COVID-19 pandemic accelerates transformation in enterprise security

We were already on our way to being a digital-first economy. The global COVID-19 pandemic, though, expedited the shift away from the last remnants of traditional operating models and placed further emphasis on the security measures that will be needed to support remote work, online-only models and other evolving norms on the business landscape. Fully digital businesses are the new reality.

Aside from essential workers, nearly everybody is working remotely during the current public health crisis, posing unprecedented security and privacy challenges. In a new ISACA survey on COVID-19 business impacts, 87 percent of respondents say the rapid requirement to work from home increased the risk of data privacy and protection issues. For organizations that already had a substantial percentage of remote workers, the shift was not as jarring, but many companies are accustomed to the majority of employees working in a traditional office setting. Abruptly, they have had to acclimate not only to equipping employees to be productive while working from home, but to provide guidance to help guard against an uptick in phishing and denial of service attacks increasingly being perpetrated by opportunistic cybercriminals.

The pandemic also has placed increasing pressure on IT departments to function in agile fashion. As noted in Diginomica, “At times of crisis, the time horizon for action is short. Nobody at the moment is thinking about multi-month IT projects, unless it’s how to put them on hold. Instead, IT leaders should be looking at much shorter timelines, falling into two waves. The first priority is rapidly redeploying resources for immediate needs, whether that means putting in tools to support people working from home, accelerating information gathering and analysis to get in front of stresses in the business, or switching to lower-cost alternatives.”

It’s not only the immediate period, though, that ultimately will be reshaped by COVID-19. In the early days of the pandemic, many understandably clung to the notion that several of these major changes would be short-term inconveniences as opposed to lasting overhauls to organizations’ ways of conducting business. But while the public health risks should continue to lessen with vigilance and with time, the related shifts to business processes will extend well into the future.

The road ahead

Businesses and the workforce as a whole will not go back to the ways they used to function, having been forced to find new ways to achieve business goals that allow employees greater flexibility and to reduce expenses associated with maintaining legacy infrastructures and technologies. For  example, companies that used to rely extensively on in-store retail now are shifting to put their full focus online, including convenience stores and larger retail chains. Some of these businesses might struggle to replicate their previous success in this new era, but they are more likely to be overtaken by more nimble competitors than to revert to their old ways of doing business. Going backward is seldom a recipe for success in our age of digital transformation and technology-driven innovation.

This brings us to the need for sharpened emphasis on enterprise security. Existing policies and procedures will need to quickly be revisited to account for evolving workplace culture and logistics, with especially careful consideration of BYOD policies. Consistent availability of enterprise technology also will be tested, which is why the cloud will be an even more heavily relied upon answer for scalability.

The overwhelming majority of enterprises (94%) already use a cloud service and half of enterprises already spend more than $1.2 million on cloud services annually, according to Flexera’s 2019 State of the Cloud report. The proliferation of cloud environments and the related expanded use of external partners means there will be an even sharper focus on disciplines such as IT governance and vendor management for the foreseeable future. While this will create some added responsibility for enterprises, it could benefit individual practitioners. The majority of respondents to ISACA’s Next Decade of Tech research expect IT pay levels to increase in the 2020s, and considering the added risk, security, governance and privacy challenges that will result from organizations’ recalibrated business models, there is little doubt that skilled professionals in these areas will be more in-demand than ever.

This has been a challenging start to the new decade for individuals and organizations alike. While some countries have been hit harder than others by the coronavirus, enterprises across the globe are facing the need to rapidly adapt to a new set of challenges on top of the acceleration of existing trends toward increased digital commerce and remote work flexibility for employees.

All these changes underscore an already pronounced need for robust technology governance and enterprise security. These dynamics will not fade away when the virus does, so organizations must retool their policies — and make the needed investments in their security programs — to acclimate to a business landscape that will never be the same.