The Unisys family, made up of almost twenty thousand associates around the world, are doing our best to support our clients and communities that we work and live with. We’ve shifted 93% our workforce to the safety of their homes, while keeping our clouds, servers, call centers, R&D, sales and back office operations running securely and at full capacity. We are very privileged that based on our decades of experience building and operating highly resilient critical infrastructure around the world, we’ve developed and adopted architectures and tools that put us in the position not only to help ourselves, but our entire ecosystem of clients and communities. Our focus is to bring all of our wits, wisdom, experience and capabilities to bear in helping the whole of society not only come through these tough times, but to emerge stronger.
COVID REALITY ONE: VPNs Aren’t a Panacea
Your ‘workplace’ now includes insecure WIFI, old virus-ridden home computers, kids’ toys, smart TVs, unpatched phones, and just about every connected game ever invented. This cluster of components was problematic at home, but could be catastrophic when you bring it all into your office by working from home (WFH).
Virtual Private Networks (VPNs) are just designed to carry your data securely from point to point. They are good at stopping someone from snooping on the transmission in the middle by encrypting the data in motion. In the case of this sudden shift to all employees working from home, what VPNs are actually doing is bringing all of the ‘insecure’ stuff directly into (previously) secure work environments. And while it’s true that no one can snoop on the transmission in transit, you’ve just opened a gaping door for everything else. This is not secure, not what VPNs were ever designed for, and that’s even if they could keep up with the new demand of everyone connecting to everything all the time.
Most enterprise VPN infrastructures were built to enable 20% of a workforce to use certain devices to reach certain applications remotely, and are now straining to handle 80% of your workforce to use every device and application you have twenty-four seven. And it can’t keep up. VPNs were sized for non-COVID traffic patterns and routine bandwidth levels for periodic usage by remote access. Even if you could afford the cost, time, and labor to keep adding more and more VPN concentrators into your network, you’d still be letting the afore-mentioned insecurities list right inside your company.
VPNs have their place, but they’re not the answer to today’s COVID-induced WFH security crisis. So what is?
COVID REALITY TWO: You Have to Keep Working, Since your Adversaries are.
Businesses need to keep working. It’s necessary to stay viable, for their employees to keep jobs, and for our economy to be strong. So figuring out a safe way to enable work from home is a critical success factor for society. But adversaries are taking advantage of our focus on the medical aspects of COVID, to attack us from a cyber perspective in this newly WFH-vulnerable place.
The new National Counterintelligence Strategy 2020-2022 tells us that there is a “complex and growing threat to strategically important U.S. economic sectors and critical infrastructure.” Adversaries are employing novel combinations of spying, economic espionage, supply chain disruption, and cyber operations focused on gaining access to our critical infrastructure for their nefarious purposes. In the past few weeks we’ve seen targeted attacks on the World Health Organization (WHO)’s email servers, ransomware attacks on hospitals treating Covid patients, and medical organizations conducting critical vaccine research. Our experience tells us that adversaries will use a global tragedy to attack, and that they can attack our most critical infrastructures through the click of a single working from home employee.
This is the time to trust Zero Trust. What may seem an oxymoron is in fact a life-raft for companies today. The NIST Zero Trust Architecture report (SP 800-207) defines Zero Trust “…as an evolving set of network security paradigms that narrows defenses from wide network perimeters to individuals or small groups of resources. Its focus on protecting resources rather than network segments is a response to enterprise trends that include remote users and cloud-based assets that are not located within an enterprise-owned network boundary.” While it was not designed or written for this COVID crisis, you can see how it addresses industry’s WFH needs directly.
COVID REALITY THREE: You Can Use this Time to Emerge Stronger, in the New Normal.
When this health crisis is mercifully behind us all, and it will be, the normal we return to will most likely be a new normal. Companies will have learned that they can indeed operate efficiently in a remote world, that some meetings can take place online instead of in person, and that cloud-based services provide the operational resilience needed to support your new continuity of operations (COOP) plans that will be hastily updated. This new normal brings with it an enterprise architecture that demands a new approach to security.
Zero Trust methodologies provide the best path forward today, as they will quickly facilitate WFH but in an secure always on fashion. They focus on identity more than location, which lowers infrastructure costs, improves business agility, and increases security. Zero Trust will foster a shift to software defined networking (SDN) that is enabled with today’s technologies such as cloud and microsegmentation, while setting up inclusion of the fast-emerging technologies of 5G communications and artificial intelligence. These will be the infrastructures of the leaders in this new normal.
COVID REALITY FOUR: Unisys can help today, and secure your tomorrow.
Addressing Secure Work From Home can be accomplished almost immediately. When COVID hit, Unisys was able to shift from 15% remote workforce to over 90% in 48 hours, by using our Zero Trust approach. We dialed up our Always On Access methodology, defined more communities of interest in our Stealth® microsegmentation product, balanced our digital workplaces across multiple clouds, and leveraged biometrics and behavioral biometrics within Stealth(identity)®.
If there is a need to respond to COVID-related workplace changes, we are ready to bring everything we’ve learned, as well as our tools and technologies, to help. We’ve developed a highly automated and completely remote method for network analysis that identifies the surface to be protected, maps out required transaction flows, architects a new zero trust model and policy that increases security and resilience immediately, and then automatically enables new network controls throughout your network from your servers all the way down to your computer at home.
While we don’t know how long this pandemic will continue, we strongly encourage everyone to use this time to both address the security of today’s work from home aggressively, while setting up the new processes and operations that will allow you to emerge stronger in the new normal. Unisys is here to help. Don’t simply survive this crisis, emerge stronger.