When organizations moved abruptly to remote work at the start of, they had to shift their network and security capabilities quickly. That meant some shortcuts were taken, and some priorities were left on the table.
Not surprisingly, that abrupt turnaround had some negative consequences for organizations. A new survey commissioned by Palo Alto Networks examines the impacts of those decisions and the steps organizations are taking now as they plan for more permanent hybrid work strategies.
According to the survey, as many as 61% of respondents said they struggled to provide the necessary remote security to support work-from-home capabilities.
Security certainly wasn't the only problem. Yet, by mid-2021, most organizations felt comfortable with their network and addressed earlier user complaints about collaboration tool performance and efficacy. Security continues to top the list of significant ongoing challenges for 51% of respondents. That said, one-fourth to one-third of respondents are still struggling to provide a positive, well-rounded user experience.
The newly-released survey, conducted for Palo Alto Networks by ONR, polled 3000 people, including technology executives and members of networking, security, and operations teams.
At the time of the survey, more than two-thirds of organizations indicated that between 25% to 75% of their workforce is still working remotely. Meanwhile, 44% expect to have over half of their employees working remotely in 12 months' time. As many as 62% of survey respondents are in the process of optimizing their hybrid workforce, with 94% considering some sort of hybrid workforce over the next 12 months.
Earlier in the pandemic, IT teams took different approaches to the remote-work pivot: Most (44%) respondents said their organizations made investments to improve remote network access but invested relatively little in remote security.
Another 35% said their organizations invested robustly in both network access capabilities and security. Another 21% said their organizations made very few changes in both their existing network architecture or security.
Among those with minimal upgrades to their network, 48% now believe that their network cannot support current remote work demands or that their remote network is not sustainable. By contrast, this sentiment is expressed by only 21% of those who evolved their network and 14% of those who evolved both their network and their remote security.
Meanwhile, 53% of organizations that prioritized remote access over security are now exposed to a significant increase in security risks from unchecked acceptable use policy violations and unsanctioned application usage. Those who made minimal changes to their remote access saw a 23% increase in security issues.
Use policy violations should have been predictable.
"As has been the case in the past, when security measures become a burden – slowing down systems or otherwise impeding productivity and impairing the user experience -- employees will often find creative ways to evade them," the report says. "Remote work and the rise of cloud-based applications has made that easier than ever before. The expansion of remote work has opened the door to both an increased burden of security and an increased opportunity to evade controls."
The report suggests that supplying employees with effective collaboration and productivity tools would give workers less incentive to find security workarounds. Organizations that lack effective remote collaboration tools said that their users are over 8x more likely to report high levels of security evasion.
Additionally, the survey shows that 60% of organizations expanded BYOD to enable their employees to work from home. However, as a result, organizations that allow increased BYOD usage have employees who are over 8x more likely to ignore, circumvent, or disable security than those who restricted BYOD.
Now, as organizations look more at the long-term picture, 74% say a single end-to-end remote security solution would improve their posture. Additionally, 71% of organizations expect to have their security mostly or completely in the cloud over the next 24 months.