The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!
In “co-father of the internet” Vint Cerf’s eyes, the web always had the potential to be a big part of people’s lives. But even the man who spent more than 50 years working on the internet could not have predicted some of the major events that have turned the web into the lifeblood of modern society.
“The surprise for me was the amount of content people pushed into the internet,” Cerf, now chief internet evangelist at Google, said in conversation with Fahmida Y Rashid, executive editor of VentureBeat, during the Transform 2021 virtual conference today. “It was just enormous amounts of information sharing — not to make any money, it was simply to know that something you knew was useful to someone else.”
A whole ecosystem has emerged since, exposing security flaws and vulnerabilities companies now coach their employees through avoiding. The advent of a hybrid work model, where part of the workweek is spent in-office and part is spent working from home with residential networks, will prove tricky for companies. Work machines and home internet could be a security nightmare, even if the employers use a virtual private network (VPN).
5 things to know
1. There is a difference between securing enterprise users and general public users, Cerf said. IT teams can monitor what is happening when users are on company networks or using company-issued devices, but that isn’t always possible in the case of a personal device or a public network. If people are not using company-supplied devices for work, IT teams are leaving their workplaces vulnerable to exploits, even when requiring a VPN to connect to the enterprise ecosystem.
“[We’re] suddenly exposed because those devices may not be managed, controlled and monitored in the way that the enterprise versions would,” Cerf said. “[If] we’re going to be using these hybrid modes of operation, I think we need to insist on more control over the devices that are used from home.”
2. On the flip side, just being on the company network doesn’t mean everything is okay. Even virtual private networks are not adequate, because there are too many other potential holes and vulnerabilities in the residential setting. Assume zero trust: “Don’t trust any of the networks, regardless of where you are, whether you’re in the corporate network, or you’re at home, or you’re calling in from someplace and around the world,” Cerf said. “We assume that none of that implies any safety at all.”
3. Strong authentication is essential — and IT teams have to identify both the equipment and the person using the system. Personal authentication and authenticating devices “is vital to having a hybrid security system actually work well,” Cerf said.
4. User education remains important. IT teams need to educate users to be more thoughtful about detecting potentially hazardous things that may come through “legitimate paths,” such as a link in an email from a sender with a misspelled name. “I don’t think they [users] need to be paranoid. But for the same reason that you don’t walk into traffic without looking in both directions, in case somebody else isn’t paying attention, you need to be thoughtful in the online environment for the same kinds of reasons,” Cerf said.
5. And finally, IT teams have to recognize that bad things will happen and be ready to handle them. Good security teams will log and audit information to trace where a breach originated. They should also stay aware of potential malware and monitor incoming traffic to minimize damage, Cerf said.
Push for zero trust
Companies need to buy into zero trust, or the philosophy that organizations should not trust anything inside or outside their network. Even the savviest internet users are targets for phishing scams and require constant education to sidestep hackers targeting vulnerabilities.
Zero trust can manifest as a suite of programs to prevent phishing. Web users must keep up-to-date on common scams, such as suspicious links and misspelled email addresses, to avoid putting the workplace at risk. Companies can install software to block downloading external software and monitor how devices can be used.
Cryptographic systems such as two-factor authentication (2FA) could be key to staying secure, Cerf and Rashid agreed. That could take the form of an app on a smartphone or a physical cryptographic device.
Employers can also apply these principles to working in the office. There may come a time where the corporate network is compromised, and it is crucial that security teams assume their networks could be exposed.
Cerf predicts 2021 will bring expanded internet coverage in rural areas and increased 5G speeds and capabilities. By maintaining a strong framework, companies can stay safe and avoid falling prey to cybersecurity exploits.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more