Many companies have been strongly encouraging, even mandating their employees to work remotely the past few weeks. We’ve seen Google, Facebook, Microsoft, Twitter, and others embrace a work from home posture. While not every employee can do their work away from their desk or without human contact, it’s encouraging that many actually can. Cloud adoption and digital transformation have played a significant part in enabling distributed work, much needed these days. It’s hard to imagine a response at this scale being possible just a few years ago.
Over the past ten years, organizations have become comfortable with moving their critical business systems to IaaS and SaaS, and storing valuable and sensitive data in the cloud, including patient records, employee details, business intelligence, customer records, and more. Engineering and DevOps teams can access code repositories, build, deploy and manage applications entirely in the cloud. Sales, finance, and HR teams can access their applications and data without setting foot into the office.
Cloud email is no longer just a communication tool. It has become an unlimited repository for employees to store, search and share data easily. Applications like Salesforce allow users to easily download and share reports with anyone, and to communicate with customers, partners, and other employees from within the platform. They enable third party applications to access data and take actions on behalf of users. Anyone with valid credentials and appropriate entitlements can access cloud assets from anywhere in the world.
SaaS and the digital transformation has changed the nature of work. These changes need to be reflected in the way security protects applications. Businesses embracing the cloud has allowed organizations to respond to crises without losing productivity. Security teams in these organizations play a silent yet critical role in ensuring that the business stays safe through these periods of radical change. Unfortunately, we already see bad actors taking advantage of this crisis to launch attacks on organizations.
Security teams tasked with enabling secure collaboration and business continuity will find the following tips and recommendations useful.