How companies are dealing with the security threats of an evolving remote workforce

Multi-factor authentication is a common strategy, while Zero Trust is gaining traction, according to an Okta report.

How to protect work devices from home network vulnerabilities

Companies are looking to hire more contractors and remote workers, but are concerned about the inherent security issues involved, according to a Tuesday report from Okta.

Among the 1,050 decision makers surveyed, 63% said they expect to add more contractors, while 63% said they are eyeing an increase in the number of remote workers (including contractors). But such a strategy entails an element of risk. Some 45% of respondents pointed to security as the biggest factor preventing them from hiring more contractors, while 39% said they see remote workers as a security threat.


A key challenge with contractors and remote workers lies in securing access to sensitive systems and data while at the same time fostering collaboration and productivity.

SEE: Managing remote workers: A business leader's guide (free PDF) (TechRepublic)

To respond to security threats, more companies are looking at Zero Trust, an approach in which no security distinction is made between supposedly insecure or open external networks and supposedly secure internal networks. Some 34% of respondents said they already have a formal strategy for Zero Trust and are actively working to secure their companies with this approach. Another 25% said they're creating a formal plan out of a Zero Trust strategy, while 24% said they're considering it but don't yet have any formal plans to implement it.

To verify logins and better secure their systems and data, companies have adopted various types of multi-factor authentication (MFA). Some 61% of respondents said they use security questions, while 54% have implemented software-based one-time passwords. More than half (52%) use SMS, voice verification, and/or the emailing of one-time passwords, with 36% adopting physical keys and U2F (Universal 2nd Factor) tokens. Among the different MFA methods, one-time passwords provided by software, physical and U2F tokens, and biometrics are considered the strongest, while security questions and one-time passwords provided via email are seen as weaker.

But the survey also found a disconnect between how quickly respondents expect to respond to a security breach and the reality of how long such responses can actually take. Some 73% of respondents said they expected their company would identify a security compromise immediately or within 24 hours, while 78% said they would respond to such a breach immediately or within 24 hours. Further, 60% of respondents said they're very prepared to handle a security breach.

However, Ponemon Institute's 2018 Cost of a Data Breach Study found that on average, companies took 197 days to identify a data breach and 69 days to contain it. The time required to identify and contain breaches were highest for malicious and criminal attacks and lower for breaches caused by human error.

Commissioned by Okta and conducted by Qualtrics, the survey elicited responses from 1,050 IT, security, and engineering decision makers at global companies with more than $1 billion in revenue. The survey crossed a variety of industries and sectors, including technology, financial services, manufacturing, retail, and healthcare. The responses were gathered in January and February of 2019.

Also see:

Image: iStockphoto/Jelena Danilovic

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.