FEATURE
access. VPNs are designed specifically
for this as they encrypt data and
hide the IP address of the user. So
even if the employee is accessing
sensitive company data via an insecure
connection, potential attackers wouldn’t
be able to extract any useful information.
Identity access management
In the world of cloud and the distributed
workforce, there is no more important
security task then being able to identify
users in a strong way. I cannot emphasise
how important identity hygiene is in our
current threat landscape. Passwords
should always be unique but your
most sensitive identities, including your
corporate services, should also be
backed up by a second factor.
VPN and identity access management
solutions which validate not just the user
but also the security of the device before
granting connection.
MOREY
MOREY HABER,
HABER, CHIEF
CHIEF
TECHNOLOGY
TECHNOLOGY OFFICER,
OFFICER,
BEYONDTRUST
BEYONDTRUST
Remote employees traditionally connect
to corporate resources using a VPN or
cloud resources directly. They are often
behind their own home routers that
use technology like Network Address
Translator (NAT) to isolate the network.
This creates a network routing problem.
Endpoint robustness and limiting
user rights
It’s clear that deploying the same
security on endpoints and remote
users is very challenging. Therefore, it
is important to understand the various
endpoint vulnerabilities. I find that
too many organisations deploy new
endpoint solutions without validating
whether they achieved the goal of
securing the end devices. As a CISO,
you also need to understand that attacks
are constantly changing, so validating
how your systems hold up against new
attacks is important.
What is important to know is that while
you may not always be able to uncover
vulnerabilities, the correct configuration
and security applications can make it
exponentially more difficult to exploit
those that do exist. Also, why not get
your endpoint tested by the experts with
a service such as penetration testing?
Constant security validation
A final thing that I also recommend
CISOs look at is how they validate the
security of their remote users. Since
we know that this user group is more
exposed, it is important that you validate
the integrity of the endpoint constantly.
This could for instance be done at
any connection to your networks and
applications – this is why we have NAC,
38
Corporate cybersecurity solutions
cannot resolve and route to remote
employees to push updates or query
systems directly. All remote devices
must therefore poll into cybersecurity
resources for updates or to submit data
and often require a persistent outbound
connection to determine state regardless
if using a VPN or cloud resources.
Discovery technology, pushing policy
updates, etc all become batch driven
in lieu of near real time. Even remote
support technologies require an agent
with a persistent connection in order
to facilitate screen sharing since a
routable connection inbound to SSH,
VNC, RDP, etc is not normally possible
for remote employees.
Therefore, the number one
cybersecurity challenge for remote
employees is based on devices that
are no longer routable, reachable or
CISOs need to
think out of the
box regarding
connectivity.
resolvable from a traditional corporate
network for analysis and support.
Remote employees’ technology can
come in two forms – corporate supplied
IT resources and Bring Your Own Device
(BYOD). While corporate deployed
resources can be hardened and
controlled in extreme ways, personal
devices are often shared and not
subjected to the same security scrutiny.
The largest cybersecurity challenge
occurs in the latter. Organisations
struggle to manage end user devices
with Mobile Device Management (MDM)
solutions and technology that can only
isolate applications and user data on
a device. They cannot harden it and
govern its operations as tightly as a
corporate deployed system. Therefore,
this is the second most important
cybersecurity threat for remote
employees; how to allow BYOD without
introducing unnecessary risk. This
includes having administrative access to
the device since you are the owner.
The third challenge for remote
employees involves traditional
cybersecurity controls like vulnerability
assessments, patch management and
anti-virus. Traditionally, all of these were
performed using network scanners,
agent and services to perform various
functions. But these require connectivity
to on premise servers. With the cloud,
these disciplines have become easier
to manage but many organisations have
not matured enough to embrace these
technologies for remote employees.
Therefore, organisations empowering
remote employees should consider the
cloud for managing basic cybersecurity
disciplines since the problems with
connectivity are only getting worse with
cellular and other mobile technologies.
Issue 12
|
www.intelligentciso.com