Over the last 18 months, the COVID-19 pandemic has ravaged the globe and has demanded how organization’s think, act, and work. Gone are the days of commuting into an office and being chained to a desk for eight hours a day, making small talk with your colleague over the half wall of your shared cubical. Now, it’s a 30-second shuffle into your home office, sipping on a cup of hot coffee from a real coffee mug, instead of your travel mug that’s gathering dust in the cupboard. With the ‘new normal’ comes a shift of how we must work, and also how we must think about information security as well.
Arvind Seshadri, Senior Director of Security at Cognizant, shares the latest on how our ‘new normal’ post-pandemic life translates into work from home and the security industry in the recent “Reimagining Cyber” episode, “The New Normal in a Post-Pandemic World.” Seshadri’s 20+ years of experience of work with global organizations to drive security strategy, and particularly, his current role at Cognizant where he leads the service strategy offerings and partnerships give him a unique perspective on the subject.
A recent “Future of Work” in Forbes discusses a FlexJobs survey of more than 2100 employees, that discovered that most employees want to continue working remote post-pandemic. Of those surveyed, 65% want to continue working from home and 58% would start looking for a new job if they weren’t allowed to continue working remotely. With that, comes added pressure on the IT and Security organizations, having to manage not only BYOD, but CYOD (Choose Your Own Device), COPE (Company Owned/Personally Enabled) and COBO (company Owned/Business Only). Organizations are shifting their strategies to meet these everchanging needs.
Digital Adoption Increasing
With our ‘new normal’ and more people continuing to work remotely, this has caused organizations to rapidly adopt new platforms and solutions. Seshadri sees two main shifts: Platform as a Service (PaaS) adoption and the shift to end user experience, as more and more people bring their own device to work.
“… Cloud Service Providers with AWS, or Azure, or Google, are all moving towards the PaaS storyline. And the customers are also adopting to that. Second significant adoption change that we have seen is the end user experience. You know, with the 'new normal' happening and work from home being a reality, or at least most of the organizations are going to have 50% of work from home. It's a hybrid workforce strategy that they're going to have. The user experience and connectivity becomes a significant portion of the IT investment for the company,” he says.
But who’s responsible for Cloud security?
With the shift to PaaS and moving to the Cloud, has caused some industry confusion around who is responsible for the security. Is it the Cloud Service Provider (CSP) or the company investing in the CSP? Both, says Seshadri.
“Now in the PaaS, it's a joint ownership. It just can't be one person or the other. Because the platform also has middleware today. But ultimately, what goes on that middleware, and the data which is going on to the application belongs to the customer.”
He goes on to say, “Similarly, the consumers are now understanding that my responsibility is still going to be higher, because at the end of the day, they lose their data, they lose their application, they are going to be out of business, not the cloud service provider.”
Organizations like Cognizant, the System Integrators (SI), are the glue between the two, because they understand the security capabilities of the native cloud platforms and what the customer needs to keep in mind and consider.
Post-Pandemic Shift in DevSecOps
Digital adoption and shifting to the Cloud and increasing security measures aren’t the only things that are changing post-pandemic. In the ‘new world’, DevSecOps is changing as well.
“I think the tools and technology available in the market have also…evolved in terms of, you know, providing that to the to the developer. What we look at it from an overall framework, you know…used to look at threat modeling builds the security at the design stage of the development itself. Now, that defines what my entire chain will look like,” Seshadri said.
The value in this is that it is all running under the infrastructure, Seshadri says. By blending both application and infrastructure security into a SOC platform, allows for operational efficiency and a strong security risk infrastructure.
The post-pandemic world is ever changing, and organizations need to be ready to meet those needs. What trends are you seeing in the ‘new world’? Share in the comments below!
CyberRes is a Micro Focus line of business focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberRes.com.