Secure Your Remote Access Environment [Webinar Recap]
Does your infrastructure scale to meet the needs of today’s remote workforce?
Since the onset of the COVID-19 pandemic, we’ve seen extreme changes in remote access needs for the general workforce population. Scaling remote access to enable continued employee productivity is the number one concern for many businesses today.
IT teams have moved quickly to get users online and operational from their personal offices and homes. In this fast-paced process, IT professionals are straddling the line between security and usability. At this point in the pandemic, perhaps you have secured user access for all critical applications and collaboration tools. But how did you factor security into your remote access plan? Enterprise organizations are more vulnerable than ever, with attackers capitalizing on increased attack surfaces and pandemic distractions.
As a security architect at Burwood, I’ve seen firsthand our clients’ scaling and security challenges with remote access infrastructure during the COVID-19 pandemic. My colleagues and I hosted a webinar to discuss our top concerns and suggestions for action. Click above to check out the recording, or read on here for the highlights.
What are the top work-from-home security concerns?
Getting a comprehensive handle on common concerns is a great first step towards creating a proactive strategy and remediation plan. This is our list of key issues to watch for:
Device Identification and Authorization Concerns: Once VPN access is granted to a user, what systems are in place to identify and authorize permitted devices?
Tracking and Managing Remote Assets: When remote devices are not connected to VPN what protections are in place for tracking and managing the devices?
Work Data on Mobile Computers: How do you track what data is where?
Circumvention of Data Storage Policy via USB Drives: What is your policy for USB usage and transfer?
Protection of Hard Copy Documents with Sensitive Data: Do you have policies that protect against physical printing?
Company Owned Device for Personal Use: Do your security policies hold when users are not connected via VPN? Can users access Box, Google Drive, and similar solutions?
Malicious Actors Targeting Remote Workers: Are your users trained to recognize malicious attempts?
Lack of Backup and Recovery Systems for Remote Workers: What current infrastructure investments can you extend to
Can your VPN infrastructure scale enough?
VPN infrastructure is often a central part of remote access strategy. But what worked in your normal business workflow may no longer work in your new-normal. Review the below illustrations to see why traditional VPN is challenging for a 100% remote workforce.
In a normal business workflow scenario, internal traffic stays on the company-owned infrastructure. All current company policies, procedures and governance apply, and only traffic destined for the Internet is allowed.
In a traditional VPN work-from-home workflow, best practice is to backhaul all traffic to the corporate data center. This creates congestion due to traffic traversing the Internet connection twice. It quickly consumes all Internet bandwidth, and is not scalable as more services move to the cloud.
There are realistic solutions for improving this bandwidth, such as split-tunneling for VPN. In a split-tunnel workflow, traffic is routed directly from the Internet to the client.
Citrix Apps and Desktops is another option. It provides a seamless system for remote access. Our recorded webinar discussion dives into the architectures of these two options.
What is Secure Access Service Edge (SASE)?
Short-term solutions are most important right now, but your immediate decisions can position your organization up for long-term success. Secure Access Service Edge, known as SASE, is a long-term architecture path that will shift your organization's Internet edge to the cloud. It enables fully-scalable security, and the ability to apply and synchronize all current company policies, procedures, and governance strategies. With SASE, your security policies apply to all traffic.
What To Focus On Now
If you’re struggling with securing remote access for your business infrastructure, look at these areas to troubleshoot immediate challenges:
Your most important step is to consider implementing a DNS Layer solution (e.g. Cisco Umbrella or similar product).
[Cisco is offering free Umbrella trials in response to COVID-19; click here.]
Next, audit your accounts: make sure users have access to appropriate apps and services.
In addition to individual users, doublecheck your admin access: permissions, local and domain levels.
Come up with a process for handling remote patch management.
Set up a roundtable discussion on incident response and disaster planning to involve key stakeholders in important decisions.
Burwood is here to help. Reach out to our team for one-on-one conversations about your environment, and listen to our webinar on this topic for an in-depth discussion.
