For more than a century, the working day has revolved around employees travelling to a fixed company location for eight or nine hours. However, the status quo has dramatically shifted in the last few years.

Advances in technology have gradually granted workers more freedom and flexibility in when and where they work, and the advent of the cloud has accelerated the process rapidly. Cloud-based applications now enable users to access work resources at any time or location, whether it’s an early start at home, an overnight flight, or at a coffee shop between meetings.

These new working practices were reflected in the 2018 Duo Trusted Access Report, which analysed data from nearly 11m devices and a half a billion logins per month. The research found that 43% of requests to access protected apps and data now come from outside the office and network. For the largest businesses, Duo observed a 24% spike in the number of unique networks accessed over the last year.

We are likely to see this figure continue to increase as technology develops and businesses experiment with new working models.

As is too often the case, however, as companies race to take advantage of the new opportunities, security is frequently left behind. In this new era, the firewall-centred approach of building the perimeter walls higher simply isn’t viable. Instead, organisations need to adopt a ‘zero trust’ approach to users and devices connecting to the network, which can better accommodate the many variables of modern working practices.

The risks of remote working

Many of the risks around remote working result from poor security practices for endpoint devices. Software updates are one of the most common problems, and a massive 90% of the Android devices we analysed were running outdated operating systems, followed closely by 85% of Chrome OS devices. Just 8% of Android devices had applied the latest security patch, released 26 days earlier at the time of the analysis.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Endpoints running without the latest OS updates or security patches are at a much higher risk of being hit by malware exploits, and threat actors can then use a compromised device to spread their attack to the enterprise network. They may also be able to steal credentials from the device to perpetrate further attacks, or even retrieve confidential data directly if access is not properly secured.

The risk posed by outdated devices is exacerbated further for employees who connect to many new and unknown Wi-Fi networks during their day. Duo’s research found that 26% of users now access two or more different networks every week. Further, 8% accessed three or more networks a week, reflective of the fact that many workers are now almost constantly on the move.

Users who are constantly logging in from new locations are more likely to encounter unsecured Wi-Fi networks, which are at risk of being monitored or vulnerable to “man in the middle” attacks by criminals. In either case, an attacker can potentially intercept confidential data, steal login credentials, or infect the device with malware.

An increasingly remote workforce also makes the process of securing the enterprise network far more complicated. With workers now able to access applications and data from anywhere in the world at any time of day, it is far easier for a cybercriminal to infiltrate the network without being noticed. Unless an organisation has the right controls and tools in place, it is almost impossible to tell the difference between a legitimate user logging on during a business trip, and a threat actor using stolen credentials.

Introducing ‘zero-trust’

As the enterprise model continues to shift and adapt to the opportunity afforded by new technology, it is essential for organisations to ensure their security models are refocused to match. Rather than the old perimeter-approach that was effective for the fixed 9-5, office-based workday, the era of flexible working requires security controls based on risk factors related to users and their devices.

The most effective way of ensuring that remote access requests are coming from legitimate users rather than a cybercriminal using stolen credentials, or a compromised device, is to implement a zero-trust security model.

This security framework provides visibility into, and control over, the organisation’s authenticated users and their verified devices, granting them secure access to applications and data only after they meet specific security policy requirements.

Several processes must be carried out each time a user requests access to network assets. The first step is to verify the identity of the user themselves, which is best achieved with a strong two-factor authentication tool. At the same time, the endpoint device should be assessed to ensure it is fully up-to-date and has not been compromised with any malware.

Organisations can establish their own policies that define the minimum trust and security requirements needed to access applications and data. More valuable and at-risk assets can be protected with stricter controls.

While there should be no compromise on strong security, organisations should also be aware of the need to balance this with usability for their workforce. If the security process is too onerous or cumbersome, it will either discourage users from remote working, or encourage them to circumvent the policy with less secure methods. Implementing a single sign-on interface will enable users to access all protected applications in a frictionless way that does not disrupt their working day.

By balancing strict controls and visibility with a seamless, secure login process, organisations can empower their employees to access applications and data at any time or place – without leaving a way in for the cyber criminals.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up