Stay Safe: How COVID is Rewriting the Rules for Data Security

0
160
Physician in medical face mask holding syringe while senior lady keeping arm on cushion stock photo

By Matt Deres

Moore’s Law famously posited that the number of transistors on integrated circuits would double every two years. In turn, this has been interpreted to mean that processing power would also grow at the same rate. And in the 50+ years since Intel’s Gordon Moore first made his prediction, that has (roughly) been the case. But it hasn’t been a smooth, even rise. Progress has been jerky and messy. If you were to look at a chart cataloging compute power, it would look a lot more like a seismograph reading than a hockey stick. IT security is the same way.

Just as processing speeds have suddenly lurched upward because of certain events, like the introduction of the Pentium chip, the advent of 3G and 4G mobile, and the rise of the cloud, IT security has also gotten better in fits and starts. Innovations such as BYOD completely changed how we think about firewalls. Due to the blurred lines between personal and business use, tools like Google Docs or Dropbox forced us to address how we keep sensitive documents secure. And now the COVID-19 pandemic is rewriting the rules on just about everything.

For starters, no CIO in the world envisioned a day when every single person in their organization would simply work from home—and stay there for three or four months. And yet here we are, in a world where literally millions of people are accessing and sharing incredibly sensitive data on uncontrolled, residential internet connections. Some, not all, are even working from their own personal devices, which means that they’re using the same computers that they use to surf the web with zero restrictions. NGFW doesn’t matter when everyone is sitting on their couches wearing sweatpants. It’s a recipe for destructive malware attacks that we never expected.

And if that weren’t bad enough, it’s not just the “civilians” who are working from home; entire IT teams are also working remotely. This has made it exponentially more challenging to develop policies and protocols to protect data. Even basic tasks like helping people change their passwords or access the VPN are infinitely more challenging than they were a month ago.

So, what long-term effects will these new challenges have on data security? For starters, we’re already seeing improved programs with better mail filtering, data loss prevention (DLP), and endpoint security. Supporting this software will be more defined corporate materials to educate employees on password, identity, and access management. Could a greater focus on security push biometrics, like fingerprint and facial recognition technology, to become more widely used? Or will companies gravitate towards zero trust, where access to specific data and resources is only granted on an as-needed basis? Biometric technology and zero-trust models already exist. It’s just a matter of adopting them. 

As crazy as our current situation is, the future may be even stranger. We don’t know when we’ll be allowed back in our offices, and we don’t even know what that will look like once social distancing rules start relaxing. Will people come back? If they do, will they only be in the office a few days a week? Can we improve the mobility of our IT services without compromising security? These are the unknowns that I think about every second of every day. We’re in a crisis response mode right now, but we also need to look ahead to the future. And none of us really know what that future will look like.

Matt Deres is senior vice president and chief information officer at Rocket Software, a Boston area-based software development firm specializing in application modernization and optimization, where he oversees IT strategy for the company’s domestic and global operations. He has more 15 years of senior-level transformational IT experience, having previously served in key leadership roles ACI Worldwide, PTC and Thermo Fisher Scientific, among others.