By Leon Gettler, Talking Business >>
THE BIG CHANGE in the last two years to remote working – and working from home brought on by the pandemic – has created a big challenge for cloud-based systems
Empired practice manager for the modern workplace, Jaen Snyman said the changes with the pandemic left many organisations unprepared to have most of their staff working from home.
“That’s where the cloud and public cloud make a big difference,” Mr Snyman told Talking Business.
“If you do have that set-up, then it doesn’t matter where you are accessing from, you can still get to your applications, you can still get to your business, you can still do your work as per normal.”
This, however, had changed the security landscape for businesses.
“Previously, your devices would have been on your network at some stage, so you could patch it and manage your devices and make sure your laptops are patched to the latest security updates,” Mr Snyman said.
“Now it’s created quite a bit of a challenge where people rely on you to be on the network to do it but you’re not, you’re working from home.”
COMPANY IS STILL LIABLE FOR SECURITY
Securing the network would create major challenges for companies with remote workforces as the onus would be on the companies whose workers are now connecting to their environment from an unsecured location and unsecured network.
“I don’t know if your home network is secure, I don’t know if your neighbour is listening in to your wireless and tapped into it and what other devices might be on your network and if those devices are actually secure or if any of them has been breached,” Mr Snyman said.
He said hackers were now using the principle of “lateral movement”.
“That means if I hack one of your devices in your home and compromise that one, then I can move to another device on the same network laterally.
“I don’t need to hit your primary objective first. I can hit a soft target first, spoof your passwords that you use and try those passwords to other devices that might be on the same network.”
He said they could do this on any system, including business systems on home offices.
“If that is the CFO working from home, and I manage to hack into his kids’ computer, because the kid might not have a strong password, and dad uses that computer every now and again, and happens to use the same password he uses at work, then I know the CFO’s password and I can try it on his corporate identities.”
SUBSCRIPTIONS DRIVE THE CLOUD NOW
Mr Snyman said subscriptions were now driving the adoption of cloud technology, which is often used for CRM (customer relationship management) and ERP (enterprise resource platform) systems.
Because it’s already built in the cloud, businesses can also configure it to add value to their applications, to arrange it the way they need it.
The back-ups are done and the disaster recovery is in place, he said.
“All of that plumbing and maintenance is done by the provider and you as a customer can solely focus on the business value side of it,” Mr Snyman said.
While cloud is secure, the onus still comes back on the company to provide their own level of security to ensure there are no breaches.
“The application itself is secure but you yourself can make mistakes and give people access,” Mr Snyman said.
“If you don’t implement proper procedures and policies, for instance for password controls, to allow your users to use very simple passwords, or no passwords at all, then you have a fairly high risk of being compromised,” he said.
Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at www.acast.com/talkingbusiness.