Protecting remote connections is crucial for maintaining the security and integrity of your network, especially in today’s environment where remote work is prevalent.
2020 is perhaps the most significant year in the last two decades for many countries and the world as a whole. During the pandemic, the transfer of employees to a remote mode of operation, without protecting remote connections, has gained unprecedented proportions. It has even impacted industries that previously did not welcome remote work, such as banks. Given the fact that security is a key aspect of distant communications, the choice of corporate information security tactics in the new conditions is becoming particularly important.
Protecting Remote Connections – Not an Option
The shift to remote work, which is often insecure, presents attackers with more significant opportunities than before. Life demonstrates that many organizations are not prepared for the scale of these threats. The immediate measures taken in the present are unlikely to remain viable in the long term.
Many organizations, even contrary to their internal standards, began to widely use information security products based on the Try & Buy scheme. For the most part, IT managers are hoping to protect their organizations using software that is offered with a free license during the COVID-19 outbreak. And then abandon it and continue to work as before. Meanwhile, there is a reason to believe that after the first wave of COVID-19 and associated social restrictions, the second and third may well follow. And actually-they are already here. Accordingly, all temporary solutions will have to be converted into integrated systems.
Key Vulnerabilities
When focusing on protecting remote connections, organizations should prioritize monitoring devices, connections, and user auditing. Of course, the most favorable situation occurs when the organization can provide employees with work laptops for official duties from home. This workflow is known as COBO (Corporate-Owned, Business Only). This approach enables the IT staff to ensure maximum security for systems and communication channels, considering the geographically distributed arrangement of corporate devices and nodes.
However, this option is not always possible to implement. At a minimum, the organization must first model the relevant information security threats, configure security policies, and implement mechanisms for automatically applying these policies.
Securing BYOD: Mitigating Risks and Protecting Remote Connections
In many organizations, the Bring Your Own Device (BYOD) model is increasingly common. This approach, while convenient, raises additional risks for protecting remote connections. IT security officers often lack visibility into the devices employees use, which can lead to vulnerabilities in the corporate network.
Obviously, the minimum necessary measure to ensure a secure user session within BYOD should be to protect the device’s connection to the corporate network using a VPN (BYOD security risks). However, the VPN does not solve the original problem of connecting an unverified and potentially rogue device to the network. For instance, such a device could be a child’s gaming PC. The antivirus database on this PC might not have been updated, or there might be no antivirus software installed at all because there’s no valuable information on the device. Consequently, this computer could already harbor several pieces of malicious software, even if it’s a relatively secure Apple device. This situation makes it a potential entry point for hackers.
Smart Protection for BYOD
To effectively minimize various BYOD risks, organizations can use Network Access Control (NAC) within their information security infrastructure. All major manufacturers, including Cisco, Microsoft, and Symantec, now offer this software. These systems specifically facilitate the transition of business processes to the BYOD model. At some point, customers began to redesign them for new tasks, such as the Internet of Things. As a result, although the majority of companies have implemented the so-called AAA processes (authentication, authorization, and audit) related to information security, not many organizations still use proper tools to monitor devices’ security profiles.
In the current situation, IT security teams should fully utilize their network access control systems. NAC offers mechanisms for monitoring and verifying devices attempting to access the corporate network. It checks compliance with security policies. If a device is found to be non-compliant, the system will automatically initiate procedures to normalize access parameters. These procedures align with information security requirements. If such a procedure is not possible, then NAC will block access to the corporate network for this device.
Protecting Remote Connections: Access Control and Integration Strategies
Another option is also possible: a device that does not fully comply with information security policies will receive limited access to the network. For example, to isolated areas that do not contain critical information. Indeed, to achieve this, you must segment the corporate network by departments or access levels. You can achieve this using traditional approaches, such as virtual networks (VLANs) and Active Directory data. Alternatively, organizations can utilize software-defined methods, like Cisco TrustSec technology.
It is important to ensure that a NAC solution can fully integrate with the existing IT environment. This verification process can be labor-intensive. If done incorrectly, you may not achieve the desired efficiency from the NAC due to functional limitations. To implement effective network access control systems, it is advisable to engage specialized companies. These companies should have the necessary qualifications and experience in information security.
Additional Measures
In addition to NAC, organizations may also pay attention to other solutions aimed at controlling user actions. These are Mobile Device Management (MDM) and Data Leak Prevention (DLP) systems. MDM allows you to ensure the safety and security of portable devices of remote users. For example, by preventing data loss during the theft of a smartphone, tablet, or laptop. In turn, DLP systems enable organizations to analyze the behavior of their employees. You can use them to track where confidential information is sent and whether users are violating information exchange rules. They also enable you to analyze how employees spend their working time. While these may not be the primary focus, they provide an additional layer of security. This contributes to a comprehensive approach to protecting remote connections.
Sepio Platform
Alongside NAC, a new domain has risen. Sepio platform for network visibility and asset risk management (ARM). The ability to have ultimate visibility, policy enforcement capabilities and Rogue Device Mitigation with regards to the Enterprises Hardware assets. This new domain complements the NAC functionality on the Network domain and EPS on the device domain.
And, of course, technical procedures will be most effective only when organizations support them with specific actions. Managers should consider:
- Introducing internal corporate regulations and instructions for working remotely.
- Signing up additional agreements with employees on the use of confidential information.
- Carrying out general measures to clarify responsibility when working with corporate networks, services, and data outside the office.
- Conducting security awareness training.
An integrated approach is essential for building a safe remote work model. Meticulous consideration of all details is also crucial. This strategy enables organizations to create a secure environment not just for the short term, but also for the long term.
Contributed by: David Balaban
See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.