Written By: Justin Dolly, CSO, Sauce Labs
With the global COVID-19 pandemic still raging in many countries around the world, many workplaces are still remote and will stay that way for the foreseeable future. Given this, how do we support high levels of security in a remote workforce, all while maintaining required levels of productivity? It’s a challenge for IT teams, to be sure—but not an insurmountable one. In this article, Sauce Labs CSO Justin Dolly offers six tips for teams wrestling with this conundrum.
Security has to be present wherever remote workers are, and it must enable employee productivity, not prohibit it. If we aren’t flexible enough with how we’re asking employees to get things done, they may take matters into their own hands and go elsewhere, thereby opening up your organization to vulnerabilities. It’s important to communicate to your users the security technologies and processes that you’ve put in place and to ensure they are robust and flexible enough to support a workforce that’s remote.
Laptops and mobile devices can present a huge risk. Encrypting drives can protect organizations from accidental data loss. If an employee accidentally leaves a device at a coffee shop, for example, the organization can feel secure that the sensitive data and the business at large will not be compromised thanks to the encryption capability in place.
Enforce multiple layers of authentication for access to any system of information that is deemed sensitive. Modern, adaptive methods should be employed since two-factor authentication has been compromised in certain scenarios.
Your security program needs to provide a 360-degree view of what employees are using to access company assets. BYOD is an ongoing concern especially in a remote environment, so you must put security measures in place to know which endpoints have access to what resources. Also, Intelligent software installed at the endpoint will protect devices from modern malware and provide the necessary visibility at the endpoint.
Defensive measures include tools that make it difficult for your environment to be attacked. Offense means you need to constantly be testing yourselves to make sure the defensive elements you put in place are working as they should. This may be more difficult in a remote environment, but it’s no less important.
Communication is always important, but especially during a time of remote work. When everyone is dispersed to their homes, it’s critical to be in close touch when you can’t get into a room with everyone to hash out plans. This goes double for dealing with a security incident and roles and responsibilities must be clearly defined and communicated, along with the critical network and data recovery processes that are needed for the team’s incident response. Even outside technical teams, communication about security issues is paramount: You need to respond to all stakeholders, whether inside or outside the company, in a timely and appropriate way.
The remote workforce has shined a light on the importance of security. At Sauce Labs, we talk a lot about digital confidence, meaning that we enable organizations to feel confident that their web and mobile apps are performing exactly as intended. As security professionals, we owe that same confidence to the customers using our Continuous Testing Cloud. Even and especially during a pandemic, we have the opportunity to address security and make sure remote work and other concerns don’t impact your business in a negative way. Following these guidelines will get you started on the way to successfully managing security for your organization—even while remote.
Perimeter 81 and Sauce Labs recently hosted a joint webinar about how organizations’ networks and connections must be secured in order to add another layer of protection against hackers trying to breach the testing environment. Watch the replay here.
Justin Dolly is Chief Security Officer at Sauce Labs, where he oversees the development and implementation of the company’s long-term security strategy, ensuring its customers have the highest level of protection to support their digital goals. He is a Certified Chief Information Security Officer (CCISO) with more than 20 years of experience in building and implementing a culture of security within global organizations.