Posts

Key Security Operational Responses to the Surge in Remote Work

The debate about employees working remotely has ended for the time being. Driven by the response to the COVID-19 pandemic that is threatening life and livelihood, working-from-home is the new normal. All you have to do is look at the sharp increase in the use of remote conferencing software and accompanying skyrocketing stock prices of companies such as Zoom. As society hunkers down to ride out this pandemic, companies are rushing to enable their employees to work from home, frequently leaving the security systems that kept them safe in the office behind.

The pandemic is causing tremendous emotional turmoil, and cyber criminals are having a field day. As people thirst for information and answers, crooks are exploiting and defrauding them – primarily using sophisticated email phishing campaigns, but also more advanced approaches such as weaponized Coronavirus-themed mobile apps that steal user information as they delivery pandemic updates.

How can companies avoid serving up their users to cyber crooks? Best practices include issuing company-owned and hardened devices, enforcing the use of strong passwords and multi-factor authentication (MFA), and having employees use a virtual private network (VPN) to connect to the company firewall. However, the reality for many companies is that these measures are difficult or impossible to effectively put in play:

  • Companies may not have laptops, much less hardened ones, to issue to all employees. Additional devices, especially mobile ones, are expensive to buy and difficult to service and manage.
  • Installing, configuring and training users on MFA can be challenging, and MFA may not be supported by the systems users are accessing. Some VPN solutions provide MFA, but only for access to internal network apps. Cloud-based apps have their own MFA controls that companies don’t control.
  • What happens when users go home, connect to the VPN and access apps in the cloud? Companies are now backhauling all of that traffic to their corporate firewall for inspection, only to send it back out over the same network connection to the internet. Firewall, VPN and internet service that is sized for employees working in an office often won’t scale for a remote workforce.

As a result, many companies are faced with the unpleasant decision to either issue all employees hardened laptops and upgrade their existing firewall, VPN and internet service, or allow employees to use their personal computers (BYOD) to access internal company resources while bypassing security controls altogether for company resources in the cloud. It is easy to see how this plays right into the hands of cyber criminals who are keen to profit from this mad rush to remote work.

Fortunately, there is another option…

SASE for Secure Remote Access

The new normal, where workers are remote and apps are in the cloud, has fundamentally changed network traffic patterns, rendering existing network and security models obsolete. Traffic patterns are now inverted, forcing a change from data-center/corporate-office centric architectures to a model that pushes the security inspection and access control to the edge, where the endpoint and user are – an architecture called secure access service edge (SASE, pronounced “sassy”).

With SASE, it doesn’t matter where employees are working from (home or office), or what apps they are using (on premise or in the cloud). Why? Because users and all of their devices securely connect to a high-performance, auto-scaling security fabric in the cloud.

How can IT management pivot quickly to keep the organization running and your employees healthy and safe?

Discover why a secure access service edge (SASE) architecture is timely for shifting remote-access and remote-work requirements.

Listen to the Webcast,Scalable Secure Remote Access for Mobile Users.”

Read the white paper,How SASE Architecture Enables Flexible, Scalable, and Performance Remote Access for Workforces.

 

Weathering the Storm, or the next one, via secure remote work SASE (aka “sassy”)

A rapid cultural reversal on remote work has accelerated the need for a secure network edge. 

Not too long ago workplace bosses and company policy enforcers (HR and recruiting) reminded us time and time again that the luxury of working remotely, aka telecommuting, or from home, should be viewed as a privilege, not a right.

Think back to the 1990s, if you’re old enough, and that occasional blizzard or day you had to stay home for family or personal reasons. We all had loved ones. Yet still it was difficult to ask your boss for permission to work from home for dread of that snotty answer, reflecting then-fair company policy: “We need all employees in the office unless it’s an emergency. No exceptions.”

But the shift to remote work has gained “gradual” momentum over the years… From the network guys and gals, “Okay, two days a week, you’re worth it. We’ll extend our VPN and endpoint coverage out to where you require access.”

By 2019, the reins on telecommuting had greatly loosened, and surveys indicated 63% of U.S. companies have remote workers, according to a 2018 Upwork survey.

Enter potential disaster COVID-19, and now abruptly, the ability to work remotely is vital, a key to business continuity and survival. As remote and mobile professionals, we’ve come a long way.

In a flash, our world has changed due to the COVID-19 pandemic, and remote work / working from home is an emergency requirement for business and human health. Now, remote work adoption is probably somewhere in the 90s percent range across most enterprise and individual categories, and we shall never forget to honor those still out there by societal need providing medical and public services in communal exchanges.

Exactly what did enterprises have to lose in the past by enabling network and data access to remote employees, and what does it still risk losing now?

The Remote Work Stigma

Well first let’s get supervision of these employees… babysitting, if you prefer… out of the way. We’re no longer in sight, and supervisory suspicion builds, maybe it should given today’s cybercrime schemas and scams, and human tendency to rest…. We’ve all had that manager who wanted us to respond while working remotely within 10 minutes of a request. Sheesh, I take bathroom breaks longer than that. We’ve all had that skeptical supervisor who didn’t think we’d be conscientious toward the job; presumed us loafers who didn’t care.

Less personally maybe there is security and performance monitoring of these distributed assets. Is the employee using company equipment or his or her own personal device? As a network administrator, CISO, or IT manager do you trust the device or virtual connections into your private data or cloud apps?

It’s been a network access avalanche, a sudden, enormous shift in networking resources… There’s a disastrous threat to business, both physical-world and ecommerce continuity; a virus that’s slowing down the human supply chain and people are dying and we can’t even get toilet paper online or during a scarf-filtered trip to the grocery store.

From a less physically granular perspective, from the virtual network management perspective, the sudden remote access demand is growing to a network tipping point. Do you have disaster recovery mechanisms in place that protect more than your initial digital attack surface through basic antivirus updates? Using converging network and security edge service provisioning (aka SASE), can your preparedness strategy empower employees to immediately work from home and safely use resources on premise or in the cloud, while empowering IT managers to sector off core enterprise data and backup?

We’re talking about preparedness, and this brings to memory a prophetically timely 2001 presentation in pre-911 America by Gartner infrastructure and security analyst William Malik on the topic of disaster recovery and how IT managers and employees could prepare for sudden blows to the business or wider market-striking agents that affect customers, supply chain members and people’s lives. It was a lesson in outward, disaster-scenario thinking, every detail being planned out with anecdotes about where your data might be co-located and how you might feed and support your physical front lines. Decades later, these are the types of details IT management teams are scrambling for now during COVID-19 and the demand for secure remote access.

Read the secure remote access white paper.

– Explores the changing considerations toward remote work, now essential for business continuity, as well as the need to shift network traffic and distributed data access patterns to address performance, security, and customer needs. Discover why a secure access service edge (SASE) architecture is timely for these shifting remote access requirements.