CIOs say security must adapt to permanent work-from-home