While our established cloud infrastructure allowed us to shut the doors on headquarters without productivity loss, we still found ourselves responding to situations we didn’t anticipate. Since the entire workforce moved remote overnight, our AI alerting took time to catch up to new user behaviors. Alerting systems that used to be reliable needed time to recalibrate to behavior changes. It took more time and a more critical eye to wade through false positives and find legitimate threat alerts. Increased activity forced us to dissect our security policies almost daily. We’re still seeing more sophisticated email-based attacks everyday. Built-in reporting and monitoring provides a high level of visibility into the behaviors in our environment, yet sometimes it doesn’t seem to lend much insight into legitimate threats. Alert and change fatigue could be imminent if we don’t find a way to dial our daily work to the new normal.
The Long-Term Outlook
But this is not a normal work-from-home scenario. There’s no defined end date, meaning you should be prepared for a larger remote workforce moving forward. It’s expected that between 10% and 50% of workers will remain remote after the stay-at-home orders are lifted. How do you continue to maintain a productive and secure cloud workforce with more and more remote users? Do you need to increase the size of your IT team? How do you scale to the new security needs of a remote workforce? Now more than ever, the conversation about security needs to change.
A lot of my fellow systems administrators have an adversarial relationship with the workforce they support when it comes to enforcing security policies. This is felt more poignantly now as new and sophisticated threat actors take advantage of distracted organizations trying to cope with the new normal. It could be a lot to ask of your users to think like SecOps while they’re stuck at home during a pandemic. Users are likely the most vulnerable threat vector, but they’re also your first line of defense. Wouldn’t it better to think of your workforce as your Tier 0 security team? With a company-wide crew of well-educated first-line defenders, you could turn your organization into a formidable foe.
Make everyone a part of your security team
While you can’t expect users to have advanced incident response skills, you can help develop an awareness of security best practices and basic incident recognition skills. How do you change the culture of the organization to embrace security as a daily mindset? There’s a lot systems administrators can do to break down the barriers to that conversation. For example, start small by posting security tips on Teams or Slack. Have a casual chat with a user about setting a password on their home wifi. These small acts can evolve into a regular training program intended to shift norms within your organization to include strong security awareness. This training program could gradually grow in complexity as your users become stronger and more confident in their security awareness. Before you know it, you’ve recruited your entire company to your Blue Team.