Autore: SealPath Team
The COVID-19 pandemic has brought about drastic changes at a social level that would have been difficult to imagine a few weeks or months ago. The situation of confinement in which many countries find themselves, with most of the population unable to leave their homes, is something we were not prepared for and have had to quickly get used to.
Something similar has happened at the work and business level, however, the work does not stop: hospitals, logistics companies, medical material production services, etc. must continue working, and for the rest of the non-critical services in this situation, remote work or teleworking has been imposed at a fast pace.
Normally, establishing new architectures, information systems, tools, etc. is something that takes time, especially in large companies. In this case, many CIOs have been forced to implement remote architectures and work processes in record time.
Many corporate systems are not designed to work from home. Perhaps they are, since in most companies teleworking has been carried out more or less extensively: users take their work home, on weekends, etc. to carry out certain urgent tasks. The difference is that now telework has had to be implemented throughout the organization without exception.
On the other hand, never in history has so much traffic and so much critical corporate data had to be managed from home. In many cases we are seeing how communication lines, VPN systems, etc. were not prepared for so many volumes of data.
Although in the first phase of the implementation of teleworking, agility and the possibility of giving remote access to the systems has been a priority, the CISOs have also had to establish procedures and tools to work safely.
Now more than ever we are seeing how it is not enough to protect the perimeter of the company. With information scattered in multiple locations, in the cloud, at employees’ homes, etc. it is now more critical than ever to have security that travels with the information.
Cloud storage applications such as Box, OneDrive, G-Drive, collaborative work applications such as Slack or Microsoft Teams, video conferencing tools such as Zoom or GoToMeeting allow critical work to continue and we can all enjoy certain services that are indispensable in this crisis, while on the other hand allow us to do our job.
Customers expect their suppliers to continue to maintain a high standard of security when processing their data, blocking possible threats and keeping them safe from possible security breaches.
One thing that is striking is that in crises, security or cyber security risks increase. The bad guys see a unique opportunity to act on the misdirection, chaos, and take advantage of it. A few weeks ago we watched in the press in astonishment as even hospitals were hit by cyber attacks in the middle of the covid crisis. In fact, unfortunately, phishing attacks have increased these days.
Furthermore, we have to take into account that in many cases we are the enemy. We are in a new working environment, with our personal teams, with even new and recently implemented tools and even in many cases with the right training to manage them.
Many of the problems of data leaks come from unintentional actions or errors and we have created the perfect breeding ground for these to occur. As stated in this article, we cannot place all the responsibility on users, who are not fully trained, to protect themselves against expert attackers who are highly motivated to make a profit.
At SealPath we have prepared a series of articles showing how to secure or protect your information in different use cases in a remote work context. In this article, we start with protecting distributed and shared information through Cloud storage systems.
As we mentioned above, one of the tools that are enabling many businesses to continue in a teleworking environment is cloud storage applications. Systems such as Box, OneDrive, Google Drive, SharePoint Online, etc. are making corporate information more accessible in this context.
The case of use of many companies is being the next for these tools:
This critical data is being stored on these systems and downloaded to the users’ computers, and as stated above we have an obligation to keep our customers’ and the company’s information as secure as possible despite the need for agility.
SealPath allows you to apply protection to the documentation that travels with it and accompanies you wherever it is stored, whether it is in the cloud or on an employee’s computer. In addition, it allows you to control what can be done with the information (just view, edit, copy and paste, print), and to have a complete audit of who is accessing, if someone tries to access without permission, etc. On the other hand, it offers the ability to destroy this information remotely by revoking access to it, even if it is on computers or devices that we do not manage.
In the case of use seen above, SealPath can help us in the following way:
SealPath can be quickly deployed and make these cloud sharing flows to enable remote work, properly protected.
Beyond enabling telework, this crisis is an opportunity for CISOs to identify where the most valuable information is and to protect it, whether on an internal server, in the cloud, or on users’ personal computers, if the current situation so requires.
In addition, the security department will be able to monitor activity on this sensitive documentation throughout the organization and identify possible anomalies. And if necessary, prevent access to it from remote or personal teams, once the crisis situation we are going through has been normalized.
In future articles, we will show you how SealPath can help with other common uses in a teleworking environment such as sharing information through collaborative tools like Slack or Microsoft Teams, or accessing sensitive information via VPNs.
You can read this article in SealPath website.