With the COVID-19 pandemic, the term “new normal” has crept into our linguistic usage. This describes the new or changed ways of life that have arisen as a result of the pandemic. This applies to the private environment as well as to the world of work.
The coronavirus and its effects have turned many of our established processes and behaviours upside down. What seemed to be a utopia yesterday is now part of the “new normal”. Virtual reality has caught up with all of us – no matter from which perspective you look at it.
In the social context, the effects of the “new normal” are severe. The family celebration was and will be a virtual coffee chat. The pub visit with friends took place via Zoom conference. The visit to the gym was exchanged for online courses. In many areas where many people meet, wearing masks is another side effect of the “new normal” and is now widely accepted.
The Changing Business World In Times Of Pandemic
The “new normal” has also resulted in changes in the business environment. Business travel was put on hold, and video conferencing was booming instead. The most significant change was in the way and where we work every day. The home office with remote access to the resources of the company network began an undreamt-of triumph that is still going on. This consequence of the “new normal” will probably endure in many companies even if the restrictions of the pandemic are lifted.
The conversion of the working world to the home office has long been considered an exciting alternative. Still, due to the pandemic, the necessary change was often born out of necessity. Most companies had little time to plan because they were forced to adapt quickly and extensively to the new circumstances. After all, with office closures and curfews, work should continue to be effective without endangering employees.
As a result, technology has once again become the heart of many companies. Strategies for the introduction of digital technologies and transformation have been and are still in full swing. According to a report by the European Commission, almost 40 percent of employees in the European Union (EU) have switched to working from home due to the pandemic. Before the COVID-19 outbreak, 85 percent of those surveyed had never done their work from their desks at home.
Corona Is Setting The Pace For Digital Transformation
A global survey by McKinsey of executives showed that the pandemic caused companies to digitize their customer and supply chain interactions and internal processes by three to four years faster than initially planned. The proportion of digital or digitally supported products in company portfolios is as high today as it would have been in seven years under normal circumstances.
Last but not least, the cloud was a decisive factor in these rapid changes. It offers a much better way of operating remotely and interacting with customers than traditional IT infrastructures. Analogous to the cloud migration. However, several new challenges and risks also arose.
IT experts claim that cloud migration is as stressful as moving. While you can prepare as well as you can for any significant change, there are always unforeseen challenges. This also applies when the main work is done and ready for everyday life – just like after moving. The need to respond to the pandemic regulations may have dictated the pace of digital transformation in 2020. But the relocation of other on-premise legacy systems to the cloud will also have priority over the next few years.
With many companies making their transition under time pressure, it is high time for most of them to tackle the remaining tasks. It is essential to consider the challenges, security risks and best practices to ensure that a cloud-based operating model can be as successful and sustainable as possible.
Is The Cloud A Double-Edged Sword?
The cloud has opened up immense opportunities but has also brought with it considerable risks. Remote work, for example, has significantly increased the digital footprint of companies. More and more devices and applications had to be integrated into the existing ecosystems. Unfortunately, this also attracted the attention of cybercriminals. The FBI has reported a 300 percent increase in cybercriminal activities since the pandemic began. This development is due to the ever-increasing digital footprints, which offer attackers significantly more attack surfaces.
Just like businesses, cybercriminals have adapted to current circumstances. Her methods have become more refined, and she has geared her tactics to the current environment. In April 2020 alone, Google said it blocked around 18 million malware and phishing emails every day. They were proven to be related to the coronavirus, which shows how resourcefully cybercriminals are taking advantage of current circumstances.
IBM calculated that the average cost of a remote data breach increased by $ 137,000. According to Fintech News , the number of cloud-based cyber-attacks rose by 630 percent between January and April 2020. These statistics speak for themselves.
The fight against cybercrime is, therefore, one of the most pressing challenges of cloud migration. Another often underestimated source of danger are threats from insiders. Without adequate security protocols, employees can freely access sensitive data. Even former employees have access to confidential information, often long after they have left a company. Given the complex threat situation, security considerations must therefore be a priority when migrating to the cloud. Developing a solid security concept has never been more critical than it is today.
Privileged Access Management Protects Sensitive Data
There has been a lot of discussion in the past about the need for proper data management. The introduction of the General Data Protection Regulation (GDPR) and the Data Protection Act of 2018 already significantly contribute here. More than ever before, companies are required to protect their sensitive data, ensure compliance with regulations and prevent unauthorized access to the systems. Given the wide range of threats, “Privileged Access Management”, or PAM for short, is an adequate solution.
PAM is a solution that securely manages privileged user accounts, includes additional security controls and enforces the principle of least privilege. This significantly reduces the attack surface of an organization. Damage that can result from external attacks or insider threats is prevented or at least mitigated.
Privileged users are users who have access to a wide variety of company data. They are a promising target for cybercriminals. Wherever possible, user privileges should therefore be restricted. This improves the overall security and reduces the potential for intrusion into the company network. Because cybercriminals are forced to take more risks with their attacks, they attract more attention to the network. Incidents are more easily noticed, and defenders have a better chance of detecting attackers before they can cause damage.
How Does A Potential Cyber Attack Work?
An attack on the corporate network is not always easy to spot. In most cases, a cybercriminal will send an authentic-looking spear-phishing email to a company employee. This then unknowingly downloads a malicious application. This gives cybercriminals a foothold in the door to the corporate network. If the attacked company does not have a PAM, cybercriminals usually have free rein. For example, you can increase the permissions on the infected account and then move freely around the network. In addition, the attackers can access critical digital data and use it as they wish – be it to damage the company’s reputation or make financial claims. Even with ransomware, which usually causes a lot of damage, an IT environment can be infected.
Phishing attacks are a common problem for businesses. This is not surprising, given that 95 percent of all cyber injuries can be traced back to human error. Attacks of this type are now almost inevitable as their execution becomes more and more sophisticated. However, their negative consequences can be reduced if the IT managers have an overview of who has access to which data, applications and systems in detail.
Visibility And Authorization Are Crucial
So how can PAM be used to improve business transparency in a multi-hybrid cloud world where cloud-based operating models coexist with on-premises environments? First and foremost, PAM requires continuous authentication and authorization of all users. This raises IT security to a level that goes far beyond the protection of a traditional password. PAM helps companies to achieve continuous verification. Passwords take a back seat. The application works similarly to a digital lie detector test. Only those who pass it will have access to a company’s resources.
As a rule, the login data of users consists of a user name combined with a password. Only with this combination can users access applications and devices. If these credentials are not correctly managed, updated, and secured, the risk to businesses increases. However, these risks can be significantly reduced with a PAM solution. This is ensured by role-based access controls combined with multi-factor authentication.
PAM significantly expands the classic protection functions for the network. Instead of granting all users access to the entire digital portfolio, companies can apply the principle of least privilege through PAM. Employees are only allowed to access the data they need for their specific tasks. This increases security and tackles a significant problem faced by many Chief Information Security Officers (CISOs): transparency and verifiability.
Visibility And Transparency
PAM tracks individual access holistically. It enables certain instances to be monitored and, if necessary, to be marked if something appears suspicious. This improves visibility and transparency in both local and cloud environments. An individual test path is created for all actions. He ensures that violations are recognized earlier. Essentially, PAM offers a detailed insight into the various risk levels, individually adapted to the respective threat situation if necessary.
In cloud environments, managing access with continuous authentication and authorization is key to granular control. This is the basis for an adaptive, risk-based model with which the security team can individually adapt the protective wall around the company network to the individual situation.