Drata Advertisement

Drata automates evidence collection and monitors risk 24/7 for 14+ frameworks, including SOC 2, ISO 27001, GDPR, and HIPAA, so you can stay compliant without the messy, manual work. Book a demo to see compliance automation in action.

Book Demo
With remote and distributed working now a firmly established part of the workplace mix for many organizations, the cloud is playing a pivotal role in enabling more flexible and unpredictable working environments. However, it is not without its security challenges. Dave Cartwright, CISSP, explains.

Before early 2020, distributed workforces were far from the norm. Yes, remote access has been a thing since the late 1990s (the advent of 56Kbit/sec modems made it reasonably usable for business purposes), but since then remote access has been used primarily for occasional access.

This doesn’t mean that there hasn’t been such a thing as a permanent home worker, of course, just that until COVID-19 hit the planet in 2020 it was a relative rarity in the grand scheme of things.

Since then, the world has changed and it is perfectly usual for people to work at home frequently, and even to make home their standard place of work. Although the likes of Elon Musk are bucking the trend and demanding people go to the office, far more companies are going the other way and are embracing home and remote work.

The Benefit of Timing

The main reason is fairly clear: even companies that, pre-COVID-19, were convinced that letting people work where they wanted was a recipe for disaster, they were forced to try it out and in many cases were astonished at how well it worked. To be fair we were lucky: if the lockdown had happened 10 years previously it would have been a disaster, technology-wise – we would simply not have coped, because the tech wasn’t up to it.

The key enabler for sending people home and allowing them to work effectively and productively was that applications were cloud-based. And those reasons were predominantly technological.

Let us step back and compare the contrast between on-premise applications and cloud-based ones. First, consider how they are accessed. On-premise systems are accessible by default from inside the relative trust and safety of the network, but to use them from outside the office requires some kind of remote connectivity – a virtual private network (VPN) perhaps, or some kind of virtual desktop approach. The default position for remote access is that it’s not possible until you enable it. While it is perfectly feasible to do remote access securely, unless you have proper design, planning and security review there is a risk with implementing remote access into on-prem systems – particularly when it is done in a rush, as was generally the case when Covid came along.

When Systems Sit Outside the Network

Cloud services, on the other hand, are internet-based. Of course, that doesn’t mean everything in a cloud environment is automatically available to anyone out there in the big wide world (that would be rather unfortunate) but it does tend to make it much easier to enable secure connectivity for remote and home workers than is the case for on-premise systems. The big cloud providers, in their years in the business, have built suites of security features and systems that make securing the cloud – perhaps ironically, given that the cloud is out there on the internet – in many ways more straightforward than securing remote access to on-premise kit.

And there is a second element of contrast between local and cloud systems: someone else looks after them for you and installs new features and software patches. One of the key memories many of us have from lockdown is just how technology ramped up: even though the cloud and software vendors themselves had their design, development, testing, implementation and support teams scattered to the four winds, they nonetheless managed to ramp up feature sets and service capacity to enhance service performance and functionality.

Since the lockdowns have eased – although of course they haven’t gone away – vendors continue to develop systems. Rather than our tech teams having to run upgrades on, say, our email, videoconferencing or SharePoint platforms, the vendors do it for us with no hassle and no intervention on our part save perhaps for users having to click an “OK” button every so often when prompted that they need to download a new version of the given app on their laptops.

A Challenge of Culture and Environment

Of course, technology is not the only challenge. Remote working has social implications, family implications, health and safety implications, physical security implications … even tax implications if staff have decamped to bases overseas. But done properly, the benefits are tangible. Yes, lockdown prompted a lot of tutting and rolled eyes as spouses tired of tripping over each other at home … but on the other side of the coin, long commutes were reduced and time spent with children rocketed. Distributed working allows us to perpetuate this, albeit hopefully in a rather less fraught manner than in 2020-21. And in these times when the environment is a greater concern than ever before, the reduced levels of travel due to distributed working have a noticeable “green” influence – even if there are some schools of thought who question whether there is as much of a reduction in CO2 emissions as we would like.

But distributed working is a thing, and it’s a thing that the world has accepted – sometimes as a major overhaul to working practices and sometimes on a smaller scale. And whatever the case, the cloud’s contribution has been significant.