Mobilization - a new approach to IT security in the hybrid world of work. Cyber defense has to be ready to switch between office and home office. An analysis by Daniel Clayton, VP of Global Services at Bitdefender.
In the days of the home office, logging into a system in the evening from an unusual IP address no longer necessarily means an attack - but perhaps the employee in the second home. However, hybrid, decentralized work not only requires a learning process for evaluating conspicuous behavior: IT security as a whole has to reposition itself and address the problems that arise from switching between office and home work.
Companies are currently increasingly accepting hybrid, decentralized work. But the pandemic has revealed that most organizations were technologically unprepared for this changed situation. The consequences of the rapid exodus to the home office show that not only the security teams, but also the entire IT department are faced with immense tasks. Because the change to a hybrid, decentralized way of working changes many of the constants and findings that used to be taken for granted in terms of IT defense. All security processes have to be adapted to the new hybrid world.
Problems caused by decentralized work for IT security
1. Risks on the Road
Employees away from the office tend to work in a less secure environment. They log into trains and cafés via unknown and often unprotected hotspots or use their home network. This can often be easily attacked via privately purchased IoT devices. IT administrators in the company can also monitor, secure and maintain this hardware with difficulty or not at all. Mobile devices are also lost or damaged more often than desktops that are comparatively secure at the desk.
2. The IT admin in the home office
The IT staff themselves are now on the move - and exposed to the same risks. In the home office, they also have problems accessing the physical hardware they are supposed to manage or calling up the important telemetry data, for example on network traffic.
3. New working models - new IT behaviors
For years, IT administrators have learned which IT behaviors are normal and therefore unsuspicious in an office working environment. Machine learning models evaluate deviant behavior and block it. Access from an unknown IP is no longer necessarily an alarm signal for unauthorized access. Many previously self-evident assumptions need to be checked. So it's time to relearn. A flexible working environment makes it more difficult to define unsuspicious behavior.
4. Not built for on the go
Many IT systems were simply not designed for remote access or for decentralized work. This can directly create risks, for example when RDP services are released for the public Internet. Or indirectly, when employees circumvent protective mechanisms in order to simply do their work quickly. The consequence is often that services no longer run in the protective tunnel of a Virtual Private Network (VPN).
5. New hybrid organizational models
However, if the IT systems cannot be used for decentralized, hybrid work, this calls into question the entire stack for IT security technology. This makes serious modifications and new investments necessary. But that's not all: Many problems are caused by basic business processes or IT systems that are simply not compatible with hybrid working models. IT managers test the newly emerging attack surfaces and reaction strategies to ensure that they maintain the level of protection in a hybrid working environment.
New old priorities for IT security in the flexible working world
But what are the key elements of cyber defense to mitigate these new problems? They are old tasks, but in the decentralized work with their "mobilized" devices they are again on the agenda.
Full visibility of the devices used must now be guaranteed. Visibility is also necessary in order to collect information. Shadow IT quickly accumulates, especially in the hybrid world of work. Access to the systems results from the visibility. It is the basis for any defense against danger. This is the only way that IT administrators can secure, configure and continuously patch hardware and implement remotely defensive measures - for example to remotely clean up an infection with malware.
A final priority is simplicity. Getting things done should be as easy as possible for the employee at home. A major source of operational risk is when employees circumvent existing rules to get their work done productively.
Security technologies for the world out there
Several technologies and security services can help organizations better secure hybrid work models.
1. Identity & Access Management
Modern security platforms are based on strong authentication and identity platforms. This includes Single Sign On (SSO), which is based on platforms such as Office365, GSuite or Okta. These platforms, paired with multi-factor authentication and strict monitoring and checking of logins, offer powerful security functions. Adapting existing IAM platforms to the new world of work can, however, require significant investments.
2. Make devices safer
Since devices in hybrid working environments are mainly located outside the safe zone of a protected company network, these devices must also be protected. This includes patching and configuration as well as other protective mechanisms such as BIOS passwords and device encryption.
3. Remote work enablement
A hybrid working model will challenge traditional access methods like VPN. The use of network technologies such as Software Defined Perimeter and Network Function Virtualization can reduce friction losses for remote employees and at the same time increase the security and availability of company systems.
4. Remote Response / Forensics
IT teams need to be able to respond to incidents and analyze them - regardless of where they occur. Teams that previously relied on personal access to devices are therefore adapting their tools and processes to also work remotely.
5. Modern analysis
If devices from the company networks go to the home office, they will be exposed to other attacks. In order to recognize these and to protect devices against them, modern security analyzes are necessary that can detect these attacks.
6. Managed Detection and Response (MDR)
Daniel Clayton, VP of Global Services at Bitdefender (Image: Bitdefender).
There is much to be done and much to be reevaluated. However, numerous companies do not have the resources to quickly adapt to the hybrid world of work. This would require a separate Security Operations Center to investigate the numerous new alarms from your tools and to carry out the proactive analyzes that are now due. MDR services provide a much-needed helping hand. MDR processes are designed from the ground up to deal with remote devices and can easily be converted to hybrid models. For an MDR team, all devices are inherently remote devices.
Conclusion: learn mobile security
When switching to hybrid working environments, IT organizations are faced with a wealth of tasks in order to guarantee security again. At its core, it is about gaining full visibility over IT in decentralized organizations and maintaining control. Numerous technologies can help IT with this: identity and access management, managed detection and response, modern analytics, a zero trust approach or remote response and forensics. In order to cope with these tasks, the time has come for service providers and service providers.
About the author: Daniel Clayton is Vice President of Global Services and Support at Bitdefender. His responsibilities include managing all aspects of customer security environments from the company's Security Operation Center. Clayton has over 30 years of technical operations experience and has led security teams for the National Security Agency and UK Intelligence.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de