Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

Controlling the Zoom Effect: Forescout Research Labs explores telework in Healthcare, Government and Financial Services

David Wolf, Principal Security Researcher | April 22, 2020

Join the Forescout Research Labs as we explore the Forescout Device Cloud to illustrate the enterprise “Zoom Effect” and remote access control across major business verticals. Forescout customers can also join the Research Discussion in the Forescout Community and find Security Policy Templates to control devices running Zoom as an approved application in the enterprise.

The rise of Zoom in the Connected Enterprise: According to the Forescout Device Cloud, enterprise Zoom use is up – way up. Enterprise Zoom use is up 43.70% in just four weeks [1]. Healthcare and Government (State and Local) are leading the telework charge, with Zoom share-of-managed-devices more than doubling at 149% and 118% respectively [1].

Change In Zoom Services InstalledFigure 1. Enterprise Uptake of Zoom Services

Beyond Zoom and WebEx, record-setting user enrollments were reported for Microsoft Teams [2] and Slack [3]. This explosion of collaboration tools is marked by BYOD and personal devices making an exodus from the corporate campus. Devices like smart phones and tablets show significant drop-offs worldwide. As a net result, data center devices have increased their share of what’s left on enterprise networks today.

Campus Devices Falling OffFigure 2. Data Center Share-of-Network Up,
Personal Devices Vanish from the Corporate Campus

In challenging news, the number of devices per site is down overall. Across verticals, the average number of devices connected to same-site corporate networks is down 25.65% for the three-month period ending April 15th [1]. While some sectors shifted to remote work, others were hit hard by steep declines in active employees and connected devices. Among the teleworking survivors, adoption of collaboration tools has ushered in major process changes. Healthcare, Government and Financial Services are leading the charge forward.

We also observed that operational technology (OT) sectors have negligible Zoom penetration. Instead, they favor Cisco WebEx. Energy Utility use of WebEx was up 173.13% while Oil & Gas use grew 90.06% during the same-site, four-week period in focus for this study (March 18th to April 15th) [1]. When it comes to OT, it’s fair to say the “Zoom Effect” is a bubble that’s still mostly air-gapped. For now.

#1 Zoom in Healthcare: Healthcare providers have undergone a transformation. Their adoption of Zoom led all business verticals, more than doubling at 146.24% growth in the four weeks of March 18th to April 15th, while use of WebEx spiked too, growing 60.79% in the same period [1]. Technically, there wasn’t much change in the total number of connected medical (IoMT) and OT devices. There was, however, a major device reduction in BYOD and the number of guest devices, particularly guest Wi-Fi across the extended outpatient campus. These reductions led to a 17.02% overall decrease in unique connected devices in Healthcare [1]. A positive takeaway is that at a time when on-site personnel and medical gear are limited, remote workers—especially older physicians and administrative personnel who are more susceptible to today’s pandemic—are now able to support the front lines thanks to telework and remote collaboration. There’s never been a better real-life use case for remote access to scale resources, reduce costs and save lives.

#2 Zoom in Government: The uptake in collaboration tools across State and Local institutions tells a remarkable story of Government gone virtual. But the story was slow in telling—the ratio of devices remaining on local institution networks showed they had not hopped on the Zoom bandwagon—or at least until March, when Government Zoom use surged [1]. Minor upticks in use of tools like Skype for Business/Lync also show other adoption of collaboration [1]. Of all the verticals, the State and Local Governments allowed the fewest number of managed devices to leave their networks: Connected Government devices were down only 6.34% overall [1], showing that core Government services are still operational when it comes to device connectivity. Zoom is also a Federal issue: Pushing back on Zoom use among military and government employees is proving difficult despite warnings by the FBI and the State Department [4]. Other Zoom e-government changes are also brewing internationally—the UK’s Parliament may move to a “virtual parliament” with less-sensitive activities allowing Zoom [5].

#3 Zoom in Financial Services: FinServ entered a brave new world of enterprise collaboration amidst device compression, with the rate of Zoom installation across managed Windows devices almost doubling at 92.94% growth [1] despite a major reduction of campus IT. Overall, with call centers and corporate offices closed, the Forescout Device Cloud shows that more than 43% of total devices were disconnected from Financial Services sites (including both the hard-hit campus and more enduring data center) [1]. These sudden transformations are troubling for financial business leaders, whose compliance with long-standing regulations often excluded work-from-home. Empowering individuals remotely negates administrative controls like separation of duties, two-person transactions, and mandatory sharing of duties designed to reduce the risk of fraud. FinServ policies designed to control employee workflows, trust zones and privileged access often didn’t make room for remote work. Beyond these internal issues, collaboration tools and external vendors can bring undesirable external issues: For most of the world’s financial giants, routing traffic through Chinese servers would be a deal-breaker even during a disaster, which Zoom had architected into its fallback cloud designs for maintaining resilience [6]. In terms of application white (and black) listing, Zoom applications were recently banned by the UK financial giant Standard Chartered plc [7].

Zoom in Technology and Services: The Technology and Services verticals, which led all sectors in March with Zoom penetration at 19.37% and 6.82% installation across managed devices, were surprise managed device laggards during the period—Technology and Services actually dropped their respective rates of managed Zoom installs by 32.83% and 19.00% respectively [1]. This came alongside drops in total devices connected to their corporate networks of 42.67% and 24.01% [1], showing that Technology and Services not only went remote, but lost a lot of employees and managed corporate security en route.

Security Policies for Approved Applications and Remote Access: With the sudden influx of employees and customers using collaboration tools for business continuity, security policies surrounding remote access and application asset inventory must be designed into enterprise policies, processes and solutions architecture. In settings like critical infrastructure, that means fundamental controls like:

  • Maintaining whitelisted, approved applications for collaboration and remote access.
  • Ensuring that minimum privileges are granted to remote users.
  • Segmenting VPN-accessible networks.
  • Using Security Policy Templates to manage devices running Zoom, collaboration, VPN and remote access services.

Orchestrating Zero Trust Architecture: For many enterprises, enabling a remote workforce means the fortified perimeter has finally fallen to the pragmatic requirements of business continuity. That means it’s time to rethink network designs—some of which were born decades ago—and implement controls that apply Zero Trust principles over time, including:

References

[1] Forescout Device Cloud 2020 [2] https://www.geekwire.com/2020/microsoft-teams-hits-44m-users-huge-37-growth-spike-1-week-amid-remote-work-surge/ [3] https://www.businessinsider.com/slack-7000-new-paid-customers-since-february-coronavirus-2020-3 [4] https://www.voanews.com/silicon-valley-technology/us-military-government-workers-still-use-zoom-despite-fbi-warning [5] https://www.zdnet.com/article/zoom-vs-microsoft-teams-now-even-parliament-is-split-over-which-one-to-pick/ [6] https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/ [7] https://www.reuters.com/article/us-health-coronavirus-zoom-exclusive/exclusive-stay-off-zoom-google-hangouts-standard-chartered-chief-tells-staff-idUSKCN21W2PX [8] https://www.forbes.com/sites/warrenshoulberg/2020/04/01/nearly-700000-retail-workers-out-of-jobs-so-far-due-to-coronavirus/#620981de4c5c [9] https://www.forbes.com/sites/alexkonrad/2020/03/13/zoom-video-coronavirus-eric-yuan-schools/#5c087a084e71
Demo RequestForescout PlatformTop of Page