This Guest blog was written by Martha Gomez Vazquez, a Senior Research Analyst for IDC's Infrastructure Services research practice focusing on Security Services and Hardware & Software Support and Deployment.
The widespread success of security breaches over the past few years has proven beyond a doubt that the security threat landscape continues to evolve on a daily basis, forcing organizations to constantly rethink their security posture. At the same time, many organizations are also on a digital transformation journey, one that relies on technologies such as cloud, big data and analytics, mobile, and social. These technologies are rapidly changing the ways we connect and work; they are also changing how organizations now view network perimeters and security. By 2020, IDC predicts that digital transformation will shift to an entirely new scale and 50% of global companies will generate half of their business from digitally transformed offerings, operations, and supplier distribution and customer networks.
What will security look like in the digital era? Gone are the days where an employee logs into a corporate network on site. Organizations are embracing change and transforming the enterprise with cloud and mobile. Enterprises are turning to an "outside -in" model in which employees, partners, and suppliers are accessing data from a home office, on the road, and through cloud services. Rarely is the employee even touching a corporate-owned resource. Meanwhile, remote access usage is growing. In a recent IDC survey, organizations indicated that their use of remote access (by employees and third parties) will increase between 11%-20% in the next 1- 2 years. This figure includes badged employees as well as third parties such as contractors, consultants, temporary workers, and partners.
IDC's survey also asked about the importance of remote access and security. While more than 80% of respondents see remote access as important for staff productivity, over 50% agree that all aspects of securing remote access are difficult. Respondents also noted that while providing remote access is important, the prospect of a security breach is a top concern. In 2016, we saw a number of data breaches in which hackers gained access to corporate data via a third-party vendor, and this trend continues to increase. One recent high profile attack: the PNI Digital Media hack that led to compromises of the online photo services at CVS, Costco, Sam's Club, and others. In 2014, we saw data breaches occur at Home Depot and the Boston Medical Center that also occurred via a third-party compromise. And don't forget the infamous Target data breach via the company's HVAC contractor in 2013. These breaches demonstrate that this a problem that isn't going away any time soon.
Although organizations are more aware than ever of the threat posed by data breaches, many continue to invest in traditional perimeter solutions such as VPN, ADC, remote desktop, or basic firewalls. In the current hybrid IT environment, these access tools may not be the right fit for some organizations. Enterprises should consider adopting solutions that eliminate broad access to the network and instead provide users with access only to the resources needed to complete their work.
Organizations should look at a remote access tool that eliminates complexity, simplifies access, and addresses the security challenges faced today. Finding the right remote access solution can be challenging in a hybrid IT world, but there are options available that could help organizations meet their needs. For example, enterprises can work with a provider that allows users to only access specific applications. Since VPNs provide broad access to corporate networks, they can be used to steal data once an authorized user is inside the perimeter. Giving limited access to users would help eliminate this issue. In addition, enterprises may want to look at a solution that forces the user to use Multi-Factor Authentication (MFA). Enterprises can use MFA to reduce unauthorized users from gaining access to applications. Enabling MFA can also assist in reducing complexity by authorizing a simple one- click process.
Today's enterprise could also benefit from using a cloud based and easy-to-install remote access service. With VPNs and ADCs, making installation, configuration, and policy changes takes time and is complex. Opting for a cloud service deployment will help an enterprise's IT department easily deploy, provision, change, and monitor as such a solution does not require any software or hardware. In the end, enterprises should consider a solution that is simple, secure, and meets the needs of their ever-changing IT environment.
Martha Gomez Vazquez is a Senior Research Analyst for IDC's Infrastructure Services research practice focusing on Security Services and Hardware & Software Support and Deployment. In this role, she is responsible for IDC's worldwide research and analysis on enterprise and service provider security consulting, integration, and managed services as well as hardware and software support and deployment needs. She provides insightful market analysis and research to vendors, service providers and end-user clients worldwide. Ms. Vazquez brings a breadth of knowledge and expert advice to assist vendors in developing marketing strategies, research, strategic alliances and partners in this ever- evolving complex market.