Paradigm shift left VPNs, edge security awaiting long-term strategy

Dive Brief:

  • Edge security company Akamai was in the process of redesigning its office space into a more open concept, when COVID-19 eliminated the office environment entirely, said Maha Pula, VP of Solutions Engineering at Akamai, while speaking on a virtual panel Wednesday. 
  • Within the last 30 to 60 days, CIOs and CISOs “are starting to take a step back and thinking, ‘all right, that was a reactive approach we did in the early days of the pandemic. Now, what do we need to do?,'” said Pula. 
  • As companies settle into the idea of an indefinite remote work landscape, Akamai had to rethink the enterprise edge, reconfiguring security to balance where employees reside, where customers sit and what consists of the edge of the internet, according to Pula. 

Dive Insight:

The upswing of a majority remote workforce was removing the inequities between in-office and already remote employees, she said. For existing remote employees who might have felt detached from the headquarters or company culture, “that feeling is now removed.” 

Even with a renewed sense of “understanding and empathy” for remote workers, the paradigm shift forced companies into reactive strategy-making, as opposed to forward-reaching goals.

In some cases, the shift required a reversion to past security techniques. Customers told Akamai they had “to take the original approach,” and use traditional VPNs. 

Prior to state shutdowns, only 3% of organizations had three-quarters or more of their workforce working remotely. Most organizations used antivirus and firewall solutions as their top work-from-home security tools, in addition to existing VPNs, according to a Pulse Secure report. 

VPNs grant users access to their digital applications but the tool can’t always accommodate scaling for storage without an expensive price tag. IT has faced an on-going issue during the pandemic, administering VPN patches and updates. 

In May, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a warning for “routine” VPN exploits in 2020. “Arbitrary code executive” flaws in Citrix VPNs and an “arbitrary file reading” vulnerability in Pulse Secure were among the most common targets for bad actors. 

Dealing with traditional security measures like VPNs months after initial shutdowns is multifaceted, according to Pula. IT is balancing new processes in terms of physical readiness for devices, and endpoint protection and access. 

Companies are coming to terms with the reality or inability of securing every employee’s network. It moves the focus toward endpoint protection. “We are seeing about a 40% increase in consumption of internet services over enterprise connected devices, which means more and more of your employees are using their work laptops,” said Pula. 

Employees would not be doing this as much if they were still in office, accessing applications outside a company’s network. The result is an unusually high inundation of cyberthreats. 

“Companies have to stop and think about what they have done in the first 60 days to what they want to be doing in the next 60 to 90 days as well,” she said.