Why the increase of hybrid workplaces and unprotected endpoints threatens security

data, privacy breaches, cyber incidents

The distinction between work life and home life has become even more blurred since the pandemic began. While there’s no doubting the flexibility that hybrid work offers, it has also given malicious attackers more opportunities to compromise your IT security.

When everyone worked from an office or centralised location, IT teams could control the traffic that comes in and out of their IT environments, not needing to worry about whether staff’s personal devices were protected at home. This is no longer the case as more employees use their own devices remotely that can’t be seen by IT teams, giving attackers more potential entry points to gain access to critical data.

Businesses have traditionally used on-premises legacy software to run their business, which is installed locally on their own computers, servers or any other device. Once installed, the software vendor doesn’t have any visibility or insight into how their customer has installed it, whether there are custom configurations and how secure the data it contains really is. The vendor can issue updates for this software, but if the IT team misses an update or their network security fails, the IT team will be at fault.

By hosting data in the cloud rather than unprotected endpoints, IT teams can prevent these breaches and minimise the impact should one occur.

Modern businesses use cloud-native software instead, like an ERP system hosted on the vendor’s own servers or those owned and maintained by a large public cloud provider (Amazon Web Services, Microsoft Azure, Google Cloud etc.) These vendors, especially ERP vendors, stake their reputation on protecting their infrastructure with the best-in-class security software and practices, along with investing billions of dollars in technology and cyber security to prevent breaches. Businesses that lean on the inherent protection that cloud-native software provides will have a far greater chance of mitigating security threats than trying to protect decentralised devices with their own security settings and configurations.

Legacy systems, in general, require a multitude of bespoke configurations to work in today’s modern IT environment. If a software vendor releases a patch to change any of these configurations, there’s a possibility that it could break their workflow or the IT team could miss the update completely. On the other hand, cloud-native software has security built in and is constantly updated to protect against threats, meaning the IT doesn’t have to worry about protecting vendors’ software and their own data.

Anyone who’s worked in IT before will know how expensive it can be to get rid of legacy systems. Many institutions like universities or healthcare providers contain critical information like customer databases and records needed to run everyday operations. However, hosting critical customer data also makes them the most lucrative targets for security breaches. Without the latest security updates and features that cloud-native software offers, they’re also the most vulnerable.

From a pure cost perspective, it’s often much more expensive to maintain legacy software beyond its intended lifespan than it is to maintain cloud services, as businesses don’t have to pay for their own infrastructure. Research also found that the shift to hybrid work makes breaches even more expensive. And in Australian businesses, more than half of employees working remotely took 325 days to identify and address data breaches, compared to the 311-day average.

The modern business world is embracing the cloud not just to secure their own data but also their customers’ data. With the risks of security breaches being at an all-time high, businesses and their IT teams need every advantage to fend off malicious attackers. By leaning on the inherent security offered by cloud-native software, businesses truly feel safe running their business in a hybrid environment.