By Paul Wood
The traditional office is turning into an untethered workspace that can be located just about anywhere and operate at anytime.
With instant accessibility to faster, wireless networks and collaboration tools like instant messaging (IM), working remotely is growing in popularity among businesses around the world. An IDC study estimated that the worldwide mobile worker population will grow from 919.4 million in 2008, accounting for 29 per cent of the worldwide workforce, to 1.19 billion in 2013, accounting for 34.9 per cent of the workforce.
An increase in the mobile worker population means one thing for IT professionals – an increase in security threats. In fact, recent analysis by Symantec.cloud found that remote workers are more likely to exhibit potentially harmful web browsing activity compared to office-based workers.
The reality of a distributed workforce also means that an increasing number of employees do not have a physical office or desk which can pose new security challenges. Traditionally, IT security was simply a case of securing the company network, implementing a security policy and locking-down the firewall. But with the network extending beyond the office, there can be many pitfalls when a business seeks to lockdown and secure its remote employees.
Related story – Mobile device are top security threat: survey
The security challenge
The fluid, hyper-connected work environment introduces new challenges to SMBs as it becomes inherently more difficult to manage and monitor the activity of the distributed workforce. It is likely that mobile workers will ignore their employers’ acceptable internet usage policies and visit sites deemed inappropriate for the workplace. Symantec.cloud found that downloads, for example, were 5.4 times more likely to be triggered by mobile workers compared to office-based ones.
In addition, website traffic blocks are triggered more often for remote workers than office-based workers because they are more likely to visit harmful sites. While working flexible hours provides opportunities for employees to enhance productivity, the roaming worker still requires policies to ensure secured and managed endpoint protection.
Companies need to plan for the increasingly chaotic environments that are no longer in their direct control. They must make sure that acceptable use and security policies are applied and they must keep pace with the constant demand for information by the remote worker. It is important for companies to determine how to best manage remote workers and their endpoints.
Mitigating the risks
To ensure the distributed workforce is protected from security risks, companies need to:
- Ensure laptops are regularly and accurately scanned for active infections and are equipped with adequate and up-to-date security levels
- Protect electronic interactions including email, web communications and IM
- Ensure acceptable usage policies are being implemented by blocking inappropriate content, excessive downloads, inappropriate surfing, risky web sites, etc.
- Secure interactions regardless of whether the employee is accessing company resources from Wi-Fi hotspots, their homes, or anywhere else
This can pose an even greater challenge for SMBs which often have limited resources at their disposal. Typically they don’t have the technical expertise to maintain the necessary endpoint protection on equipment used by remote workers and do not have the ability to regularly scan devices for active infections. They cannot easily assess remote systems to determine whether protection levels are current, and they certainly can’t secure all of the Internet sites visited, URLs clicked on or downloads activated while working outside the four walls of an office.
With the rise of the highly distributed workforce, the need for outsourcing security to the experts is growing. To take the pressure off, many companies who are spending their own valuable time trying to manage and secure workers are beginning to invest in cloud-based services. According to Forrester’s US Telecommuting Forecast, it is the new distributed workplace that is accelerating this transition to hosted solutions. These services not only detect and stop threats before they ever wreak havoc on a company’s network, but also offer a lower total cost of ownership (TCO) than solutions installed and run in-house.
Related story – North American firms wary about cloud computing security
Deploying cloud-based services for security and management means organizations don’t have to restrict how, where and when their employees can work remotely. Symantec Endpoint Protection.cloud for example, provides a hosted solution specifically for SMBs that helps protect an organization’s endpoint systems, such as Windows-based desktops, laptops and file servers. The solution has advanced technologies for antivirus, antispyware, firewall and host intrusion prevention. It is simply managed from a single Web-based management console and security updates are automatic and seamless, so protection of employees’ laptops is current whether in the office or on the road.
Companies must research and understand the difference between the various hosted and cloud-based services available because not all of them are alike. It is important that before adopting a hosted solution, companies fully understand and believe in the efficacy of the services. More importantly, they need to have high expectations of the providers’ service level agreements (SLAs), because at the end of the day, the service must be available, accurate and efficient.
The distributed workforce is here to stay, and considering a hosted solution will provide peace of mind so SMBs can remain focused on their own business at hand, while leaving security management to the experts.
Paul Wood is a MessageLabs Intelligence Senior Analyst, Symantec.cloud