The opportunity for the security industry is to build a remote-ready security program that is equally secure for remote and in-office workers
I think it’s safe to say that the pandemic has changed the working world forever. More than a year into the largest social experiment in recent history, pretty much every assumption and hypothesis out there about a remote workforce has been proven and/or disproven at this point.
Looking back at the start of IT security, IT was created to be a business enabler. Any technology the users wanted/needed to increase productivity, IT was the onramp and support to actually use that technology at scale to generate value. IT security was then created to make sure that value was protected, resilient and done according to best practices.
Thus when the pandemic happened and disrupted business on a global scale, every IT and IT security teams’ first priority was to help employees get back to work. The pandemic demanded BYOD on hyperdrive, VPN capacity pushed to its limits, data movement with little to no visibility. Technology was the saving grace that enabled everyone to stay productive no matter where they were. The pandemic made security real.
The opportunity for the security industry now is to build a remote-ready security program that is as equally secure for the remote employee as being in the office.
One of the first things I see happening in this remote-ready hybrid-office approach is a greater focus on a couple of key controls that have been tried and true for years. 1) blocking common threats (i.e. antivirus; endpoint & user security) and 2) managing access to company resources (i.e. firewalls & IAM; SASE & Zero Trust). All topics I’ve written or will be writing about with SecurityWeek so I won’t repeat them here.
Looking bigger picture, I think the big opportunity we have post-pandemic is the “big reset”: every security and IT team’s chance to completely re-think their security programs. The future has been accelerated for everyone.
A future where employees don’t need to have IT-managed devices to work. Where logging, telemetry and management is equally easy regardless of device. Where employees can quickly and securely access resources no matter where they are. Where data storage is centralized and managed. Where provisioning new employees and contractors is seamless.
We’ve yet to see one company do all of these things but I expect in the next five to ten years, there will be some well-known options/platform that will. It’s the next big platform opportunity in IT security and one that users, security professionals, executives and boards are ready for. The pandemic forced us all to experiment with our day-to-day lives. I’m looking forward seeing what we’ve learned as an industry and do next.