It’s been nearly a year now since the pandemic has sent millions worldwide to work from home and has compelled organizations to establish operations outside the traditional security border. As such, there is now great pressure to protect these remote workers, their devices, and their network against ever-increasing rates of cyberattacks.
To make the job even more challenging – the scope and complexity of security systems are wide and deep, not to mention their high price tag. Running these systems requires the intervention of experts with hard-to-find skillsets, and who are now broadly dispersed across multiple geographies and time zones.
It is clear that a new strategy is required for ensuring robust security in a mostly remote world.
Remote Requires an Integrated Approach
Cybersecurity strategy has traditionally been designed for a primarily static network environment. But in a world that is now distributed and remote, where organizations are fundamentally perimeter-less, these strategies are no longer applicable.
It’s not just the pandemic-induced work from home (WFH) paradigm that has taken hold of businesses of every shape and size. Additional dynamics that have impacted and changed the face of security include the following two strategic trends.
The Continued Proliferation of Cloud-Computing
Cloudification brings many well-known benefits, including flexibility, elasticity, always-on operations, agility, and cost-efficiency.
Though securing a multi-cloud environment brings multiple challenges. Among them are complex integrations, management, and cost planning, as well as difficulty in finding professionals with the requisite cross-platform skills.
The Rise of Edge Computing
Edge computing, as we know, is a fusion of cloud and local computing where the data is stored in the cloud, but the local internet is what connects the devices that process data.
As such, edge computing addresses the need for localized computing power, delivering tremendous value. The benefits are so great that Gartner even predicts that by 2025 75% of all enterprise data creation and storage will be executed on the edge.
What this means for security is that by systematically extending the data creation and storage footprint, edge computing profoundly increases the surface area for attack.
No More Silos
Accordingly, with the rise of remote work, the continued proliferation of cloud, and the rise of edge computing, a silo-driven security strategy is no longer viable.
Today, more than ever, it is essential to take an integrated approach to security that delivers end-to-end, holistic visibility and control.
Remote Requires Consolidation
An organization’s security toolbox will often include anywhere from 6 to 20 different security-focused systems. Being able to deploy, maintain, and operate so many different systems requires a great budget, a lot of time, and hard-to-find in-house skill sets.
With “tool sprawl”, serving as a key obstacle to ineffective cyber protection, some organizations have opted for tool consolidation, which also enables them to compensate for a lack of cross-vendor integration.
Another important component of the consolidation strategy is being able to manage the security operation through a single pane of glass.
Through consolidation and access to a central command that integrates every security event, users don’t have to go back and forth between tools. As a result, time management is optimized, and overall efficiencies and effectiveness can be taken to whole new levels.
Remote Requires a Remote-First Strategy
While the number of people working from home may have peaked back in April or May of 2020, there is no doubt that remote work – at least in part – is here to stay. In fact, 70% of the workforce is expected to be working from home at least five days a month by 2025.
With the remote workforce being more vulnerable to cyberattacks, it’s no surprise that 85% of respondents to a recent Cisco survey said that cybersecurity is more important today than before the pandemic and that a big concern is how data can be accessed and how to best secure it.
Accordingly, when taking a remote-first approach, the organization can be better prepared to detect and prevent an attack before it does any damage.
Best Practices for Protection in a Mostly Remote World
To help you boost the protection of the remote workforce, their devices, and your data, we have put together the following best practices.
- Make sure that operating systems, endpoint protection software, and remote work servers and software are up-to-date and hardened (including SSL and TLS versions and certificates)
- Examine the preventive aspects, auditing, and logging of all systems
- Make sure that any system that is accessed remotely has multi-factor authentication
- Install cloud-based EPP systems on all remote end stations (with real-time updates and monitoring)
- When working remotely and using various protocols (including VPN and 0TRAST), logins should be based on known and pre-assigned IP addresses (i.e. whitelisting)
If there are any deviations
- All traffic should be transferred through the VPN tunnel while completely blocking access to the Internet during connection, so as to maintain the principle of minimum work required during such connections
- Separate work and personal environments while remote access is allowed and supported
- All the newest IOCs should be integrated into prevention and detection systems
- Email protection systems settings should be hardened
- Computers and systems that are dedicated to work should not be allowed for personal use while working remotely.
- Do not allow the use of remote work software that is not managed, updated, and hardened (only predefined software that is approved by SEC teams).
- Do not allow personal work on systems that are connected to the remote workspace
- Separate employees’ personal computers from enterprise computers (physically or by virtual machines and RDSs).
- Do not enable connecting to work systems via personal or public WiFi networks if possible. It is best to connect with a network cable and static address only.
- Prohibit the transfer and sharing of credentials and permissions among employees.
- Keep all organizational information in authorized locations (including physical paperwork and data).
- Check with both internal and third-party vendors that monitoring and support are operational and available to service end-users with inquiries.
- Provide employees and systems with the minimum amount of access that will not impact productivity.
- Document all exceptions and make sure that they have an expiration date.
To learn more about how CYREBRO can help your organization improve its security posture with clarity, simplicity, intelligence, and cost-efficiency, visit our website.