Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/16/2020
04:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Most Organizations Plan to Make COVID-19 Changes Permanent

After the pandemic, companies will continue to invest in improving IT infrastructure and security as well as automate tasks to reduce errors and improve network resiliency.

A clear majority – 83% - of C-level executives say the many operational shifts made during the pandemic will remain in place even after the COVID-19 pandemic ends.

Michael O’Malley, global vice president of marketing and strategy at Radware, says during the pandemic companies had to focus on making the network resilient, adjust to the remote contactless economy (home food shopping, restaurant deliveries), and future-proof their organizations for any disruptions in the years ahead.

"All of these activities will continue after the pandemic," O'Malley says. "The survey showed that the pandemic was a big shock to the system and it accelerated many trends. Companies will also be focusing on IT capacity such as product development and spending on IT security."

Related Content:

COVID-19-Related Attacks Exploded in First Half of 2020

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: 5 Security Lessons Humans Can Learn From Their Dogs

The research, conducted by Enterprise Management Associates on behalf of Radware, points heavily to companies across vertical sectors focusing on resiliency – the ability to keep the business going, the network up, human errors down, and grow the business during the pandemic.

More than any other sector, 83% of the retail/ecommerce respondents were making their IT infrastructures more resilient via hybrid or multi-cloud adoption and 80% via automation. For telco/service providers, 74% were focused on resiliency, with 76% by automation; and 69% of financial services companies keyed-in on resiliency, with 79% via automation.

"The focus on automation shows that as a part of resiliency, companies were trying to reduce human errors," O’Malley says.

The survey also found that roughly half of the respondents say changes made regarding headcount, processes/applications, real estate assets, and budgets are now permanent. Some 95% of respondents say their physical locations were affected by the lockdown to some degree, and by 2022 more than 50% of employees will continue working remotely.

IDC reports similar numbers on the work-from-home front. According to the research firm, 6% of staffs worked from home pre-COVID, 53% worked from home during the height of the pandemic, and roughly 30% will work from home by 2021.

"Companies made a tremendous push to roll out VPNs and remote desktops once the pandemic first hit," says Frank Dickson, a program vice president who covers security at IDC. "I think now we've gotten to a point where most companies can focus on security. They realize that for people who only use Office 365, they may not need to give them full VPN access; they can have them authenticate through a passwordless option."

Creating Security Gaps

The Radware survey also shows some significant security gaps that resulted from the rapid move to work-from-home.

"Companies were never set up for this level of work-from-home activity," says Raghu Thummisi, cybersecurity market strategist at Radware. "Many were racing against time to build in security controls. We found that there were clear winners and losers. The move to the cloud was a much easier lift for the companies that had already made the migration. The companies that were mostly brick-and-mortar had a much harder time."

O'Malley says the data shows that companies were really stressed. Some 50% of companies were not confident in the organization's ability to protect against unknown threats, and 30% reported an increase in attacks at the start of the pandemic. In addition, 35% of the attacks experienced by the respondents required an incident response process, and 69% spent more than half of their time on network security-related discussions of issues.

The pandemic also accelerated migration to the cloud, Thummisi says, which exposed companies to some unforeseen security issues. Some 76% of survey respondents say the pandemic accelerated their cloud migration and while nearly one-third say attacks have increased, another 32% also say they are relying on third-party providers (both public cloud providers and MSSPs) to secure their digital assets.

"We found that companies don't always have a full understanding of the shared responsibility model with public cloud providers," he says.

When they roll out a development environment, for example, they don't always realize that they are responsible for taking down that test environment. "While the cloud makes it easier to spin up test environments, companies still have to validate and take down the environment," he says. "Companies need to be careful not to leave these environments open to attack."

IDC's Dickson, meanwhile, says he thinks companies understand the shared responsibility model, but that developers in many enterprises are not incentivized to build in security.

"App developers are focused on getting the application up, functional, then operational, there's usually not a security metric built in there," Dickson says. "Security has to be a priority and companies need to set up the systems, processes and incentives to make that happen."

 

 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...