In the area of IT security and home office, the burdens are not distributed in favor of the companies: While they have to permanently take all security measures appropriate to the threat situation across their entire IT landscape, attackers can use a small weak point to cause massive damage.
Unsecured end devices in the company or in the home office, cloud and IaaS applications, poorly secured networks or surfing the World Wide Web open up numerous opportunities for hackers to infiltrate companies and steal data. Since the latter can be easily turned into money, cyber criminals are highly motivated to refine their attack techniques and tailor them as closely as possible to their target companies. Closing potential vulnerabilities on all these fronts and keeping them impenetrable is a challenging endeavor for companies.
Remote work or home office and the risks of insider activities
This is intensified by the advancing digitization in the economy. This development brings with it the need to maintain digital business processes under all circumstances in order to avoid loss of income and to ensure competitiveness. Digitization has also long played an important role in terms of work culture: The New Work movement uses digital achievements to give employees self-determination about working hours and location (home office) in the hope of creating an innovative, creative work environment. Above all for the younger generations, being able to freely determine from where and when to work plays a decisive role in their career decisions. With the current pandemic crisis, in which entire workforces had to switch to remote work, this debate has reached a new level of intensity in many companies.
Home office security risk
From the point of view of IT security, however, it turns out that every single employee outside the company location brings with him an increased security risk, which is correspondingly multiplied the more employees work from outside. Security risks from insiders are by no means new for companies, as are their backgrounds: Employees with malicious intentions such as industrial espionage or personal enrichment were taken into account in corporate security concepts, especially in regulated industries, even before digitization. In the digital age, on the other hand, the possibilities of viewing and stealing company data in-house are even more diverse.
Accordingly, there is also an increased risk from authorized users, such as employees in the home office or in the office, as well as external service providers who have access to the IT system. It can be assumed that most data losses are caused less by bad intentions than by carelessness or carelessness. For example, they may dial into insecure WiFi networks while on the move, use their unsecured personal devices, lose login information, or click on suspicious links.
Zero Trust - but not at the expense of the working atmosphere
The danger posed by insiders is therefore less due to their personal motives than, regardless of this, to the damage that can result from their user activities. The “Zero Trust” maxim is recommended as a strategic security approach. This is based on the idea that insiders pose the same risk of damage as external attackers with bad intentions.
On the other hand, however, there is the assumption that the competitiveness of companies is positively influenced, among other things, by a trusting work culture that favors innovation. IaaS, SaaS or web applications, for example, contribute to a pleasant working atmosphere thanks to the flexible access options, as employees can use them according to their needs. Significantly restricting user behavior through rigid guidelines in order to guarantee security, on the other hand, would be counterproductive. If employees constantly fear that their digital behavior could cause damage, they may limit themselves in their productivity. Companies therefore have a vital interest in creating suitable framework conditions that harmonize productivity and security - even in extreme situations such as remote work by the entire workforce.
So the challenge is to efficiently implement the Zero Trust principles. This can be done with location-independent security measures that ensure that only appropriately authorized employees are granted access to company resources at the right time.
SASE: Flexible concept for cloud and network security
Classic network security solutions are increasingly reaching their limits, especially in remote work, due to changing user behavior - due to cloud computing and mobile devices. Public cloud applications, for example, are freely accessible for every user, on every device and from anywhere in the world. While the app providers ensure the security of their infrastructure, it is up to the customers to protect their use against potential data loss. Corporate firewalls, on the other hand, can slow down the flow of data if a large number of users dial into the network via VPN connections. Backhauling traffic to a cloud proxy SWG can result in a latency-prone network hop and also violate user privacy as all user content is checked at the proxy, including personal login information.
In addition, the IT requirements of every company should be very specific and the implementation of security measures should always be adapted to the individual circumstances. Secure Access Service Edge (SASE) platforms offer a high degree of flexibility in this regard. In contrast to physical appliances, which focus on the network perimeter, these are provided from the cloud and provide a uniform level of security across all users, apps, web targets and on-premises structures. Services are available to companies that are essentially based on the following technologies:
CASBs - Cloud Access Security Broker
Cloud Access Security Brokers (CASBs) regulate the type of sharing and how and when users can access cloud applications and IaaS platforms. They provide visibility and control for data at rest, as well as inline / real-time protection for data as it is accessed and transferred to the cloud. CASB technology enables SASE platforms to encrypt cloud data, prevent losses from DLP functions such as processing and quarantine, and ward off malware during upload, download and sleep in the cloud.
On-Device Secure Web Gateways
With the device-internal Secure Web Gateways (SWG), all cloud traffic at the endpoint is decrypted and checked. Only security incidents are uploaded to the cloud, which protects users' privacy. Since there is no transition (network hop) to a physical appliance or a cloud proxy, latency is reduced. Suspicious URLs and unmanaged applications are blocked before they can be accessed, and employee access to content is controlled by variables such as category, trustworthiness of the target, user group, device type, and location.
Zero Trust Network Access
Zero Trust Network Access (ZTNA) is a technology that automatically carries out suitable access controls to protect sensitive data in on-premises resources. Leading SASE platforms offer agentless ZTNA for browser applications as well as standard agent-based ZTNA for securing thick client applications such as SSH and remote desktops. As soon as the users are authenticated via SSO and their data traffic is proxied, secure access to sensitive applications and files is enabled. Protective mechanisms such as DLP and ATP are enforced in real time. Users who are not authenticated or trusted will simply be denied access.
The challenges for IT security and the risks posed by insider threats are taking on a new dimension through increased remote work and home office. Changes in company processes and in the type of collaboration result in a more dynamic threat situation, which entails rethinking the design of IT environments. SASE technologies represent a first promising approach to enable a modern work culture digitally with the necessary security.
More on this at Bitglass.com[starboxid=4]