How remote access changes security fundamentally
As COVID-19 is taking its toll on everyday life around the globe it is fair to say that nothing is like “normal”. Extraordinary situations require extraordinary measures.
I don’t think I have talked so much about VPN and remote access as I did in the last weeks, and I for sure know that our solution architects and engineers are busy helping customers gear up their remote work capabilities.
In these extraordinary times there is also extraordinary pressure on cybersecurity, both from the technical as well as human angle. In line with the efforts for maintaining productivity and business continuity, users are being asked to perform work related tasks in a remote environment and sometimes even from systems that are outside the normal controls of the IT department.
The big question is what all needs to be done in order to make sure you limit the risks and deliver an agile solution to a very complex issue.
Sometimes what the IT teams have been requested is similar to you telling all of your employees to bring their home computer to work, connect it to the network and start working – way too many things can go wrong with that given the age of sophisticated attacks and malware we are living in.
First of all there is the issue of providing secure connectivity in the first place – with the migration to cloud services over the last couple of years, it is quite a surprise to me, that many clients are still extremely dependent on key services, that are still in their on-premises data center.
There are many elements that need to be considered when provisioning the solution: what device the user will be connecting from, where they will be connecting from, how much bandwidth a user session takes and how many users we will need to be able to provide the service for. I think most organizations have already had a number of discussions around this and have possibly identified their approach.
For many other organizations, we are now moving into the second phase, wherein users are settling in at their home offices and starting to work remotely. Here the usability of the chosen solution becomes key, and the real scale of the solution is proven. However, it is also when we will see most of the security issues appearing.
First of all your users may connect from machines that are not even part of your network normally; the admin staff that would normally work from a corporate desktop may need to connect from their own private PC, which opens a whole can of worms in terms of security issues. Here your VPN solution will be challenged in how well it can deliver per-application access and support security assessment of the connecting endpoint. Some of the cloud based remote access solutions also offers protection for the clients’ internet access, which can be very desirable in a scenario where the security status of the endpoints is unknown, or you want to control user behavior.
The second issue is that the users will not necessarily be behind corporate controls while operating from their home workstations, meaning they can browse the internet freely, receive private e-mails, use social media as well – all those things that may put risk to your organization, especially if performed from a machine you have no control over. I am not saying your users are bad people, but they need to be aware of the implications of what they do. We have created a small list of do’s and don’ts of secure remote access to raise awareness of your users and you are welcome to download and brand it and send it to your remote workforce.
The third issue is the bad guys out there: attackers are extremely ingenious and will latch on to any change in the society. COVID-19 is no different. There are already numerous examples of e-mail attacks where malware is being spread under the false pretense of being COVID-19 information. There are also a number of websites that have popped up that replicate the Johns Hopkins Corona Virus map, and when the user enters the site they are prompted to install a malware on their machine – this is a what we call a good old drive by download, that you in your normal enterprise network would probably have prevented.
A thing which is a little concerning for me as a security professional is that organizations have been altering some of the best practices of secure remote access in order to achieve the speed that is required to deliver the solution. As a bare minimum, any remote solution should be protected by a username and two-factor authentication(2FA). The definition of two-factor authentication is that it is based on something the user knows (like a password) and something that they have. We probably all knows key fobs or authentication SMSes from banks which are example of 2FA. Today 2FA can easily be delivered as a smartphone app. It is quick, easy and cost effective to deploy 2FA, and I don’t think you could get better value for money in terms of security robustness in making sure that you identify user and endpoints.
When you are identifying your remote access solution it is important to understand that there is no one solution that fits all. You may have investments into existing infrastructure which can be re-used when evaluated correctly. That is also why Help AG takes a consultative approach before providing you with a solution. With the assistance of Etisalat, who acquired Help AG on the 17 February 2020, we can also assist in getting you the right talking points to cover the infrastructure changes required to support your remote workforce requirements.
In these unprecedented times several vendors have provided promotional programs and extended validations to help organizations counter the security challenges. Most of the solutions can be delivered with extreme speed and with fantastic security features. We are aware that time is of the essence and have all hands-on-deck to support you. With best of breed security technologies from Help AG vendor partners, or maybe just configuration of your existing solutions, our team can design, implement, and configure end-to-end complex remote access security architectures unique to your requirements with unparalleled delivery times.
To schedule a meeting, get in touch with your account manager today or drop us a line at email@example.com.