Covid-19 sent shockwaves across industries, touching every person on the planet. Overnight, organisations that people depend on for employment, healthcare, education, infrastructure and services had to rapidly transform just to function.
Some maintained continuity by moving entirely online in a matter of weeks, creating demand for virtual processes and remote collaboration on a scale we’ve never seen. Microsoft’s Satya Nadella said the company had seen two years’ worth of digital transformation in two months.
Any time a process or function goes digital, it creates a potential cyber security vulnerability, especially when so many systems are implemented so quickly.
Security teams have been forced to adjust to new paradigms, find new ways to triage threats, and simplify tools and processes – rapidly.
With our technologies in the hands of billions and serving as the digital platform for much of the world’s infrastructure, Microsoft has in many ways been at the epicentre of this disruption.
Like everyone else, as the pandemic initiates waves of digital transformation, we’ve been learning continuously from customers and our own experiences.
Here are five observations from that vantage that we think are here to stay.
Security is the key to digital empathy
It’s safe to say that many companies will continue their remote work policies going forward. Some will operate under a hybrid model where certain roles are based in the office and others remain home. Some will stay entirely virtual. The question becomes how to protect the organisation while also nurturing productivity and collaboration.
Technology’s role is to support how people work. Security’s role is to safeguard the digital assets they’re using with as little impact as possible. And although people are working in unanticipated ways under stressful conditions, IT systems must allow for this diversity of work styles and scenarios – and embrace human error – more than ever.
This is digital empathy.
Security pros used to say that controls were built because humans were too casual. We need to change that point of view. Going forward, we must improve controls to support and empower people amid the new challenges they are navigating.
Companies should empower everyone by trusting no one
Historically, organisations have trusted a finite set of apps and devices they own and manage, largely behind their firewalls, mostly in their offices. Today, to meet employees where they are, they must secure apps and devices anywhere.
The concept of zero trust is about enabling employees to access their work regardless of location or machine. Under a zero trust model, the identity and access system does not just interrogate the user. It interrogates the machine, the network signal, the data being accessed, and whether the applications being used are patched and updated.
If you trust nothing, you can actually allow access to everything, secured based on its level of risk. When people are working remotely on their own devices, a zero trust architecture is essential.
Diverse threat intelligence is key
Microsoft tracks more than eight trillion daily signals from products, services and feeds around the globe. But the number of signals isn’t actually as relevant as their diversity: the location, the device, intel from threat feeds, and other resources like Office 365, GitHub, LinkedIn and Xbox, to name a few.
Diversity of signal allows us to triangulate and synthesise the data into real threat intelligence. During the pandemic, a blend of AI tools and human based-insights has helped identify new Covid-19-themed threats targeting health systems, government aid, delivery apps and more.
This also illustrates how important having contextually relevant threat data is to security operations centre (SOC) admins. No two companies or environments are the same, so there is no one-size-fits-all threat intelligence feed.
Instead of overwhelming SOC admins with false leads, the key is a combination of low-level automation and human attention. Better data allows us to train the system to automatically identify and remedy low-level incidents while prioritising critical or complicated issues requiring human intervention.
Cyber systems resilience is fundamental to business resilience
Even under best practices, disruptions occur. And global events like the outbreak of Covid-19 or widespread civil unrest creates incredible complexity for cyber systems that attackers will constantly try to exploit. So having a full cyber resilience plan is absolutely fundamental to an organisation’s ability to quickly absorb the blow and bring systems back online.
We talk a lot with customers about identifying essential business systems and ensuring they can be revived swiftly through some type of redundancy. Fortunately, in our cloud-based world, building redundancy into critical systems is easier than ever.
The cloud is a security imperative
Organisations often react to a security event by buying a tool, resulting in a proliferation of tools that don’t talk to each other. It becomes unwieldy to manage and actually can make security less effective.
Bolting on tool after tool creates new attack surfaces – gaps between tools and weaknesses caused by integration efforts – that hackers understand well. And synchronicity problems, caused when a vendor upgrades and the organisation doesn’t, can exacerbate any security issues.
The solution is having a fully integrated set of tools built into the overall technology stack. The cloud was built for power, scale, and integration, and on-premise solutions simply can’t match its level of integrated security. The cloud also streamlines the software supply chain, minimising the risk of vulnerabilities introduced by bolt-on tools.
The lessons of Covid-19 have permanently changed society, and to a lesser extent, the way we think about cyber security. In a world where people are simply trying to keep their business in business, our practices must evolve. By making the entire system easier to protect and manage, it’s also much easier to recover.