Remote working has been on the rise for years, made possible in part by the development of SaaS services that offers accessible, affordable, resilient and user-friendly solutions that facilitate employee communication and collaboration. This trend was accelerated by the Covid-19 pandemic. Today, SaaS applications are dominant for the modern working environment, both in the office and remotely, accommodating many different working models including remote or hybrid working, offshoring (third party or direct employees that need access to data and systems), contractors and new organizational structures as a result of M&A.
But as we face this transformation in working practices, we have to acknowledge that it brings substantial risks.. Organizations need to take steps to ensure that security and control are not negatively impacted, and that this new distributed workforce is able to work remotely and enjoy a positive user-experience.
Revolutions also bring pain
Hybrid working has brought an additional shift in working processes in that today employees are not only working anywhere, they are using a variety of devices to do so. SaaS has played a role in this change, enabling any endpoint to become a portal to the corporate world, usually via the browser. Increasingly, this access is happening from non-corporate endpoints, with employees using the same device and browser for both professional and private use. Since the start of the pandemic, 69% of office workers are using personal laptops or other personal devices for work, while contractors or outsourced employees are using non-corporate endpoints that simply aren’t under an organization’s security controls. This is not going to slow down. In fact, according to Gartner, by 2022 more than 50% of organizations will be considering a Bring Your Own PC (BYOPC) policy to accommodate hybrid working.
Given weaker security systems outside of the corporate environment, cybercriminals have certainly seen hybrid working, particularly the work on SaaS, accessed mainly through the browser, as an opportunity. Attacks on the distributed workforce via the browser dominate via a variety of methods including zero-days targeting browser vulnerabilities, malware, malicious extensions, fraudulent emails and phishing attempts. The browser, ultimately a consumer-based application, lacks security controls offered by corporate oriented applications connected with a security backend management, and therefore may compromise the corporate environment.
Creating a new stability
While almost all organizations have implemented processes and existing technologies to boost security for remote working, they simply haven’t been strong enough to withstand this new firepower from cyberattackers, and too often are simply a patch applied to existing solutions. Virtual Private Networks (VPNs) or Virtual Desk Infrastructure (VDI) offer an option for a safer environment, yet only offer partial security coverage, and cause latency, high cost and friction that in many cases result in poor employee experience. Employers could also choose to block access to SaaS applications from non corporate endpoints, but this would ignore the reality that a modern distributed workforce values agility, convenience, flexibility and user experience alongside the ability to work anywhere. This would also create barriers to innovation and productivity.
Solutions such as multi-factor authentication, tokens, or complex passwords are not enough, as the non-corporate endpoint is an untrusted environment with a security posture that is not visible to the corporate, and might host malware and other unknown risks. These expose the corporate SaaS and data to many vulnerabilities: because of an unpatched operating system or browser, untrained users that increase malicious download and access, risky websites and networks or other additional vulnerabilities of any unmanaged endpoint.
The right solutions must be found and implemented in a manner that ensures data security, full visibility and control and also focuses on the user experience. This means creating a secure environment that is endpoint-agnostic, easy to operate, with a unified security posture for all endpoints is key for the hybrid workforce. Taking into account organizations’ and employees’ increased usage of browser-based SaaS applications, integrating security into the browser and creating a corporate environment based on a secure browser is the obvious answer. TalonWork is a secure, Chromium based, easy to use, browser that offers a new cybersecurity approach for the distributed workforce. It provides secure access, protection for corporate data and SaaS, hardens the corporate browser and full browsing visibility from any endpoint. Given that remote working is now the new normal, a secure browser offers the easiest and best way for employers and security leaders to maintain high security standards for all remote workers, while enabling employees’ productivity, flexibility, and a native user experience from both corporate and non-corporate endpoints.