Data centres used to be perceived as fortresses: strongholds that protected businesses from external threats.
They controlled everything, managed the movement of data, and access was contained. With the adoption of the cloud over the past decade, this began to evolve as more data was interfaced to more locations. But the mass shift to remote work at the start of the pandemic spurred new and accelerated changes in security thinking and approach towards the data lifecycle.
With little warning, organisations abruptly had to secure dispersed workforces at scale, all while maintaining business continuity. Cybercriminals capitalised on this by looking to exploit weak points in companies’ security architecture, with the World Health Organization reporting a fivefold increase in attacks in the first two months alone.
In retaliation, businesses have had to adapt. Instead of relying almost solely on traditional data protection methods, organisations have started to assess security measures across their entire ecosystem, from the data centre to the cloud, to devices and employees. By encompassing these factors into one holistic view and ensuring that each element is securely protected, companies are creating a new era of secure, trusted ecosystems that cater for the hybrid world, centred around the individual.
The cyberthreat surge
Cybercrime has increased in tandem with technological developments, and attackers often have the upper hand. Previously, enterprises had the advantage of better resources. Now, the tech used by criminals is equally as sophisticated, if not more superior in many cases.
This means that businesses have a minefield of issues to combat. Firstly, with so many potential threat surfaces, there is no single solution they can turn to. Secondly, there is always a way into a system. And thirdly, the landscape is continually evolving. As a result, it’s vital for organisations to keep up-to-date with the pace of the industry, both from a technological and personal standpoint.
Remote work, however, has led to complications. Circumstances changed, but as the interface remained the same – with employees moving from an office to a home screen, undertaking the same work – many assumed the equivalent for security too. With more people accessing data from more locations, it’s no longer a linear journey from data centre to office. And with end-users more vulnerable, the importance of security from the employee side is just as important as that in the data centre.
Fundamentally, organisations need to realise that there are different threats coming from all angles, and the world is quickly changing. They need complete end-to-end security solutions that begin with design and continue through supply chain, delivery, and the full lifecycle of devices. The importance of security needs to be instilled into every employee, alongside the repercussions of weak practices – not least financial loss, but reputational damage too.
The importance of infrastructure
Although creating new security protocols may seem like a looming and futile task, continuously met with fresh challenges, organisations do not have to forfeit business output to maintain it. With so many features now built into the technology ecosystem, each element can be sufficiently protected with productivity and hybridisation in mind.
But this means that infrastructure needs to adapt to reflect the changes in the workplace. In a hybrid world, the same level of performance requires better infrastructure, as data centres need to support numerous home offices instead of a handful of larger hubs. In addition, it needs to underpin the emerging trend of ‘hypertasking’, which sees numerous tasks undertaken within a limited timeframe with the help of technology.
People still need to work effectively and be secure without having to compromise performance. Infrastructure must be kept up-to-date, but similarly, users need to be continually informed about the latest enhancements. Features like encryption and VPNs can slow devices down, impacting productivity in the process. As a result, users lose trust in the effectiveness of these measures and abandon them altogether, unless upgrades are both communicated to and tested by employees. If infrastructure successfully meets and exceeds increased demands, the resulting performance improvements mean that organisations don’t need to compromise security or business output.
The past 24 months have been a test in this essence, and infrastructure rose to the challenge successfully. But it also identified gaps to be remedied and areas to be improved, such as the need for greater security measures. Ultimately, the world will not return to pre-pandemic ways of working and living, and infrastructure needs to match up with the hybridisation era. Governments and corporations alike are coming to the realisation that this is vital to support society now and in the future.
As reliance on infrastructure increases, so too will security threats, and organisations need to take necessary steps to protect it. Technologies like Trusted Platform Modules (TPMs) are being built into servers to support this, acting as physical locks that prevent them from being easily overridden through software hacks. ThinkShield, for example, embraces tech like TPMs, spanning the supply chain as well as mobile, PC and server products. Essentially, the infrastructure acts as phase one of the security ecosystem, as data then moves from the cloud through to the employee.
Transforming weakness into strength
The security weak link in business is usually the individual, and often inadvertently. Employees tend to be more vulnerable to threats when working alone without nearby colleagues to help identify potential threats, and criminals are exploiting this. In August 2020, a few months into the pandemic, INTERPOL reported that personal phishing attacks made up 59% of cyberthreats in member countries.
However, employees can also be a strength. If staff are trained and understand the security landscape well, they can act as the first line of defence for an organisation. While technology can be compromised, many large cyberattacks can be combatted by human intervention. For instance, an individual could assess whether it is a good idea to join a public WiFi network, or whether they should use a VPN. Some organisations even share phishing simulations with rewards for employees that report the emails or avoid clicking on potentially harmful links. Others have implemented architecture like Zero Trust, which requires people to verify any device, network or user without trusting them by default.
Above all, the importance of maintaining optimal security revolves around the brand, the company, and its reputation. But it’s also about the user experience – ensuring that employees themselves feel safe and protected, while being able to work wherever as efficiently and productively as possible.
The death of the security fortress?
The days of data centres acting as fortresses, being solely responsible for the security of an organisation, are numbered. The hybrid workplace revolution has necessitated new security ecosystems, securing data through its lifecycle from the data centre to the cloud to devices – and, perhaps, most integrally, to employees. If staff are equipped correctly, they can act as individual security strongholds, whether in the office or at home.
By breaking down silos and taking a holistic view of security, businesses will be better protected from evolving threats. And with the right infrastructure to support them, employees will step into the hybrid era safely, securely and productively.