Securing Remote Workforce
Highlights from Simeio’s September 30th “Ask Me Anything Coffee Talk Series”
This week we bring you another timely and informative Coffee Talk session. Last Wednesday’s topic was “Securing Remote Workforce”. The session hosts were Troy Keur, Simeio Director of Solutions Advisory, and Todd Moseley, CyberArk Global Sales Director – Endpoint Privilege Manager. Here are some session highlights.
How have endpoints changed from a partial work from home, to the present COVID full-time work from home environment?
Quite a bit has changed for endpoints to support a remote environment, from configurations, to applications and identity. We’ve seen a shift to securing home networks and remote users going through a VPN. We’ve also seen an increase in cybersecurity remote endpoint attacks.
Prior to COVID, only 4% of the workforce worked from home full time, and 43% from home only occasionally. In five months, we’ve seen a cataclysmic shift that has accelerated innovation that would normally have taken five years. Approximately 75% of companies now say they’re going to encourage employees to continue working from home.
What has also changed is the undeniable requirement for BYOD, as employees work from anywhere and everywhere. Secure access to corporate systems and data needs to be in place, no matter the device.
Since COVID, have organization’s priorities shifted around a least privileged strategy?
Yes. We’re seeing a shift forward in securing endpoints, enabling least privilege, and accessing via VPN. We’ve also seen consolidation, by replacing or augmenting tools to secure the remote workforce. Least privilege has always been on the priority list, but it has now moved up as a top priority.
Zero trust is a significant and effective approach. Granting rights on the fly, and when they are done using them, removing those rights, eliminates the risk of compromise from identities, particularly those associated with super privileges. However, executing that strategy can potentially impact end-user productivity. When we talk to customers, they often say, “we tried it, and it was too complicated and difficult to sustain”. Or they haven’t done it, because they don’t know the right way to blend security and operations, to make it seamless for their users.
Moving to a least privileged model, by reducing to essential privileges, is a great first step toward a full zero trust environment. Most organizations should have this on their roadmap. The challenge is how well are they being constructed, in an effort to get these systems up quickly? Laying out a strategy and roadmap is an area we spend a lot of time working on with customers.
Are you seeing companies moving to work from home as a long-term strategy?
Yes, I think we are going to see work from home as a long-term strategy. Technology has made it easier and more secure for companies to support employees working from home. There is more hiring with remote job descriptions as the standard. From an incentive perspective, there are cost and other benefits with remote working for both companies and employees.
On the flip side, back to your earlier question about how work from home has impacted endpoints, when workers use the same devices for work and personal use, it’s critical to have proper security measures in place to separate those activities.
Have tools and policies changed with the onset of COVID?
Yes, we’ve seen power-users who would normally be in the office, requiring a shift in policies to support working remotely. We also see more users connecting via VPN. Unfortunately, attackers are becoming more sophisticated in their methods to exploit VPNs. New tools are being added, and there is a great need to have them integrated with applications and adapted to enhance operations, rather than becoming additional problems.
While companies have rushed to support their remote workforce, not everything can be delivered remotely. There are legacy systems that still require on-prem access. This year has brought to the forefront the need for digital modernization. While the perimeter is spreading, many companies still deal with a private corporate perimeter.
For remote workers, a cloud-first agenda is important. Not just from an IT infrastructure perspective, but also from an application and service perspective. Organizations are seeing the benefits of turning on SaaS apps, putting controls and governance in front of them, and quickly going live to a large user-population. To support the remote workforce, we will see more cloud-first, and less on-prem technology.
How does BYOD affect secure remote workforce networks?
BYOD requires caution. An organization with a thousand employees that are now working from home, needs all devices to be secured. There must be a separation between work and personal use. When those devices are accessing corporate systems, there needs to be secure measures in place, like zero trust, and new rules and policies that ensure user identity. Employees must have certain privileges on those devices for corporate access, and the organization needs to ask their employee’s permission for that. There needs to be protections in place, for both users and the corporation, and that requires guidelines and standards.
We’ve just touched upon some of the conversation. If you want to learn more, you can watch this, and other on-demand Coffee Talk sessions at https://www.brighttalk.com/channel/17142.
We hope you can join our next Coffee Talk where you can chat with IAM experts, ask questions and gain insights into how you can lower operational costs, and achieve greater security and privacy using IAM. Click here to sign-up.