The possibilities of digital technologies are making the daily commute to an office building, in which one works for eight hours, increasingly an outdated construct. As has been shown in the course of the pandemic crisis in recent months, there is an extremely high level of productivity, especially in remote work.
Nevertheless, companies are asking themselves whether the concept has a future in their organization. If remote work is to be set up permanently for a large part or even the entire workforce, IT teams must find a solution that balances productivity and scalability with a zero trust security approach. This challenge can be efficiently solved with the use of suitable tools:
1. SSO, MFA and DLP: Secure access to public cloud applications
Companies typically use dozens of different public cloud applications such as Office 365, Salesforce, and Dropbox. While the providers secure their infrastructure, the applications themselves are freely accessible to every user, on every device and from anywhere in the world. While the app providers ensure the security of their infrastructures, the responsibility for securing the data in them lies with the companies using them. With single sign-on (SSO) and multi-factor authentication (MFA), companies can secure access to public cloud applications. Access to applications must also be controlled via context (user group, location, etc.).
Timeout user sessions
In combination with Data Loss Prevention (DLP) guidelines, it is also possible to automatically control which type of data can be downloaded by the accessing user. For example, if the user logs in with a private device with an outdated operating system, the download of sensitive data can be prohibited. The user sessions should also be given a timeout in order to prevent unauthorized access while the respective end devices are unattended. Otherwise, sensitive data should be identified and either blocked, masked or encrypted when uploading.
With remote work there is also an increased risk of individual employees falling victim to phishing attacks. To protect against cyber attacks, companies should install suitable endpoint protection software on their managed devices. For unmanaged devices, uploads should be scanned before being transferred to the cloud application. Finally, all activities, whether from managed or unmanaged devices, should be logged for a better overview. Companies in regulated industries should ensure that the logs and their storage meet the requirements of the specific regulations.
2. Web access via the Secure Web Gateway
Remote workers accessing the Internet from managed devices are exposed to a plethora of threats and data loss risks. While web access with VPN can be secured quickly and easily for a few employees, there are noticeable restrictions and performance losses when large parts of the entire workforce work from home. This is due to the increased load on the VPN firewall, which throttles the performance and thus creates a bottleneck.
The best way to overcome this is to move processes to the edge of the network and use direct-to-cloud connectivity with an elastic Secure Web Gateway (SWG) that can handle different loads. From an identity and MFA perspective, access to the SWG from managed devices must require authentication via the company's SSO. When it comes to access control and DLP, web browsing should be restricted to appropriate content, and policies should scan all uploads for sensitive data to enforce controls and the blocking or logging of all web transactions.
Completely block risky URLs
For effective protection against zero-day threats, risky URLs should be completely blocked, while downloads should be scanned for malware and blocked in real time. A log of all web activities that is kept for a limited period of time can be helpful, among other things, when it comes to investigating the cause.
3. Zero Trust Network Access for network-internal applications
Numerous VPN tunnels can also make access to network-internal applications more difficult. If the employees away from home mainly use their own, unmanaged devices, setting up a VPN connection is also not feasible.
To overcome these restrictions, the use of Zero Trust Network Access (ZTNA) is suitable. After authentication via the company's SSO and MFA, access to company resources must be granted contextually. To protect against zero-day threats, access should also be restricted to devices with up-to-date and reputable endpoint protection software in order to scan file uploads and downloads. In this way, organizations can be protected in real time and zero-day threats stopped.
Reliably map proven processes in an unfamiliar environment
As far as organizational structures, employee hierarchies, work processes or the type of data management are concerned, every company has its own characteristics. The switch to remote work requires companies to reliably map proven processes in an unfamiliar environment. With reliable identity management, access controls, data loss prevention (DLP) and intelligent threat protection, you can easily and efficiently establish a zero trust security approach beyond your own network.
More on this at Bitglass.com[starboxid=4]