Advice, insights and tips on how to have a robust Plan B in place, so you can effectively rollout and implement remote access solutions.
The big picture
If there’s one thing that is abundantly clear for businesses, it’s the need to be able to quickly adapt in order to let staff be productive from remote working environments. Remote working isn’t a new concept. In fact, it’s been a growing trend for the last decade. So, when considering business continuity, endeavour to make longer term solution investments that will provide future ROI.
Here are a few considerations on how your business might implement a robust remote working set up.
Have a plan, and make sure that everyone knows what to expect. Clear communications with staff, letting them know what they should and shouldn’t expect are key.
Prioritise. Make sure that business critical apps are available to the most important users with the minimum delay. Ancillary applications can be restored later.
What about legacy applications? Do you need to deploy a remote desktop solution for them?
Is your remote access solution resilient enough to deal with a spike in users?
Is it easy to onboard new users? Could it be simpler and have less manual steps? How will you let them know what to do?
Is it secure enough? Are the protections for users, data and applications still robust?
Could you scale up or down to meet demand, or will you need additional bandwidth or licenses to do so?
Do users require other equipment such as: monitors, printers or other peripheral devices at home?
Focusing on secure, convenient and reliable remote working
Ultimately, remote working allows staff to carry out their roles away from the office, and allows them to access the key tools that they require to do so. These tools could range from things like devices, data and applications, telephony and communications systems.
There are three key objectives for any remote working solution, these are:
Secure access
Convenient access
Reliable access
In today’s computing environment, with applications and data typically provided by a mix of on-premise and cloud resources, the concept of remote access has changed. For many cloud-based applications, the key components should already be in place and battle tested by ‘business as usual’ operations. For on-premise applications the situation is usually more nuanced. Typically, an organisation will have some on-premise applications that are already served by a VPN, for regular remote working.
In a business continuity scenario this needs to scale at speed – taking in new use cases, new user communities and new applications. The good news is that there are many virtual appliance VPNs and remote access solutions available. These can be rapidly deployed to reliably scale access and securely to your users.
Seamless user experience
When working remotely, users expect to carry out their roles as usual, with minimum disruption or inconvenience. Ideally, access to apps, files and systems stay consistent.
A hotspot for this is authentication. Most applications come with a basic two factor authentication (2FA) option as standard. For office-based users, they probably only ever use a standard username and password. For remote access, this is simply not secure enough.
Best practice authentication solution takes into account factors above and beyond ‘do they have the right credentials?’ Modern MFA solutions consider a whole host of variable factors; how you log on, where from, what you are accessing, time, device used and so on. This is much more difficult for hackers to imitate, in order to gain access to your network, and is also less intrusive to the user.
Once the user has been authenticated it’s then possible to quickly sign them on to the other applications with no further action from the user themselves. This Single Sign-On works across cloud, hybrid and VPN access, to on-premise access. Not only does it simplify the user experience, it means less calls to the helpdesk and vastly improved security too.
IT friendly deployment
In the event that a user requires remote access, IT would typically onboard an individual on to the remote access system manually. These processes are rarely scalable during a business disruption.
When large numbers of users are asked to work remotely, IT staff who themselves may not be able to make it into the office, must scramble to support these users, essentially creating a crisis within a crisis.
We advise that you scrutinise the practicalities of a deployment and of a business continuity scale up. Would your situation rely on hardware? Is significant admin involved? Will you receive technical external support? All important questions to consider.
Avoid unnecessary costs
One of the more frustrating and unforeseen limitations of scaling remote access solutions, is that they are typically licence-based or have capped user allowance.
Check to see if your remote access solution has a business continuity plan, reasonable use policy, or add-on which would allow you to temporarily flex user count, to accommodate a spike.
Accelerate deployment
Rollouts and scale ups of remote access solutions are often time critical. If you don’t have the time or inhouse expertise to focus on the rollout, then outsourcing is a great way of achieving rapid deployment.
If you choose to outsource, be sure that they are familiar with, and accredited to work on the chosen technology solution.
If you’re in need of a quick, effective solution to scale up your remote access authentication, network bandwidth or security management, please get in touch. We’d be delighted to discuss how we could be of help.
As security professionals, it’s fair to say we are often risk averse, so what happens when we have no option but to open ourselves up to potential new threats as part of a digital transformation or cloud migration project?
