Growing Security Safely in Canada
No one could have foreseen the changes to the workplace that occured over the past year. The need to rapidly switch to remote work environments created pressure for IT teams worldwide, but doing this while keeping their organizations safe and adequately protected was one that many unfortunately overlooked. Seventy percent of Canadian organizations found themselves vulnerable with the exposure of their Windows Remote Desktop Protocol (RDP). It is important for companies to ensure their information is secure regardless of where their employees are working. Doing so will help avoid breaches and exposures, allowing companies to do their work safely.
As IT Stands Now
You can expect to see major changes this year. Prisma Clouds’ 2021 Cloud Threat Report and Verizon’s 2021 DBIR Report show how companies have needed to adapt and expand cloud workloads and how this has affected their cybersecurity.
Moving to remote work forced the perimeter of the workplace to expand swiftly and substantially. Companies worked to adapt quickly to ensure their work could be done effectively while their employees’ environments changed. This led to the cloud workloads of organizations growing by 20% from December 2019 to June 2020. With this change many made the mistake of expanding their cloud network without also growing their security, leaving their information vulnerable. Phishing, ransomware, credential theft and web app attacks increased, catching organizations in their vulnerable states. Automated controls can help successfully expand cloud workloads while also preventing breach scenarios.
Security needs to be intentional, not left as an afterthought.
In April to June of 2020 alone, security incidents increased by 188%. External cloud assets were being attacked more than on-premise assets as companies expanded their cloud services — often without security in their plan. Not surprisingly, increasing a cloud network also significantly increases security risks. In their oversight, 35% of businesses made their cloud storage publicly accessible, meaning anyone could access it from the internet. Without having automated security controls in place, companies’ critical information exposure can go undetected. Focusing solely on cloud growth without giving security the proper attention it requires can lead to breaches and leaked critical information.
It Is Time to Expand the Perimeter?
Per the statistics above, it’s obvious that the old perimeter-based security approach is insufficient for today’s security needs. Organizations must now secure a mobile workforce that uses a mix of corporate-owned and personal devices (BYOD bring your own device) to access cloud-based applications and services and expand the security perimeter.
There are several resources available that can guide organizations move toward a secure framework. The Canadian Center for Cybersecurity provides a list of baseline security controls, so you can choose the right moves and develop a foundation for implementing a zero-trust approach to security.
Duo Can Help
Organizations can start the zero-trust implementation by introducing MFA (multi-factor authentication) to protect all users, establish trust in devices, protect applications with access controls, and secure remote access from any location.
Duo’s multi-factor authentication secures access to all applications from any device, whether it’s corporate-owned or BYOD. Duo’s Device Trust enables organizations to gain visibility into devices connecting to their network. Additionally, Duo’s granular policy controls look at details such as the health of the device or its geolocation, and then make compliance easy to enforce. And with Duo’s machine-learning Trust Monitor feature, you can detect whether a login is normal or deviates from established patterns and therefore find and remediate access threats early.
We recently announced our upcoming passwordless authentication solution which will take authentication to a new level. Passwords are prone to human error and hard to remember, while passwordless authentication can help increase user productivity and reduce the administrative burden of password-related help desk tickets and password resets. And of course, getting rid of passwords will increase security by eliminating threats and vulnerabilities related to them (including phishing, stolen or weak passwords, password reuse, brute-force attacks, etc.).
Securing your organization’s information and cloud network does not have to be a stressful, unattainable task. By implementing a framework that will continuously work to protect your organization, you will alleviate the burden of password-driven breaches. Duo helps secure your organization and protect your workloads while you focus on your tasks at hand.
Try Duo for Free
Want to test it out before you buy? Try Duo for free using our 30-day trial and get used to being secure from anywhere at any time.