TechTurns

Technology and more....

  • Home
  • Contact info
  • Opt-out preferences

Securing the Remote Working Environment

The coronavirus pandemic has created an unparalleled and urgent challenge for those entrusted with the responsibility for securing digital assets in companies of all sizes.

The new mandates for remote working promulgated virtually overnight have exacerbated the need to secure data traffic and do it at scale.

Video Conferencing

Zoom is close to becoming a verb. So many people are using it and frankly, like it because of its simplicity of use. However, the security problems of Zoom are now manifest in many companies, school districts and even congress mandating that the product is not used. “Zoombombing” is now commonplace. Until Zoom can reengineer parts of its problem components, it remains a big problem and it should be used with caution.

In the meantime, there are many other video conferencing products that are secure, have been used in business for a long time, and remain viable alternatives.

Zero Trust

Simply put, zero trust means never trust, always verify. This model inherently assumes that trust is a vulnerability. As such, the effort is to try and create a behavioral profile of users and the way they should interact with key company assets. Thereafter, constant monitoring and remediation is used to identify and isolate abnormalities against that benchmark.

Zero trust can be achieved in a myriad of ways, including with the use of established frameworks e.g. ISO, NIST etc. In an age where brand image can be seriously damaged, and may never recover from breaches and hacks, making sure that the remote environment does not become an avenue for compromise, is critical. Various solutions for this model are discussed below.

Multi-factor authentication (MFA)

MFA adds security to critical applications and can be easy to enable on the backend systems. Most users today carry smart phones and between SMS and authenticators from Google, Microsoft etc., implementing the frontend piece for the MFA, is also not complex. Even so, a small pilot to iron out any kinks is recommended before a companywide rollout. Prioritizing those that may have access to sensitive information should be a key focus.

Virtual private networks (VPN)     

VPNs can be used to protect and encrypt traffic from users to datacenters and cloud-based assets. There are any number of reasonably priced commercial VPNs that can be procured with bulk licensing and when used together with MFA, they provide a robust foundation to secure all data traffic.

Mobile device management (MDM)

MDM becomes a must have to manage and control the plethora of devices that remote employees use. These include phones, iPads, laptops etc. An MDM platform can limit connections to only devices that are either owned by the company, or at the very least have been checked to make sure that they have the latest security patches. Additionally, if the device is lost, remote wipe capability allows for securing sensitive information that would otherwise be compromised. Some MDM platforms will also allow company applications to be delivered to the device, while at the same time, limiting the users’ ability to add unapproved applications to the device.

Imaging devices

Some companies, particularly those that operate in areas like finance or healthcare, where sensitive information needs to be controlled, may prefer to have pre-approved images installed on company devices. This allows the environment to be tightly controlled for security vulnerabilities. It also enables IT departments to be able to provide replacement devices at short notice, should there be a catastrophic failure or loss of a device.

Staff security enablement

Self-service portals

When staff are remote, it is helpful to create self-service portals where employees can reset passwords etc. This also helps take pressure off the increased demands on the helpdesk staff.

Having some training materials for staff on the same portal to help them with security related questions, or guidance on the use of MFA or VPN etc. is also recommended. When remote work is thrust upon a workforce in an instant – as has happened recently – having an online resource that can provide ongoing clarity on the use of technology, can be reassuring for both employees and cybersecurity staff.

HelpDesk

When staff are asked to work from home, the perimeter that now must be secured and supported, also scales. It is common to have employees ask for help with their home internet connections, configurations, troubleshooting and security. It would be reasonable to make accommodations for such calls.

Security awareness

Another factor is the staff security awareness regimen. Bad actors are still looking at common vectors like phishing to exploit employee behavior and making sure that the employees are aware of how they can protect themselves and company assets, is well worth the investment. There are many third-party tools that make security awareness easier to deploy, manage and monitor.

Business continuity

Disaster recovery and business continuity take on a renewed emphasis in a remote workforce culture. Making sure that there is a clear and articulated policy around BCP, and testing is done to validate and simulate failure, is always a good idea. Making sure that asset owners and users are aware of the response and restore time objectives is recommended.

Enhanced resiliency and monitoring

It is imperative that thought be given to enhancing the monitoring and remediation of internet facing systems. Today, some or all of this, can be outsourced to companies that specialize in this kind of work.

The task of securing a dispersed workforce is not insurmountable. Over the years, there has been a movement towards architecting and deploying flexible and secure work environments, including for remote work.

Those companies that reacted to these market changes early, now find themselves in an advantageous position as they respond to the current circumstances.

About me

My name is Mukul Chopra. Business Technologist and Futurist. Compassionate about the less fortunate, Passionate about life and living. Seeker of the space between thoughts and the fairways between the trees.

Find it here

Tag Cloud

Analytics-bi-modal-Big Data-CDC-Cybersecurity-disinformation-Disruptive Innovation-dualism-Einstein-Google-hacked cars-IBM Watson-multi-tasking-organ designers-quantum-robots-Self-driving-Spooky-tech timeout-terrafugia-Tesla-uber

Archives

  • October 2020
  • August 2020
  • April 2020
  • March 2020
  • December 2019
  • May 2019
  • November 2018
  • October 2018
  • September 2017
  • June 2017
  • May 2017
  • January 2017
  • October 2016
  • August 2016
  • February 2016
  • December 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015

Copyright © 2023 · Beautiful Pro Theme On Genesis Framework · WordPress · Log in

Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}