Posts

Weathering the Storm, or the next one, via secure remote work SASE (aka “sassy”)

A rapid cultural reversal on remote work has accelerated the need for a secure network edge. 

Not too long ago workplace bosses and company policy enforcers (HR and recruiting) reminded us time and time again that the luxury of working remotely, aka telecommuting, or from home, should be viewed as a privilege, not a right.

Think back to the 1990s, if you’re old enough, and that occasional blizzard or day you had to stay home for family or personal reasons. We all had loved ones. Yet still it was difficult to ask your boss for permission to work from home for dread of that snotty answer, reflecting then-fair company policy: “We need all employees in the office unless it’s an emergency. No exceptions.”

But the shift to remote work has gained “gradual” momentum over the years… From the network guys and gals, “Okay, two days a week, you’re worth it. We’ll extend our VPN and endpoint coverage out to where you require access.”

By 2019, the reins on telecommuting had greatly loosened, and surveys indicated 63% of U.S. companies have remote workers, according to a 2018 Upwork survey.

Enter potential disaster COVID-19, and now abruptly, the ability to work remotely is vital, a key to business continuity and survival. As remote and mobile professionals, we’ve come a long way.

In a flash, our world has changed due to the COVID-19 pandemic, and remote work / working from home is an emergency requirement for business and human health. Now, remote work adoption is probably somewhere in the 90s percent range across most enterprise and individual categories, and we shall never forget to honor those still out there by societal need providing medical and public services in communal exchanges.

Exactly what did enterprises have to lose in the past by enabling network and data access to remote employees, and what does it still risk losing now?

The Remote Work Stigma

Well first let’s get supervision of these employees… babysitting, if you prefer… out of the way. We’re no longer in sight, and supervisory suspicion builds, maybe it should given today’s cybercrime schemas and scams, and human tendency to rest…. We’ve all had that manager who wanted us to respond while working remotely within 10 minutes of a request. Sheesh, I take bathroom breaks longer than that. We’ve all had that skeptical supervisor who didn’t think we’d be conscientious toward the job; presumed us loafers who didn’t care.

Less personally maybe there is security and performance monitoring of these distributed assets. Is the employee using company equipment or his or her own personal device? As a network administrator, CISO, or IT manager do you trust the device or virtual connections into your private data or cloud apps?

It’s been a network access avalanche, a sudden, enormous shift in networking resources… There’s a disastrous threat to business, both physical-world and ecommerce continuity; a virus that’s slowing down the human supply chain and people are dying and we can’t even get toilet paper online or during a scarf-filtered trip to the grocery store.

From a less physically granular perspective, from the virtual network management perspective, the sudden remote access demand is growing to a network tipping point. Do you have disaster recovery mechanisms in place that protect more than your initial digital attack surface through basic antivirus updates? Using converging network and security edge service provisioning (aka SASE), can your preparedness strategy empower employees to immediately work from home and safely use resources on premise or in the cloud, while empowering IT managers to sector off core enterprise data and backup?

We’re talking about preparedness, and this brings to memory a prophetically timely 2001 presentation in pre-911 America by Gartner infrastructure and security analyst William Malik on the topic of disaster recovery and how IT managers and employees could prepare for sudden blows to the business or wider market-striking agents that affect customers, supply chain members and people’s lives. It was a lesson in outward, disaster-scenario thinking, every detail being planned out with anecdotes about where your data might be co-located and how you might feed and support your physical front lines. Decades later, these are the types of details IT management teams are scrambling for now during COVID-19 and the demand for secure remote access.

Read the secure remote access white paper.

– Explores the changing considerations toward remote work, now essential for business continuity, as well as the need to shift network traffic and distributed data access patterns to address performance, security, and customer needs. Discover why a secure access service edge (SASE) architecture is timely for these shifting remote access requirements.

 

Strong Endpoint Security Offers Firewall Alternative for SMBs and Branch Offices

Ahh, the firewall… that invaluable tool which monitors and protects traffic to and from an organization, as employees and servers communicate with the Internet and other networks or devices.

What would we do without them? Firewalls can block unauthorized access and inspect packets and prevent malware from infecting your network. A company might have an enterprise firewall at its headquarters office in Austin, TX, and another at its branch office 1,200 miles away in Charlotte, NC, and use these firewalls to enforce traffic and security policy across its network and access points. It might open a new office location in Chicago, IL, and equip that location with a third firewall and integrate it into the traffic and protection scheme. Or, conversely, the company might turn to a cloud firewall model to eliminate the amount of investment in physical security equipment and maintenance at its various sites. Either way, the company is taking prudent steps by incorporating firewall protection to help keep its electronic databases and other assets safe from infection, corruption, misuse, theft or ransom.

But what about a company that has only one office and 50 employees distributed across the country, most of whom travel extensively and are out of the firewall’s protective range? Do we expect them to log into the VPN when they work from their home offices or while visiting a client or attending a conference? Do we trust that they will log in? Does an enterprise-firewall-with-VPN strategy do much good here? And what if this small company doesn’t have the servers, routers and other equipment in its HQ office and instead leverages infrastructure in the cloud? Is a firewall appliance or cloud firewall really the most appropriate security solution for this type of organization?

