Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/24/2020
10:00 AM
Mike Wronski
Mike Wronski
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Since Remote Work Isn't Going Away, Security Should Be the Focus

These three steps will help organizations reduce long-term work-from-home security risks.

The essential shift to remote work meant many companies emphasized connectivity first and security second. Now, organizations globally are struggling to determine what longer-term distributed work will look like and how they will operate. Most companies are accepting that this could be permanent – in fact, a report from Pulse Secure found that 84% of US organizations expect a broader and more persistent remote work adoption after the coronavirus pandemic passes.

However, adopting remote-first work policies comes with security challenges for tech leaders. Some studies have shown that remote employees are less likely to follow security best practices — for example, a report by Malwarebytes showcasing security in today's work from home environment found 18% of respondents said cybersecurity was not a priority. And in a report commissioned by (ISC)², nearly one fourth (23%) of infosec professionals said that cybersecurity incidents experienced by their organization have increased since transitioning to remote work. 

Related Content:

Post-COVID-19 Cybersecurity Spending Update

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Don't Fall for It! Defending Against Deepfakes

To address this concern, security needs to be a priority. Here are the security strategies to keep in mind when transitioning from pandemic to permanent remote infrastructure and how to ensure your team is set up for success.

Adopt a Zero-Trust Approach 
Zero trust is a well known security concept centered on the belief that organizations should plan their defenses by not trusting anything or anyone, both inside and outside of the network perimeter. With more employees working remotely long-term, a zero-trust approach is necessary to protect users, workloads, and applications that are distributed around the globe. 

To begin your zero-trust journey, it's important to consider the following strategies: 

  • Address user identity and establish context. Beefing up your identity and access management (IAM) strategy with unified account management and multi-factor authentication (MFA) are critical components to building a context-aware architecture for your organization.
  • Leverage visibility tools to classify data and applications. This involves taking note of how your data is labeled, and how sensitive data flows through your network. This step is critical to understand what good network traffic looks like in order to write zero-trust policies.
  • Prioritize in-use applications versus legacy. Consider starting with data/applications that the IT teams use regularly and understand well, versus legacy applications that may not be well documented or communicating with other services in unclear ways. This will act as a way of testing a hypothesis to understand how to apply zero-trust policies over time.

Expand Beyond VPN Security 
The abrupt shift to remote work led to a massive spike in employees using virtual private networks (VPN) to remotely connect to company networks. Home users and endpoints are a popular target for malware infections (phishing, malicious websites, etc.), so VPN security has been a major topic of recent conversations. 

A traditional VPN is typically a binary control that allows users access to an internal network once a user is authenticated. However, traditional VPN is not granular enough to meet the needs of today's workplace. If a device falls into the wrong hands, all bets are off. While security/IT teams have taken a more binary approach in the past (user allowed versus not allowed), to adapt to a WFH environment, organizations should adopt a Zero-Trust Network Access (ZTNA) model, which takes into account context, such as the user's role, device and location when assigning access privileges, to enforce stronger security protocols. Many companies are already seeing the value of ZTNA compared to VPN. Gartner predicts that by 2023, 60% of enterprises will phase out traditional VPNs and use a ZTNA model. 

Invest in 'Security Operations'
Just like an annual physical at the doctor's office can help address severe issues before they become worse, regular monitoring of the security health of an organization's resources (from apps to networks and data) will help identify issues and strengthen the overall security posture long-term. What's more, a holistic view of your health issues allows a physician to deliver more effective care to meet your needs. Similarly, an end-to-end view of your organizational systems eliminates siloes and allows more effective visibility into security needs. With remote teams leaving companies more vulnerable, organizations should invest in dedicated teams and tools that will continuously monitor their security health within a platform that allows holistic visibility, like hyper-converged infrastructure. 

Ultimately, strong security measures begin with a robust infrastructure foundation that provides a defense-in-depth approach to security. Defense should be woven into every level, from platform security, to application and network security, to multi-cloud security. In today's traditional environment, infrastructure stacks are composed of products from multiple vendors, and validating a security baseline can be a time-consuming and error-prone manual process.

Hyperconverged infrastructure (HCI) reduces the complexity and increases visibility by simplifying the hardware and software stack required to deliver the performance and reliability needed for modern applications. An additional benefit of removing complexity with HCI is that with fewer operational silos, the application of security best practices are also simplified.  

To make the greatest impact, also consider network monitoring tools with anomaly detection. Instead of just looking at endpoints, perimeters, and firewalls for threats, anomaly detection looks at the entire network to uncover these possible issues. This approach gives security teams constant tracking and the ability to automate the process of identifying unconventional data patterns, for example, ones that may indicate a threat. Taking a proactive approach to your security health means auditing existing resources and infrastructure, identifying systems that do not meet best practices, and ultimately, leveraging solutions to help you catch potential threats. 

COVID-19 has not only changed the work environment today, but it has also impacted the way organizations are thinking about work from home – with more than half (55%) of executives surveyed by PwC claiming they will offer flexible workweeks with remote work options. As companies come to terms with the likelihood of a permanent distributed workforce, the need to secure remote-work environments becomes paramount. To reduce the security risks associated with remote work over the long term, organizations should consider adopting these security steps. 

As a Technical Director of Product Marketing for virtualization, networking, and security at Nutanix, Mike Wronski brings more than 25 years of industry experience to his role. Mike's career has spanned both vendor and practitioner roles via multiple technology startups and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...