%201.jpg)
By Francisco Camargo *
The crisis resulting from the new coronavirus exposed many ailments, hitherto invisible, of organizations: vulnerabilities in terms of information security; the lack of control and management methods and tools; infrastructures poorly prepared for the new reality; absence of support practices and motivation of the teams, now dispersed. Not to mention the fall in economic activity that flattened revenue and destroyed cash in many sectors.
Distance work, used by companies in a timid way before the Covid-19 pandemic, had to be adopted overnight in the face of the need for social isolation. It was in this context that many weaknesses of organizations, hitherto unknown, were exposed.
Remote and distributed access to corporate resources by company professionals, if on the one hand it is essential for the continuity of operations, on the other hand it opens up the security breaches and the imminent risk of invasion, threats such as viruses and malware and targeted attacks.
To give you an idea, according to a study by Awingu, equipment from more than 360 thousand European companies and their collaborators are totally unprotected when they use the RDP (Remote Desktop Protocol). This protocol is widely used to remotely connect a user to a corporate network, that is: when in a home office or telework.
Companies were used to keeping their information within their physical structures, which fell apart with remote work. Faced with a scenario of dilution of these borders, the main challenge for companies in the most diverse segments is to provide access and, at the same time, protect their resources in a network, now fully distributed and with amorphous borders. In this sense, the main characteristics that companies should look for in technological solutions are:
1. Focus on people
Ensuring the health and integrity of employees must be the most important concern for companies.
We are facing a new configuration that, by exposing the fragility of the human being, requires the transformation of organizations in the sense of having people as the main focus. Isolated and often depressed employees; the death by Covid-19 hanging around friends and family; these and other issues must be placed on the priority agenda of organizations in order to create a support and solidarity network that will last after this crisis. Loyalty is a two-way road: For the company to achieve it, it has to show it while preserving as far as possible the employment of its people.
2. Rapid deployment solutions
In view of the urgency imposed by the need to preserve the health of employees and partners with teleworking, the choice of solutions and services for rapid implementation is very welcome. It is worth mentioning that this agility does not mean opting for less effective tools. There are highly advanced and easy-to-install cybersecurity technologies that cover artificial intelligence-based prevention, detection, response and risk mitigation for heterogeneous geographically spread endpoints.
3. Security focus: who can access what?
Axiom Zero: all information is confidential.
Classifying them for confidentiality is the first step. Listing employees as to reliability is a logical consequence of classification. For this, it is necessary to answer: Who can access what?
Although the entry into force of the LGPD - General Data Protection Law - has been postponed, it is time to take the opportunity to focus mainly on data security as the complexity of security has increased a lot, with employees accessing the network from their own devices , geographically dispersed.
Systems that allow real-time assessment of whether a given employee can access certain information, establishing logical relationships between employees and the resources they want to reach, eliminates the possibility that the user, or worse an attacker, has access to all the organization's data when connecting.
4. Unified workspace
Another excellent alternative are solutions that simplify corporate mobility, creating a unified workspace that offers secure, monitored and audited access to legacy files and applications. And also solutions that allow the user to access them without having to run agents and VPN's on their devices. May they use a simple browser to do so, without further complications. Ideally, this technology should transform all of the organization's legacy Client / Server applications into SaaS.
5. Availability in the cloud
The choice of solutions that provide the agility and simplicity of the public cloud, combined with the security and control of a private cloud and based on hyperconverged infrastructure (IHC), allows companies to quickly integrate computing, storage, virtualization and networking into a single solution to run any application.
6. Threat-centric approach
The threat-centric validation approach can help organizations keep up with today's complex attack landscape, which is increasingly sophisticated by cybercriminals. Solutions that simulate attacks and allow the analysis of the company's vulnerabilities are models that, with automation resources, can enable, in real time, practices that are true Pentests (Penetration Test), which consists in the exploitation of system vulnerabilities through attacks for check your vulnerable spots.
* Francisco Camargo, is Chairman of the Board of ABES - Brazilian Association of Software Companies - and founder of CLM, Value Added Distributor, with operations in Latin America.
EN 
PT 
