To stay connected and serve customers, distributed workforces must utilize the Internet to keep workflow and production going. They might use over-the-top (OTT) IP telephony communication apps, SaaS licenses from clouds, and hosted workflow. It’s a boulder on your shoulder, as IT departments are tasked to support and secure this sudden remote access and management demand.
Devoted employees will increasingly connect into the network from a remote location to provide value exchange. But their personally owned distributed devices are suddenly more exposed as they utilize public Wi-Fi, network file-shares, and link-based videoconferencing apps. With private data now part of a burst of Internet-carried traffic, your employees and customers are exposed to greater risk, as spam, scams, hacker and malware activities mobilize into a predatory formation, trying to get in, hurt your people, and capitalize on your enterprise jewels.
Most security architectures aren’t built to handle this bursting challenge of secure remote work access and interaction to and from the cloud or company servers. Companies that haven’t equipped employees with corporate-issue computing devices now need to support individual employee personal devices. As employees gain access remotely, sensitive company information shifts increasingly to the personal device level as a consequence, increasing overall risk. This often brings a sudden scramble for a secure bring your own device (BYOD) company policy.
What is BYOD?
Bring your own device, or BYOD, is an organizational policy allowing employees to use personal computing devices to access data and do their jobs.
Oh, I use my VPN to protect that traffic. No worries.
Many organizations attempt to leverage the VPN capabilities in their firewall to protect their distributed or remote employees and devices from computer viruses, malware and ransomware. The problem is enterprise security leaders have no way to ensure that workers in small remote offices or outside the private network (i.e., roaming, or squatting to use public, hotel, coffee shop, the airport, or train Wi-Fi) will first log into the company VPN, where the reinforced security lies. Despite basic on-device protections such as antivirus software and endpoint encryption, when these workers reconnect to your private network, sometimes using BYOD, they can introduce lateral infection into your network.
How do you defend against these remote workforce security threats, which go beyond just laptops seeking access from your perceived private network?
OPAQ provides agile advanced endpoint protection, a secure access service edge (SASE) that is rapidly deployed and always on, even when the employee is not connected to your VPN.
OPAQ BYOD policy provides:
- Frequent, automatic software updates that don’t harass business-focused, non-technical home officer workers. Leverage security-as-a-service (SECaaS) to rapidly orchestrate and automate advanced security and smart cyber risk management.
- Virtual firewall as a service (FWaaS) that blocks unwanted traffic from your defined and controllable network endpoints, including wandering user devices.
- A VPN, or similar secure tunnel, that segments ISP traffic from private network traffic. This VPN capability should be “always on,” noninvasively coating the attack surface and protecting company used-devices from breach and deeper infection.
- Multifactor authentication (MFA), which helps to ensure the person or system trying to access a device, network or system is the same person or device authorized for access.
- Cloaking of a device’s and network’s unique identifiers or presence, making it difficult for other people and devices in range to detect.
- Encryption and private circuit use to mitigate outsiders from viewing, stealing or ransoming sensitive data.
- Device hardening, so the endpoint can block legacy or unnecessary ports and services that act as doors for easy infiltration.
- DNS filtering. These are the oft-color-coded listings and commands, which involve preconfiguring devices with software agents to prevent infection from dangerous sites and other network entities.
- Avoidance of direct peer-to-peer computing or peer-to-private-server communication approaches. Remote Desktop Protocol and similar P2P network services are an easy gameboard for hackers. RDP sessions store credentials which can be stolen and wielded in “pass the hash” attacks. If you use P2P apps, it’s critical to orchestrate advanced, layered security mechanisms, including identity access control, encryption, and zero trust architecture.
- Seamless support of the latest Wi-Fi authentication and encryption standards, which can help to protect on-device data and access points.
With the OPAQ Cloud, enterprises and service providers can apply uniform, consistent security policies across all users and endpoints for each of their customers.
Talk to us about your remote access security and segmentation needs.