Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/24/2020
10:00 AM
Mike Wronski
Mike Wronski
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Since Remote Work Isn't Going Away, Security Should Be the Focus

These three steps will help organizations reduce long-term work-from-home security risks.

The essential shift to remote work meant many companies emphasized connectivity first and security second. Now, organizations globally are struggling to determine what longer-term distributed work will look like and how they will operate. Most companies are accepting that this could be permanent – in fact, a report from Pulse Secure found that 84% of US organizations expect a broader and more persistent remote work adoption after the coronavirus pandemic passes.

However, adopting remote-first work policies comes with security challenges for tech leaders. Some studies have shown that remote employees are less likely to follow security best practices — for example, a report by Malwarebytes showcasing security in today's work from home environment found 18% of respondents said cybersecurity was not a priority. And in a report commissioned by (ISC)², nearly one fourth (23%) of infosec professionals said that cybersecurity incidents experienced by their organization have increased since transitioning to remote work. 

Related Content:

Post-COVID-19 Cybersecurity Spending Update

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Don't Fall for It! Defending Against Deepfakes

To address this concern, security needs to be a priority. Here are the security strategies to keep in mind when transitioning from pandemic to permanent remote infrastructure and how to ensure your team is set up for success.

Adopt a Zero-Trust Approach 
Zero trust is a well known security concept centered on the belief that organizations should plan their defenses by not trusting anything or anyone, both inside and outside of the network perimeter. With more employees working remotely long-term, a zero-trust approach is necessary to protect users, workloads, and applications that are distributed around the globe. 

To begin your zero-trust journey, it's important to consider the following strategies: 

  • Address user identity and establish context. Beefing up your identity and access management (IAM) strategy with unified account management and multi-factor authentication (MFA) are critical components to building a context-aware architecture for your organization.
  • Leverage visibility tools to classify data and applications. This involves taking note of how your data is labeled, and how sensitive data flows through your network. This step is critical to understand what good network traffic looks like in order to write zero-trust policies.
  • Prioritize in-use applications versus legacy. Consider starting with data/applications that the IT teams use regularly and understand well, versus legacy applications that may not be well documented or communicating with other services in unclear ways. This will act as a way of testing a hypothesis to understand how to apply zero-trust policies over time.

Expand Beyond VPN Security 
The abrupt shift to remote work led to a massive spike in employees using virtual private networks (VPN) to remotely connect to company networks. Home users and endpoints are a popular target for malware infections (phishing, malicious websites, etc.), so VPN security has been a major topic of recent conversations. 

A traditional VPN is typically a binary control that allows users access to an internal network once a user is authenticated. However, traditional VPN is not granular enough to meet the needs of today's workplace. If a device falls into the wrong hands, all bets are off. While security/IT teams have taken a more binary approach in the past (user allowed versus not allowed), to adapt to a WFH environment, organizations should adopt a Zero-Trust Network Access (ZTNA) model, which takes into account context, such as the user's role, device and location when assigning access privileges, to enforce stronger security protocols. Many companies are already seeing the value of ZTNA compared to VPN. Gartner predicts that by 2023, 60% of enterprises will phase out traditional VPNs and use a ZTNA model. 

Invest in 'Security Operations'
Just like an annual physical at the doctor's office can help address severe issues before they become worse, regular monitoring of the security health of an organization's resources (from apps to networks and data) will help identify issues and strengthen the overall security posture long-term. What's more, a holistic view of your health issues allows a physician to deliver more effective care to meet your needs. Similarly, an end-to-end view of your organizational systems eliminates siloes and allows more effective visibility into security needs. With remote teams leaving companies more vulnerable, organizations should invest in dedicated teams and tools that will continuously monitor their security health within a platform that allows holistic visibility, like hyper-converged infrastructure. 

Ultimately, strong security measures begin with a robust infrastructure foundation that provides a defense-in-depth approach to security. Defense should be woven into every level, from platform security, to application and network security, to multi-cloud security. In today's traditional environment, infrastructure stacks are composed of products from multiple vendors, and validating a security baseline can be a time-consuming and error-prone manual process.

Hyperconverged infrastructure (HCI) reduces the complexity and increases visibility by simplifying the hardware and software stack required to deliver the performance and reliability needed for modern applications. An additional benefit of removing complexity with HCI is that with fewer operational silos, the application of security best practices are also simplified.  

To make the greatest impact, also consider network monitoring tools with anomaly detection. Instead of just looking at endpoints, perimeters, and firewalls for threats, anomaly detection looks at the entire network to uncover these possible issues. This approach gives security teams constant tracking and the ability to automate the process of identifying unconventional data patterns, for example, ones that may indicate a threat. Taking a proactive approach to your security health means auditing existing resources and infrastructure, identifying systems that do not meet best practices, and ultimately, leveraging solutions to help you catch potential threats. 

COVID-19 has not only changed the work environment today, but it has also impacted the way organizations are thinking about work from home – with more than half (55%) of executives surveyed by PwC claiming they will offer flexible workweeks with remote work options. As companies come to terms with the likelihood of a permanent distributed workforce, the need to secure remote-work environments becomes paramount. To reduce the security risks associated with remote work over the long term, organizations should consider adopting these security steps. 

As a Technical Director of Product Marketing for virtualization, networking, and security at Nutanix, Mike Wronski brings more than 25 years of industry experience to his role. Mike's career has spanned both vendor and practitioner roles via multiple technology startups and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Molly666
50%
50%
Molly666,
User Rank: Apprentice
10/20/2020 | 5:19:54 AM
interesting article
I prefer to believe that some of the steps mentioned by you or listed here https://utopia.fans/security/cybersecurity-issues-with-remote-work-during-coronavirus/ can help to secure your remote work space. But time shows that nowadays it becomes harder to remain safe and anonymous online. Many companies that use strong encryption methods, still pass your data to 3rd parties on request. So you have to think of some other means of protection also.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27605
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
CVE-2020-27606
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2020-27607
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
CVE-2020-27608
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
CVE-2020-27609
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.