Remote workers routinely bypassed security tools during pandemic

More than a quarter of security leaders in the UK say remote-working employees either circumvented or purposely turned off security tools and services, and a third admit compromising their organisation’s security to some degree in order to facilitate the practice, according to newly published data from Palo Alto Networks.

The firm’s latest report, The state of hybrid workforce security 2021, includes input from 3,000 information security, network operations and application development professionals around the world in an attempt to understand how the shift to remote work impacted network security infrastructure, and how the past 18-20 months have affected network security strategies as regards protecting home workers.

Of the UK-based respondents, 35% tended to agree that remote security measures had introduced “significant productivity challenges” for remote employees, and 16% strongly agreed with this statement. As a result, 31% said employees were ignoring security measures, and 28% said they were disabling or circumventing them in some way.

UK IT leaders also tended to agree that remote security measures introduced significant management costs and/or overheads – 56% in total, and 49% said remote security measures were introducing more complexity. A total of 22% also said their network could no longer support remote working demand.

Palo Alto said it was important to recognise that most organisations were fully aware of the nature of the cyber risk they were taking on during the transition to remote working, and many found themselves in a tricky situation where it was difficult or impossible to procure the needed technology. Unfortunately, the report said, those that found themselves in this position have subsequently borne negative consequences, from policy violations such as unsanctioned app usage or acceptable use violations, through to full-blown cyber attacks.

“As network and security professionals, we know we are always in a high stakes game of whack-a-mole,” wrote Jason Georgi, Palo Alto’s field CTO for its Prisma Access and SASE products, in the report’s preamble. “Just when we knock one issue down (like completely rearchitecting networks for remote access rather than onsite connectivity), new challenges arise. Based on what we heard in this survey, maintaining comprehensive network security is now your key challenge.

“If we look at this challenge more closely, 51% of survey respondents stated they have difficulty maintaining comprehensive network security. Perhaps what is even more concerning is that 61% of respondents noted they struggle to provide the necessary remote security to support work-from-home capabilities.

“At the beginning of the pandemic, most organisations’ immediate concern was how to stay running and keep people working, even if they couldn’t return physically to the workplace. Based on what we learned in the survey, this immediate shift to remote work turned network access and network security into equally high, yet competing, priorities for network and security professionals. Ultimately, network access emerged the winner.”

Looking to the future of work, Palo Alto’s report tracked closely with myriad other vendor-published surveys from the past 12 months, with respondents tending to favour hybrid workforce solutions, requiring more investment in cloud security, and better network access technology.

“By moving conventional remote access infrastructures to cloud-delivered solutions, organisations can accommodate the current and emerging needs of their hybrid workforces while gaining significant advantages over legacy architectures,” said the report’s authors.

These advantages could include: better network, app and traffic visibility; better control over what users and apps access and share; a security stack that spans networks, apps, services and users to track and remediate more threats; and simplified deployment to enable remote workers to connect their home offices to the network on their own.