available to employees.
Meeting such needs on a large scale, on the other hand, presented a new problem. "How can I onboard a new application for 100 employees successfully?" One thousand workers? I'm not sure how I'm going to do it for 50 new applications. How about a hundred new applications? Many CIOs and chief security officers, according to Brennan, have asked for more visibility into the cloud applications that have been deployed within their companies and how they are being used. BetterCloud just released a short on the State of SaaS, which examines SaaS file security exposure.
According to Brennan, automation is being used to improve insight into those apps. This is part of a changing landscape in which some companies decide that the term "shadow IT" (the use of technology without official authority) is misleading. He continues, "A CIO told me they don't believe in shadow IT.'" In effect, the CIO viewed all IT, whether approved or not, as a way of completing tasks.
In the new context, the demand for high usability and flexibility in technology will bring new problems for chief security officers, according to Brennan, who will be relied upon to support this. But, he argues, "They'll still be held accountable for defending the business." "I believe there will be an emphasis on various types of security controls. Rather than banning or discontinuing security efforts, Brennan suggests a shift toward awareness and remediation of how and what technology employees use. "We may see more trends go in that direction since it's the only way to meet the rising demand for usability."