When COVID-19 happened, many companies in the Philippines immediately tried to enable remote work. But then they realized that many employees use desktop computers in the office that they could not simply carry to their homes.
“There was a scramble to get employees equipped with laptops so they could work from home during GCQ/ECQ and maintain business continuity,” noted Louie Castaneda, Fortinet Philippines Country Manager. “The sudden surge in laptops presented a massive challenge for IT Support staff to configure all the hardware with the correct security policies and install telecommuting tools at the same time. Purchasing laptops also put a lot of financial strain on smaller and mid-sized enterprises, especially since these costs were not budgeted for.”
But this was only part of the problem.
“The second issue was the lack of time in implementing telecommuting technologies fully due to the rapid implementation of community quarantine guidelines. Many local enterprises had not planned for remote work capabilities before the COVID-19 pandemic, so they needed to overhaul their security strategy and deploy security tools that will allow for multifactor authentication, secure remote network access, endpoint security and possibly cloud security,” Castaneda said.
In fact, even if Fortinet and its partners worked quickly to service customer organizations in the tight timeframe, “since the lockdown happened so fast, our Fortinet engineers were forced to prioritize the most critical deployments. We had to delay the less critical deployments or face a huge security risk. The situation was better for organizations using Fortinet’s FortiGate firewall. For current FortiGate users, transitioning to telecommuting was relatively straightforward as they already have tools in place to support remote access to critical online and cloud-based resources – they simply needed to turn it on.”
For Castaneda, this crisis of confinement has clearly illustrated the importance of securing the endpoint.
“Companies with great defenses in the data center and on-site in the headquarters and major offices suddenly find hundreds or thousands of weak links in employees’ homes. This is no different from previous BYOD situations, except the scale has grown, sometimes exponentially. There are concerns with enterprise intellectual property (IP) and customer data moving onto storage repositories or being downloaded onto assets that are not protected or owned by the enterprise,” he said.
DIFFERENT BEAST
Tech world has been given a shock in the past – e.g. Y2K bug, and the 2011 Thai floods that disrupted supply chain all over Asia.
But for Castaneda, the COVID-19 pandemic is different from any other crises because everyone is similarly impacted, and potentially for the long term.
“Other previous crises like the tech-driven Y2K bug or natural disasters are somewhat localized in terms of geography or sector and do not have the same global scale as the current pandemic. In those instances, people can physically move to another location, either in another province or region and try to start anew, find jobs, and/or start new businesses in a place with better prospects.,” he said. “However, amid COVID-19, people are urged to stay at home, confronted with many bread-and-butter issues, especially those who work in roles that cannot be done remotely. Until a vaccine is available, this crisis has the potential to drag on, crippling businesses, drying up jobs, and devastating world economies.”
But in terms of tech-use, “COVID-19 has merely accelerated tech trends, such as BYOD, digital banking, online government services, e-commerce. These shifts are signs of digital convergence enabled by IoT, mobile devices, and high-speed mobile networks 4G/LTE and the upcoming 5G. These trends are referred to as ‘Digitalization,’ ‘Digital Transformation,’ and ‘Digital Modernization,’ which are buzzwords that have been used for years.”
INTEGRATING SOLUTIONS
In the Philippines, Fortinet has been involved in many local companies’ push for modern and secure IT infrastructure.
“Our approach is to integrate security solutions into a single integrated whole, even integrating non-Fortinet products into our open ecosystem. By doing so, every single aspect works together smoothly and can be easily managed by a central system. This ecosystem also allows security to be part of every point, which we call a ‘security fabric.’ Security intelligence from FortiGuard Labs runs though the Fortinet Security Fabric, informing AI-driven intelligence systems that can rapidly weed out attacks before security analysts even know they were at risk,” Castaneda said.
MOVING FORWARD
To successfully navigate the challenges posed by a pandemic like COVID-19, Castaneda offered some security-related tips for companies/businesses as they move forward.
“Firstly, compensate for social distancing by having regular, action-oriented e-meetings and by relentlessly reminding the teams – and that includes the executive team – of healthy cybersecurity practices. Do not give up on cybersecurity training in times of crisis. And this is not a time to be lax about security, we still should practice online cyber social distancing so that we do not become targets.
“Next, unify your security systems. This is a good moment to rationalize the design and the enforcement of a unified security policy. Remote worker status should not be an exception to any of the fundamental security rules that serve the company. Review and deploy application prioritization, and make sure the different classes of remote users correspond to the needs of the business. Consider access rights in the light of this new environment as well. Remote resources should not be the weak link in your security strategy.
