Dive Brief:
- In 2019, only 3% of organizations had three-quarters or more of their workforce working remotely. After the coronavirus pandemic hit the U.S., 75% of companies allowed most of their employees to work remotely, according to a survey of more than 400 IT security decision-makers from Pulse Secure.
- More than half (55%) of respondents intend to continue increasing their work-from-home (WFH) security budgets.
- At 77% of companies, antivirus and firewalls solutions were the top WFH security solutions. SSL-VPN, multifactor authentication and backups rounded out the top five.
Dive Insight:
Companies using a hybrid model of physical and virtual solutions chose favorites in a hurry this year. The rapid leap to cloud-based solutions reaffirmed the technology's necessity in the modern enterprise.
The immediate adoption of virtual solutions "avoided deployment delays, such as custom logistics for those companies as well as their divisions outside the U.S.," Scott Gordon, CMO at Pulse Secure, told CIO Dive.
Scaling firewalls, VPNs or VDIs was more burdensome than requesting greater bandwidth. Pulse Secure observed customers adopting an average of two to three remote access tools, in addition to their existing VPNs. Centralizing management was becoming a challenge, especially for companies with locations using different solutions.
"This added administrative overhead impacted their rollout, communications [and] support infrastructure," and companies might not have anticipated delays in vendors' ability to provide hardware, said Gordon.
The U.S. Department of Homeland Security's CISA said unpatched VPNs are a "routinely" favored attack vector this year. And when companies turn on a firewall's SSL-VPN feature, the firewall's performance is impacted, according to Gordon.
While remote access protection is a staple of security strategies, tech executives now see it as a need extending into next year, said Gordon.
As remote work orders extend across companies, solutions hastily adopted to support WFH are becoming permanent.
Basic endpoint compliance for VPNs was common among customers, requiring typical configurations, and traditional security applications, such as anti-malware. The mass shift to remote work forced companies to apply more broadly to "access conditions," said Gordon.
"Many customers activated split-tunneling policies" to accommodate increased access to internal, web and SaaS apps," he said. The policies separate control (identity and endpoint verification) data that is directed to a VPN on the corporate network but simultaneously sends other data to a web application. The split prevents all data traveling through the corporate network.