As the vaccination campaign against COVID-19 continues, companies should consider how a possible massive return of home office workers to their offices could affect the security of the corporate network.
At first glance, it seems like the end of remote work will strengthen the security posture of most companies. Eventually, employees return to the security and convenience of the corporate network.
Hidden in the safe haven “office”
But is it really safer to work inside the perimeter? Unfortunately, it turns out that hackers keep finding ways to bypass the security controls of the perimeter and break into the network. The supply chain attack on SolarWinds showed that threat actors were able to compromise more than 10.000 networks without ever breaking a firewall. Whether supply chain attacks, zero days in devices connected to the Internet or simple brute force attacks - there are many options for cyber criminals to gain access to the network and break into the perimeter.
Risk of infected home office devices
In addition, the return of devices from the home office to corporate offices can pose significant risk as they have been exposed to a variety of threat vectors. Such devices may have been used by family members for unsafe activities or used over unprotected networks. Since many companies do not scan their internal network traffic, some of these devices may well have come into contact with malware. Such malware can wait for the device to connect to a high-quality corporate network and misuse stolen credentials to move laterally in the network and access sensitive infrastructure and data.
Enforcement of zero trust only in the case of cloud apps is insufficient
Many security-conscious companies have already chosen a zero trust approach to protect their cloud applications from unauthorized access. With this approach, every device - including devices that are used for work in the home office - is classified as untrustworthy and must be checked before it is allowed to access sensitive company resources. Too often, however, a zero trust approach is only enforced for cloud applications. As a result, on-site systems, administrative interfaces, infrastructure, IoT devices and endpoints are exposed to access from compromised devices within the network.
Limited acceptance of Zero Trust Security
While organizations recognize the value of a zero trust security model and agree that it is a necessary part of their cybersecurity strategy, it is still not showing widespread adoption. Implementing micro-segmentation with proxies or adding safeguards that software agents require is a very difficult task in today's diverse networks. Many organizations resort to implementing the model for a small subset of corporate applications rather than adopting a full network-wide zero trust security model.
Practical tips for a safe return to the office
Here are some security best practices for companies to consider when employees return to work:
- Monitoring of access from all devices, especially those used for work in the home office and in unsecured environments
- Use of identity-based segmentation guidelines to prevent the unauthorized use of administrative interfaces of sensitive systems
- Enforcement of risk-based authentication for all access requests to both local and cloud resources
- Implementation and enforcement of network-wide identity-based zero trust guidelines
With the right architecture and tools, it is possible to implement zero trust policies in both on-premise and cloud infrastructures. Concentrating on identity as a control level is a good starting point. Since hybrid home office and on-site guidelines are likely to remain in effect for the foreseeable future, the creed of the zero trust approach: "Never trust, always verify" has never been as important as it is today.
More at Sophos.com
About Silverfort Silverfort is the provider of the first Unified Identity Protection Platform that consolidates IAM security controls in corporate networks and cloud environments in order to ward off identity-based attacks. Through the use of innovative agent-free and proxy-free technology, Silverfort integrates seamlessly into all IAM solutions, standardizes their risk analysis and security controls and extends their coverage to assets that previously could not be protected, such as self-developed and legacy applications, IT infrastructure , File systems, command-line tools, machine-to-machine access and more.