This post was previously published on The New Stack.
By now, you’ve probably read loads of articles that discuss the COVID-19 pandemic’s impact on business, politics, the economy and much more.But what about SecOps? What permanent effects has COVID wrought on the way businesses secure IT assets?
Let’s explore those questions by examining three key security trends that promise to endure long after the pandemic has finally receded.
Supply Chain Security Challenges
The pandemic has coincided with two types of supply chain crises.
The first is disruptions to the physical supply chain of goods and services that drive the global economy. That’s a story you’ve likely heard lots about already, and it doesn’t have anything to do with SecOps specifically.
But the second supply chain crisis of the pandemic era does very much affect SecOps. It’s the software security supply chain crisis. Heralded by events like the SolarWinds breach of late 2020 and the Log4j fiasco of late 2021, the software security supply chain crisis involves risks to “upstream” software tools or platforms that attackers can exploit to gain access to the environments of any business that uses those upstream resources.
The first supply chain crisis – the one involving material goods – should go away on its own, once the pandemic is no longer crippling logistics operations.
But security problems with software supply chains aren’t going to disappear with the pandemic. To solve this challenge, businesses need to extend their security automation tooling so that it addresses not just risks internal to their environments, but also those that originate in the software supply chain.
In practice, this would mean automatically identifying the third-party software components that your business uses, leveraging vulnerability databases to determine when one of those components is subject to a vulnerability, and, where possible, automatically mitigating the risks by isolating the affected component or upgrading it to a secure version.
Remote Workforce Security
It’s no longer a secret that remote workforces – once seen as a temporary response to the pandemic – are here to stay. Long after the pandemic has ended, the typical business should expect at least some of its employees to work remotely, at least some of the time.
For SecOps teams, keeping these remote (or hybrid) workforces secure requires addressing new challenges that don’t exist when all of your sensitive data and applications live on-premises or in the cloud. SecOps professionals will need to secure home PCs and networks – and the business applications and data exposed to them.
That’s hard to do, of course, because it’s not practical to send cybersecurity specialists to every employee’s home office or favorite café to ensure that the employee’s local network is configured securely, the employee’s devices are malware-free and so on.
The solution is modern, easy-to-use security automation tools, which business units can use to define security requirements for their employees no matter where they are working. In other words, instead of relying on overstretched cybersecurity teams to manage remote IT assets as well as conventional ones, businesses can place security tools in the hands of their non-technical users to keep remote and hybrid workers secure.
These days, malware is kind of like COVID: It’s everywhere, it threatens everyone, and despite tremendous effort to get it under control, the rate of cyberattacks has only increased as the crisis has unfolded.
The good news is that rampant malware risks are something businesses can control if they think creatively about cybersecurity. Instead of simply investing in more of the same complex solutions that have yielded only limited effectiveness in mitigating ransomware and other malware attacks, SecOps teams should leverage lightweight security automation. When they do so, they empower everyone with security automation, not just an elite cybersecurity team.
In turn, business stakeholders gain the ability to define and enforce security rules for themselves, even if their business is not large enough to have a dedicated cybersecurity team. And even at companies that do have a dedicated SecOps operation, lightweight security automation can manage the bulk of the threats, freeing cybersecurity experts to focus proactively on big-ticket risks instead of drowning in security alerts.
It would be nice if security challenges like supply chain security risks, remote workforce security pitfalls and pervasive malware threats would disappear along with COVID. But they won’t, which is why now is the time to start looking for solutions like lightweight security automation that allow businesses to get ahead of new SecOps trends and challenges that are sure to persist long after the pandemic is through.