“Finally, integrate innovation into your transition. If you have the opportunity, replace old solutions and technologies with new ones that can bring your digital innovation to the next level of security. We have seen a tremendous spike in criminal activity aimed directly at this new remote worker environment, searching for inadvertent security gaps, and looking to exploit novice teleworkers. I advise companies to take on these best practices,” he said.
SPECIAL GOODS
Fortinet’s remote work solutions is comprised of two things: the FortiGate next-generation firewall (NGFW), and the FortiClient agent for VPN support. These are supported by the Fortinet Security Fabric, which enables round-the-clock protection and easy management.
Most next-generation firewall (NGFW) solutions on the market include support for terminating and managing SSL and IPSec connections. However, many of those NGFW devices are often already fully burdened by existing functionality requirements and use cases. As a result, they are often simply unable to support a sudden and dramatic increase in the number of connections and volume of traffic that an emergency shift to a remote workforce may require.
FortiGate NGFW security platforms have been designed with custom security processors capable of scaling to dramatically higher capacity. For instance, the Fortinet’s latest SOC4 SDWAN ASIC, which is a first of its kind, delivers the industry’s fastest application identification and steering for more than 5,000 applications. This allows users to avoid delays in accessing their applications and accelerates overlay performance, providing low latency and the best possible user experience for business-critical applications.
As a result, most FortiGate customers can immediately switch from having a primarily on-site workforce to a comprehensive teleworker strategy without any additional hardware.
Businesses are also urged to prepare for the transition of 4G to 5G. The demands brought about by this transition will be pushed to their limits as network operation teams must ensure both security and business continuity. Most solutions lack the required scale to overcome IPv4 address scarcity, growing mobile bandwidth demands, and increasing numbers of encrypted tunnels connecting infrastructure, which in turn holds carriers back from being able to support a large set of customers.
To help businesses prepare for the transition, Fortinet recently introduced the FortiGate 4400F, a hyperscale firewall, setting new milestones for Security Compute Ratings to deliver performance, scalability, and security in a single appliance to meet escalating business needs.
FortiGate 4400F is powered by Fortinet’s latest seventh generation network processor (NP7) to offer hardware-acceleration, making it the only network firewall that is fast enough to secure hyperscale data centers and 5G networks.
Another common component required for such a transition is ensuring that the remote workforce has a VPN agent installed on their mobile devices. While your FortiGate already supports a web portal for remote access without a VPN client, as well as a range of compatible VPN clients, FortiClient – available online as a free download – offers an easier experience for end users, more scalable connectivity than the web portal, and a more intuitive UI for existing FortiGate customers.
FortiClient provides seamless, always-on connectivity to your FortiGate, enabling you to bring new teleworkers online immediately. For larger customers, the quick addition of the FortiClient EMS solution, (FortiClient Enterprise Management Server), adds centralized configuration and control to simplify the rollout of a new teleworker strategy even faster and further.
UPDATING FUTURE PLANS
Moving forward, and knowing that something like Covid-19 may happen again, Castaneda said that “organizations need to ensure that their business continuity/disaster recovery (BCDR) plans are updated so they are ready to quickly ‘flip the switch’ to teleworking in the future – whether due to the next pandemic, a major weather event, or some other unforeseen event. Organizations need to rethink what networks and a digital workforce look like in the 21st century—this should include bolstering the network edge, which has faced increased risk ever since the prioritization of mobility, IoT, and 5G.”
Companies should also consider the following to help them adapt and grow amid this shift.
- Ensure Alignment of Business Processes. To enable a secure remote workforce, organizations must align business processes, such as finance and HR with best practices around communication privacy and authentication. These should also align with cultural processes that promote effective communication in an agile, trust-based environment.
- Fund Necessary Cybersecurity Costs by Leveraging Savings. Permanently shifting a portion of the workforce from centralized offices to home offices will help reduce capital costs like climate control, office infrastructure, and rent or building loans. These cost savings can then be used to fund the necessary technology and cybersecurity costs associated with the “new normal” of managing an expansive remote workforce.
- Ensure Your Cybersecurity Architecture Can Support this New Business Architecture. When building or updating network architectures, things like data privacy, integrity, and confidentiality need to be kept top of mind. These values must be applied across the network, not just for remote workers since business applications and workflows need to span from the endpoint, the core network, and to the company’s “distributed edge” in the cloud. Securing this distributed environment requires cybersecurity solutions that are both integrated and automated.
- Enjoy the Benefits of Telecommuting. There are countless benefits to enabling a remote workforce and adopting a secure network strategy to support it. The carbon footprint of organizations will be reduced when fewer workers are commuting, and the talent pool will only grow when the search is widened to include those who might not live near the physical headquarters. Finally, by supporting secure flexible work options, organizations can strengthen employee loyalty through the alignment of business goals and user experience with personal quality-of-life goals.