Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/16/2020
04:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Most Organizations Plan to Make COVID-19 Changes Permanent

After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

A clear majority – 83% - of C-level executives say the many operational shifts made during the pandemic will remain in place even after the COVID-19 pandemic ends.

Michael O’Malley, global vice president of marketing and strategy at Radware, says during the pandemic companies had to focus on making the network resilient, adjust to the remote contactless economy (home food shopping, restaurant deliveries), and future-proof their organizations for any disruptions in the years ahead.

"All of these activities will continue after the pandemic," O'Malley says. "The survey showed that the pandemic was a big shock to the system and it accelerated many trends. Companies will also be focusing on IT capacity such as product development and spending on IT security."

Related Content:

COVID-19-Related Attacks Exploded in First Half of 2020

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: 5 Security Lessons Humans Can Learn From Their Dogs

The research, conducted by Enterprise Management Associates on behalf of Radware, points heavily to companies across vertical sectors focusing on resiliency – the ability to keep the business going, the network up, human errors down, and grow the business during the pandemic.

More than any other sector, 83% of the retail/ecommerce respondents were making their IT infrastructures more resilient via hybrid or multi-cloud adoption and 80% via automation. For telco/service providers, 74% were focused on resiliency, with 76% by automation; and 69% of financial services companies keyed-in on resiliency, with 79% via automation.

"The focus on automation shows that as a part of resiliency, companies were trying to reduce human errors," O’Malley says.

The survey also found that roughly half of the respondents say changes made regarding headcount, processes/applications, real estate assets, and budgets are now permanent. Some 95% of respondents say their physical locations were affected by the lockdown to some degree, and by 2022 more than 50% of employees will continue working remotely.

IDC reports similar numbers on the work-from-home front. According to the research firm, 6% of staffs worked from home pre-COVID, 53% worked from home during the height of the pandemic, and roughly 30% will work from home by 2021.

"Companies made a tremendous push to roll out VPNs and remote desktops once the pandemic first hit," says Frank Dickson, a program vice president who covers security at IDC. "I think now we've gotten to a point where most companies can focus on security. They realize that for people who only use Office 365, they may not need to give them full VPN access; they can have them authenticate through a passwordless option."

Creating Security Gaps

The Radware survey also shows some significant security gaps that resulted from the rapid move to work-from-home.

"Companies were never set up for this level of work-from-home activity," says Raghu Thummisi, cybersecurity market strategist at Radware. "Many were racing against time to build in security controls. We found that there were clear winners and losers. The move to the cloud was a much easier lift for the companies that had already made the migration. The companies that were mostly brick-and-mortar had a much harder time."

O'Malley says the data shows that companies were really stressed. Some 50% of companies were not confident in the organization's ability to protect against unknown threats, and 30% reported an increase in attacks at the start of the pandemic. In addition, 35% of the attacks experienced by the respondents required an incident response process, and 69% spent more than half of their time on network security-related discussions of issues.

The pandemic also accelerated migration to the cloud, Thummisi says, which exposed companies to some unforeseen security issues. Some 76% of survey respondents say the pandemic accelerated their cloud migration and while nearly one-third say attacks have increased, another 32% also say they are relying on third-party providers (both public cloud providers and MSSPs) to secure their digital assets.

"We found that companies don't always have a full understanding of the shared responsibility model with public cloud providers," he says.

When they roll out a development environment, for example, they don't always realize that they are responsible for taking down that test environment. "While the cloud makes it easier to spin up test environments, companies still have to validate and take down the environment," he says. "Companies need to be careful not to leave these environments open to attack."

IDC's Dickson, meanwhile, says he thinks companies understand the shared responsibility model, but that developers in many enterprises are not incentivized to build in security.

"App developers are focused on getting the application up, functional, then operational, there's usually not a security metric built in there," Dickson says. "Security has to be a priority and companies need to set up the systems, processes and incentives to make that happen."

 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.