More employees are working from home and causing additional security challenges.
In a recent Wall Street Journal article citing information concerning Apple, "In recent days, software developers sent home by Apple Chief Executive Tim Cook have complained of slow download speeds and mounting confusion over still-evolving new internal rules about what work they are allowed to perform, staffers say. Some workers can't access crucial internal systems from home due to strict security policies meant to fend off outsiders—which now includes off-site employees."
Additionally, "Though Apple has encouraged staff to stay away from the office for health reasons, many engineers say they continue to come into headquarters, heeding company policy that forbids unreleased products from being removed from campus. The company has loosened some security restrictions but maintains them on any software that might reveal the nature of off-limits projects, staffers say."
Organizations such as Apple built security processes and tools around a secure network, i.e., the corporate network. The good guys are allowed inside the network, and the bad guys blocked from entering the network.
This approach works when the organization controls every aspect of a project. However, many organizations rely on cloud services like JIRA, GITHUB, etc. For the cloud-centric organizations, the line between the internal network and external network blurs.
As organizations adopt a cloud-centric approach, they need to utilize security principles such as Zero-Trust and data-centric. Read Forbes article End Insider Threats without Impacts Users or Business Workflow for four things to things when adopting a data-centric approach and three tips to kick start your data-centric journey.
COVID-19 highlights that security needs to be data-centric. A data-centric security posture is not dependent on location, user, or device.