We often find that transformation projects are a brilliant catalyst for cybersecurity infrastructure refreshes and upgrades. So, if you are up to your neck in Cloud Transformation projects or just about to dip your toe in, you’ll find insights and tips in our Guide to Managing Cloud Transformation Risk.
The heart of digital transformation
Adoption of cloud computing is at the heart of most organisations – digital transformation strategies. Cloud computing promises increased flexibility, scope for scalability, automatic updates and simplified collaboration.
On the way to achieving these benefits, organisations face an array of new security challenges:
Obscured visibility into users, data and applications.
An endless stream of technology changes that security teams must stay on top of.
Increasingly diverse ecosystem of employees and third parties using these services.
A Changing Security Landscape
An explosion of cloud-based applications and mobile devices has blurred old boundaries around organisations and network security, resulting in a vanishing perimeter and increased focus on identity based user and device authentication.
To keep up with the pace of change, business users are adopting cloud services; bypassing IT to deploy the applications they need to meet their business objectives, but consequently creating digital islands of data and potential backdoors into the network.
How we access computers and networks hasn’t changed much – passwords are still the dominant user authentication method, and more complex passwords do little to combat identity theft, which has become the number one attack vector.
The 2019 Data Breach Investigations Report confirmed that not much has changed, 80% of hacking-related breaches still involve 80% compromised and weak credentials.
User Experience
78% of security professionals think the biggest threat to endpoint security is negligence among employees.*
User frustration with passwords has reached epic levels. Ensuring your authentication experience is both secure AND user friendly will discourage users from attempting to bypass your security controls. Consider these ways to promote user adoption:
Implement Single Sign-On Technology – Logging into one central hub is more convenient for users which means administrators can apply more stringent controls such as Multi-Factor Authentication or increased password complexity.
Consider Biometrics – It’s incumbent upon mobile manufacturers to establish a verifiable ID, so that application and service providers can extend levels of trust to a device and its associated applications. These devices can also be used for authentication.
Roll out Awareness Training – If end users appreciate why security controls have been introduced and how to identify threats, they are more likely to adopt secure working practices.
Authenticate cloud users, devices and other assets proportionate to associated risks. Endeavour to ensure that security does not negatively impact productivity by only authenticating when it’s necessary.
Ecosystem
86% of organisations describe their cloud strategy as multi-cloud.*
An organisation’s cloud ecosystem refers to the hardware, software, cloud providers, consultants, integrators and other third-party partners that work together to form an organisation’s extended cloud infrastructure. As organisations move more workloads and data to the cloud, they grow increasingly dependent on third-party technologies and services to support their businesses. This, of course, increases complexity and widens the risk landscape. But the following actions can help you mitigate ecosystem risks related to your cloud transformation:
Maintain a record of all the applications and services supplied by cloud providers.
Classify and prioritise the criticality of both the data ‘handled’ and the services provided by each cloud partner.
Understand third, fourth and nth-party cloud relationships and their importance to your business.
Define the resiliency requirements and assess the corresponding capabilities of cloud providers that support the delivery of critical services.
Identify security vulnerabilities in cloud-based software and services and collect cyber threat intelligence on cloud-based attacks.
Assess the potential business impact of service interruptions or outages for each cloud provider.
Shared Responsibility
Gartner predicts that through 2022 at least 95% of security failures in the cloud will be caused by the customers.*
When it comes to cloud security, cloud service providers and their customers frequently have conflicting ideas on who’s responsible for what. For example, one common misconception among organisations procuring cloud services is that responsibility for securing their data shifts completely to the cloud provider. In fact, it does not. The following governance controls can help your organisation manage security responsibilities with your cloud providers:
Define a comprehensive set of cybersecurity-related policies and procedures for third-party cloud service providers to follow.
Establish a process for capturing and managing cloud provider relationships, their importance to the business and potential risks.
Evaluate your cloud provider’s controls for data retention and disposition ensuring that they align with your organisation’s policies
Assess your cloud provider’s capabilities for monitoring and securing their physical and digital environments.
Clarify who is ultimately responsible for different security issues, including declared security incidents.
Identity
Phishing attacks are exploiting the social networking aspects of cloud-based collaboration tools.
Passwords, static identity and access management rules don’t provide sufficient defence against attacks that take advantage of cloud vulnerabilities, and the myriad of employees and third-parties who need access to cloud applications at any time, from any device.