Consider this: Firewall appliances at each office are there to protect the resident users, equipment (physical and virtual), and data. If your organization becomes so distributed as to have only a few people in the office and your server and database equipment in the cloud, the whole premise of the enterprise firewall loses its purpose. With intellectual property no longer on the premises to protect, it’s smart to consider a strategy in which network and security policy follow your employees wherever they are and wherever they go as they access private enterprise data from the cloud, and share data with one another.

Security at the Endpoint

Endpoint security is a strategy in which organizations or individuals attempt to stave off cyberattacks by fortifying remote equipment with on-device cybersecurity protection. Typically, this protection consists of antivirus software and scanning and complements a firewall. But when the firewall and VPN are eliminated from the equation, endpoint security must be stronger.

Cyber-attacks target individual users and their workstations via ransomware, Web browsers, document viewers, and multimedia players that download and execute content from the Internet in the hope of gaining a beachhead into the corporate environment. One wrong click or download by the end-user and the infection can spread laterally (east-west)… within the firewall… and across the internal network. No longer limited to big organizations and brands, SMBs are in the crosshairs of cyberattacks, with 43% of cyberattacks worldwide targeting small businesses.

Strong endpoint protection doesn’t replace all rationale for firewall use, but it can supplant traditional firewall and VPN strategies in certain scenarios.

  • In organizations in which many IT applications (e.g., Office 365 and Salesforce) and/or sensitive digital assets are no longer hosted in internal network datacenters. Often, traffic from remote workers is backhauled over the VPN to an enterprise control center, from which it is then routed back over another VPN connection to IT services in the cloud. This method of backhauling traffic is expensive, unreliable, and slow.
  • In organizations in which there are few or no company offices, and employees operate outside any firewall protection… Here, the workforce is largely distributed and transient, connecting to enterprise apps hosted in the cloud. In this scenario, endpoint protection needs to be more advanced and adaptive than static antivirus and firewall protection, and the flexing protection must be always-on.
  • In small organizations consisting of an owner and one or more 1099 employees, where workstations are limited to computers located in remote offices. Firewall and VPN protection for these companies may seem heavy-handed, while host-based antivirus and scanning may not be enough to enforce security concerns and Zero Trust best practices.

In these scenarios an organization wants to be able to protect its remote workers from cyberattacks, protect these users’ connections to Internet and cloud access points, and prevent the spread of malicious code or file-less malware. The firewall becomes obsolete in some environments, and the VPN impractical. Strong endpoint protection and network segmentation become a smart, effective defense.

OPAQ Endpoint Coverage

OPAQ Endpoint Protect provides easy-to-deploy advanced security-as-a-service for your distributed endpoint users. Organizations can employ it as a complement to the firewall or when firewall or VPN protection doesn’t make sense – for example, small offices of 25 to 50 users.

OPAQ secures remote workers and the private network from the latest threats. Security follows users wherever they go – whether they are in a coffee shop, inside an airport or on a plane or train. The protection goes beyond host-based antivirus signatures and scans and includes:

  • Network intrusion prevention and detection (IPS/IDS)
  • Network anti-virus/malware/spyware
  • External IP inspection and filtering
  • Network URL inspection and filtering
  • Zero-Day protection
  • Internet exposure minimization
  • Protection from both DNS- and Web-based assaults.

Meanwhile, OPAQ Endpoint Control governs your lateral traffic, providing secure access control and network segmentation. Using OPAQ Endpoint Control, organizations can place sensitive IT applications on the open Internet or in the cloud, while ensuring that only authorized users can access those applications. It can also be used to lock down internal networks, closing off unnecessary avenues for lateral movement by attackers who have compromised devices behind the corporate firewall.

Benefits:

Firewall displacement: Is a physical firewall at every office a waste? Are your remote users not logging into the VPN? OPAQ offers always-on advanced protection that doesn’t require your staff to invest and maintain the equipment.

Tightened endpoint security. Endpoint Protect ensures that every Internet connection initiated by the endpoint goes through OPAQ’s security cloud. This model provides affordable cloud-delivered enterprise-grade security for organizations that previously couldn’t afford or manage advanced security.

Stopping stowaways. The best approach to distributed security is to segment internal networks using software to contain the spread of attacks. OPAQ Endpoint Control is a network segmentation solution that gives you the visibility to see suspicious activity, quickly search for malicious network processes across your user base, and stop all network communication from infected endpoints.

Backhaul offload. Many organizations today are stuck backhauling full tunnel VPN traffic from remote workers to their enterprise. IT applications are increasingly hosted in private clouds, which are reached over endless VPN connections. Using OPAQ Control, organizations can break free from this inefficiency, moving to a model where trust is anchored in the user and the device, rather than the network they are on.

Security cannot be a static defense. To protect remote workers harnessing the cloud, leave the firewall behind and leverage strong, smart endpoint protection that is always on and evolving ahead of the latest threat.

Learn more about OPAQ EndPoint Protect

Read about Securing Remote Workers