- The 'silver lining' of the pandemic is the way it is catalyzing changes in cybersecurity, according to Phil Quade, chief information security officer at Fortinet.
- More than ever before, with a shift toward telecommuting, we need a new vision on the future of work and resiliency and how they are linked.
- There are measures every organization should take now, and that includes developing a cybersecurity architecture that supports a distributed workforce.
It's often said that massive change can happen by revolution or evolution. Though digital transformation is more evolutionary and less sexy than its more revolutionary cousin, digital disruption, they both result in massive change.
But the coronavirus pandemic will reshape and redefine how we connect and do business. We're about to learn what happens when it occurs by both evolution and revolution simultaneously. More than ever before, we need a new vision on the future of work and resiliency and how these two things are linked.
Up until early 2020, the steady move toward telecommuting looked like an evolutionary change of curious social implications (albeit with high cybersecurity significance). But in less than a quarter, Covid-19 spurred more lifestyle disruption and economic chaos than any recent bull market or sophisticated cyberthreat actor. It's reshaped how we do business.
Telecommuting might not be perceived as the "electronic Pearl Harbor" (the 1990s cybersecurity euphemism coined for a high-impact cybersecurity event) that serves as a catalyst for revolutionary change in how we architect the security of networks, but if we have the courage and clarity this moment demands, the current telework requirements might be the catalyst for change that leads us to an advanced spot.
It is a silver lining during these difficult times.
The events of this year provided jolting, revolutionary changes, coupled with an acceleration of what some employers were already doing to secure remote offices and employees. But in the chaos and intensity of response necessary, we have some choices to make that can make us safer, more productive and more connected or, if we fail to seize the moment, set ourselves up for future jolting impacts to our cybersecurity posture.
Before the coronavirus pandemic, avant-garde organizations had shifted the security paradigm, inspiring new conventions for working outside the office, interacting with connections and cameras that are seemingly everywhere, and the integrated security necessary to do it safely and privately.
Over the past three years, the most forward-thinking organizations deployed security to bolster the network edge, an attackable flank that is quickly expanding due to the continued pervasiveness of mobility, IoT and 5G. For the organizations that already made this evolutionary pivot, the foundational structures were mostly in place to meet the challenge of the redefined nature of distributed work amid Covid-19 distancing precautions. For this they should be thankful and excited that their instincts and allocations were well placed.
I can imagine Yogi Berra quipping, "Hindsight is always clearer when looking backward."
But for those organizations that were more traditional, the coronavirus pandemic serves as a clear and compelling look into the future — proof that the very nature of work will not only one day be fundamentally redefined. But that day has come, rooted by the tragic and disruptive pandemic.
For these organizations, they can be thankful that all doubt has been removed and they have now received a vision to focus on. Covid-19 has instantly transformed cybersecurity agility and resiliency from a nicety to a necessity. (Actual Berra quote: "You can observe a lot, just by watching".)
The latter organizations aren't destined to finish in second place, but there are critical next steps that their prescience or newfound clarity must inspire. These are the measures companies must take to do it right.
Mainstream telecommuting and remote work. Align business processes such as finance and HR with secure, technical practices such as communication privacy and authentication. Both must also align with cultural processes that enable humans to communicate effectively — with agility and trust.
Fund it by leveraging capital cost avoidances and savings. By permanently shifting a percentage of the workforce from centralized offices to home offices, building rent/loans, heating bills and other general and administrative expenses are reduced permanently. Those costs can fund the necessary technology and cybersecurity costs that enable this new workforce architecture.
Adopt a cybersecurity architecture that's optimized to support the new business architecture. Data privacy, confidentiality and integrity must be protected across the company's 'distributed edge' through the core networks inside its headquarters and into the cloud with broad, integrated and automated cybersecurity.
Enjoy the ride and feel proud about the organization's role in leading us to the future. More telecommuting, done securely, reduces carbon-emitting commuting, enables businesses to tap more diverse workforces who might not live near the physical headquarters and strengthens employee loyalty by integrating business goals with personal quality-of-life goals.
These choices are an investment in the people, business processes and architectures of the future. In my experience, near miracles in business or mission results can happen with a foundation of those three things. But as the pandemic has revealed, the future for them is not tomorrow. It is now. That can be the silver lining that Yogi would see "in hindsight."
— Phil Quade, CISO at Fortinet and a member of the CNBC Technology Executive Council