How Should the Modern Workplace Address Cloud Email Security?

This article is the first of a five-part series from Ed Amoroso at TAG Cyber exploring the risks to cloud email environments.

Enterprise security teams must understand the mechanics of the modern workplace to design proper cyber defensive schemes. Without such insight, the security functions and protection controls in use could be targeting the wrong types of threats. In fact, without a clear understanding of how employees actually work, security teams might just build security programs consistent with generic compliance frameworks.

In this article, we introduce and analyze three major trends in the modern workplace that directly impact how cybersecurity must be implemented. These trends are unmistakable and have been accelerated by recent events such as the COVID-19 pandemic, as well as major advances in cloud infrastructure, SaaS tools, and collaboration systems such as Microsoft Teams and Zoom.

With so many professionals now working remotely, three major trends are changing how work is performed in the typical enterprise. These trends, listed below, seem to transcend all industrial and government sectors and have been found to apply equally across organizations of varying sizes, scopes, and locations.

• Trend 1 - Work from Anywhere: Work locations have shifted from physical corporate premises to virtually anywhere.

• Trend 2 - Cloud Application Usage: Cloud-connected applications have grown significantly for employees, partners, and customers.

• Trend 3 - Virtual Work Coordination: The coordination of work in a typical organization has shifted from face-to-face meetings to virtual collaboration.

These workplace trends have led companies such as Zoom to emerge as major players in the enterprise market. It is not uncommon, for instance, for employees to spend their entire workday in online meetings or communicating via SaaS-hosted applications like Outlook and Slack. This contrasts with prior work generations who were more likely to be seated together working in physical conference rooms.

As one would expect, the impact of these workplace trends on cybersecurity is significant. Specifically, with targeted resources now virtual and largely dependent on email, adversaries have adjusted their focus accordingly.

Modern cyber threats have evolved alongside the evolution of how people work. In the sections below, we provide additional insight and commentary on the security impact that results from each of these trends.

The shift toward employee work from anywhere was not only a result of the recent pandemic, as it was emerging long before people were staying home to avoid illness. Today’s workers typically seek to balance their work, family, and life interests and obligations, so the flexibility of working anywhere represents a major benefit—one that can help companies attract and retain the best talent.

Two technologies have become more significant in the context of this shift: virtual conferencing and email. This should not come as a surprise to any observer, and the security implications here are immense. Email, in particular, has become the primary means by which remote workers collaborate virtually, and this helps to explain why the cyber threat to email systems and messages has exploded in intensity in recent years.

Advice for enterprise teams in this area should be clear: steps to augment existing email security controls should be a priority. In fact, if one were to conceptualize the singular place where investments—even modest ones—in security will pay the greatest current dividend, it is hard to argue that email protections would not be the top choice. Security teams are thus wise to ensure they are working now with the best email security vendor partners in the world.

The shift to cloud and software as a service (SaaS) usage has caused the focus of the IT infrastructure to shift from a premise-based ecosystem to one that is both distributed and virtual. This certainly increases the flexibility of services and allows workers to share information more readily, and provides ubiquitous access to data, applications, and shared services.

The shift has also transformed how third-party suppliers are handled, including how they are contracted, maintained, and coordinated. By using new capabilities like cloud-based portals for data sharing, teams can reduce the burden of awkward virtual private networks (VPNs) and similar utilities. But such cloud and SaaS usage also increase the cyber risk of mishandled data and misconfigured systems.

Once again, the need emerges for security teams to engage in partnerships with the best cloud and SaaS security solution providers—generally in areas related to ongoing posture assessment and dynamic threat mitigation. But just as with work from anywhere, we must acknowledge the vital role that email plays in cloud and SaaS coordination. This underscores the urgency of working closely with an excellent email security vendor partner.

Finally, it should be clear that when work is distributed everywhere and when resources are migrated to the cloud, that work coordination will become virtual. This has great benefits on the quality of work-life situations, such as travel and relocation. Many jobs that previously demanded in-person support can now be performed through work-from-anywhere arrangements—so long as the virtual work coordination can be managed.

The security implications are comparable to what is outlined above. And yes – email security emerges once again as a primary threat mitigation driver. The reality is that virtual work coordination, especially across organizations, relies heavily on email. This implies that to properly manage the risks associated with modern virtual work coordination, email would appear to be a major factor in determining the level of security in place.

So, what does this mean for your organization? Stay tuned for our next article, where we’ll provide insight into the current risks to cloud email.

Read part two of this series here.

Learn how Abnormal can protect every member of your organization from the full spectrum of email attacks. Request a demo today.