In this video, Jon Oltsik and Doug Cahill discuss the implications of COVID-19 on cybersecurity, including securing endpoint devices, the telemetry data that teams are collecting to understand user behavior, and the new wave of cloud security vendors focused on identity access and management (IAM).
Doug: Hello, everybody. Thanks for joining today's video with Jon and I. First and foremost, we hope this finds everybody safe and well. It was great to see everybody at RSA Conference a couple months ago. Boy, Jon, that feels like it really was an eternity to go and it was probably the last in-person tech conference of the year.
Jon: It was the calm before the storm, Doug, but who knew? I mean, we were probably right in a petri dish there, but we got out okay.
Doug: Absolutely. Absolutely.
Hey, so we're here to share some of our thoughts on how the pandemic has impacted cybersecurity programs being researched in analyst firms. You'll be surprised to hear that we have a number of research surveys in the field right now across multiple personas that are impacted by the stay-at-home order. So, we're looking at how the pandemic has impacted, obviously, cybersecurity professionals, their role and responsibilities, IT decision makers, and how the pandemic is impacting IT priorities, including operational, both in cybersecurity priorities, but also knowledge workers.
We actually have gone out and surveyed those of us, like all of us here on the call that are now working from home. Hey, just to kick things off, what are you hearing? How has this extremely new situation really impacted cyber programs?
Jon: Well, it has, Doug. And it's changed priorities. So, what I'm hearing is a lot of big projects that involve lots of different people, and cooperation and maybe some infrastructure deployment. Those things have been postponed. In the meantime, there was a scramble to get everyone up and running first and foremost.
So, a lot of cybersecurity people were asked to participate in IT tasks, and then after that, it was all about getting things secure. So, there was a scramble to deploy endpoint security, for example, to understand home networks, maybe some vulnerabilities there, and also to do secure communications between home and the corporate network, but also out to the cloud.
Doug: Everything you just rattled off, my son went through. He's doing commercial and processing for a bank here in New England, and they shut his office overnight. He had to work from home. So, first thing was delivering his workspace through VDI. Second thing was multifactor authentication, since he is dealing with sensitive information. And then to your point, Jon, after those sort of operational issues, then they went and they said, "Hey, by the way, are you running current antivirus software on your MacBook?"
It's an unmanaged device. We have knowledge workers now working from home on unmanaged, potentially insecure devices which begs the question about endpoint security. How are you seeing businesses, you know, sort of assure that their remote workers on, you know, personal devices are running the latest endpoint security software?
Jon: Well, they're scanning those devices to understand what they are. They're scanning networks to understand what other devices are on those networks. I've also seen a lot of, you know in the past, the default settings weren't always at the maximum security. Security teams are now mandating that the maximum security settings be used.
Doug: How has, I don't know, sort of the sources of event telemetry and activity, you know, changed with this highly distributed workforce, sort of this, you know, amorphous perimeter, right? How does that impact cybersecurity analytics and operations?
Jon: Yeah. That's a good question. So, the first thing was get everyone up and running. And the second thing was to start to collect massive amounts of data to understand user behavior, to look at threats, to look for potential anomalous behavior on networks and things like that. So, there's been a lot of telemetry being collected.
A lot of this analysis is being done in the cloud because it's easy to scale and get that data to the cloud. And so, what we're looking for is ways to tighten up security, but we're also looking at policy management, for example. Do users have too many privileges, and can we lock those down? So, those are things that I think will be longer-term.
But speaking of the cloud as I was, what I'm seeing is a lot of emergency deployment of new applications to the cloud for communications, for emergency response. And that means cloud security, Doug, so what are you seeing there?
Doug: Yeah, you bet. I mean, cloud applications have...well, they're already being broadly adopted, and this has really been an accelerant for even broader use of cloud applications. And when you do that overnight, you know, you're not necessarily thinking about secure configurations. So, very often, you know, these applications are just, sort of stood up impromptu and managed by a business unit and that creates a couple issues in addition to insecured configurations.
It also creates sort of this notion of silos of identities. You know, I may not be connected to my impromptu directory store, may have overprivileged accounts. We've seen Zoom bombing because, you know, Zoom sessions have not been appropriately secured really from a authentication perspective. Now, fortunately, we're seeing some vendors, so it's sort of a next wave of cloud security vendors that are really focused around identity and access management specific to cloud services both SaaS surfaces and infrastructure as a service services and human and non-human identities.
So, not only thinking about users but also service accounts. And then to your point, here are the privileges, and are those privileges appropriate? You have to think about privileges a little bit differently in the context of cloud applications. For example, should a user be able to open up a new Slack channel? That's a particular type of privilege and, you know, in that Slack channel, you may or may not be sharing sensitive information. Should you be able to share files through your enterprise file sync and share service is another fairly obvious example of a type of privilege that you may or may not want to grant in a cloud context.
Almost half of the respondents in a recent study say that their adoption of cloud service has had a significant impact on their identity and access management program. And that was before this whole mess.
Jon: Well, there's plenty to talk about here, Doug, and I'm sure we'll be back online again soon, and talk some more about what we're seeing, what we have coming, and, of course, we've got some great research that we'll produce with the ISSA very soon on what's happening with COVID-19 in security.