Therefore, secure access to cloud applications requires a high level of assurance that users are who they say they are, and that their access is appropriate given their responsibilities and doesn’t put the business in harm’s way.
While managing access has historically revolved around traditional identity and access management tools, today’s new cloud realities require organisations to go well beyond those basic controls to:
Govern joiner/mover/leaver access rights for employees and third parties, and manage credentials and entitlements for authorised devices and processes.
Apply the principles of least privilege and segregation of duties when granting cloud access permissions and authorisations.
Correlate data across multi-cloud environments, to understand the potential risks associated with authenticating users and assigning rights.
Continuously monitor user behaviour and activity related to connections, devices and software.
Compliance
A major European airline faces a record £183.4 million fine after personal details of 500,000 customers were exposed to cybercriminals.*
When it comes to regulatory compliance, organisations need to understand what types of data they have in the cloud and where that data resides. With traditional on-premise systems, auditors can literally see where data is stored. IT can also restrict or segment data based on attributes like geography, group and data type.
In contrast, cloud computing relies on the ability to host data in multiple locations. Multi-cloud environments complicate data privacy and compliance even more because data simultaneously resides in multiple cloud instances. These may have different business purposes and may be bound by different contractual relationships.
Implementing the following compliance controls can help your organisation meet a variety of internal and external regulatory requirements:
Classify sensitive data, identify where in the cloud it is stored, and assess the potential compliance implications of data location, collection and use.
Continuously monitor and assess cloud data usage, to ensure adherence to regulatory and corporate privacy standards.
Regularly inform employees and customers about cloud data collection practices, and the specific data being collected.
Evaluate cloud provider’s controls related to audit/log records, and how they are documented, implemented and reviewed in accordance with applicable regulations.
Train employees and third parties on information security and data privacy regulations; make sure they understand their responsibilities for keeping data safe, including codes of conduct for handling data
Conclusion
There are a number of key challenges and myriad of tools available to support digital transformation projects. Moving to the Cloud is akin to moving home:
Why take clutter with you?
Make sure you are moving to a safe area
Make sure you know who has the keys to the door
1. Take stock of users, applications, location and devices; so you have full visibility of what you are protecting.
2. Understand the impact and value of your data, so you can prioritise and protect accordingly.
3. Put tools in place so you can control of your data, users and policies.
4. Introduce a strong identity-based access policy in place for your users to protect your data and network.
The cybersecurity sector faces an effectiveness challenge. Despite the constant emergence of new technologies, notable breaches still persist. To thwart these attacks, the industry must embrace a fresh strategy centered around security operations. This is precisely where BlueFort comes into play.
Addressing the complexity of cybersecurity, External Attack Surface Management (EASM) provides critical visibility, active testing and ongoing security controls.
In the data-driven business landscape, success hinges on effective data management. BlueFort’s Optimised SIEM transforms data usage, ensuring control and visibility for robust cybersecurity.
In the era of digital transformation, traditional security models fall short. Zero trust, with IAM, ensures continuous verification, enhancing cybersecurity against evolving threats.
Trust BlueFort Evolve for all your cybersecurity needs – the premier program in the UK, providing comprehensive subscription program and on-demand expertise.
BlueFort’s consulting capabilities empower cyber leaders to navigate pivotal moments securely and effectively, delivering strategy and technology solutions that make the difference when it matters most.
Flexible on-demand technical support services from vendor certified engineers, whenever you need it.
Menu
Company
BlueFort are your trusted cybersecurity solutions partner. With a long pedigree in simplifying cybersecurity challenges, delivering continuous improvement and providing access to the best cyber expertise-on-demand, we’re here to help.
Protect your business with BlueFort, the UK’s leading cybersecurity solutions partner, offering comprehensive protection against evolving cyber threats.
Using best practice frameworks to deliver Continuous threat exposure management programs to our clients, we ensure simple, ongoing, incremental improvements to your cybersecurity posture.
Trust BlueFort’s team of cybersecurity experts to deliver unparalleled customer support, ensuring your peace of mind in an ever-evolving digital landscape.
Your one-stop destination for cutting-edge insights and tools in the realm of cybersecurity. Our hub is meticulously curated to provide you with a comprehensive range of resources, from informative articles and expert whitepapers to insightful webinars and practical guides.
Securing access to sensitive data, assets, and resources with multi-factor authentication (MFA) is a core cybersecurity component. Because MFA has proven to be so effective,