Advice, insights and tips on how to have a robust Plan B in place, so you can effectively rollout and implement remote access solutions.
If there’s one thing that is abundantly clear for businesses, it’s the need to be able to quickly adapt in order to let staff be productive from remote working environments. Remote working isn’t a new concept. In fact, it’s been a growing trend for the last decade. So, when considering business continuity, endeavour to make longer term solution investments that will provide future ROI.
Here are a few considerations on how your business might implement a robust remote working set up.
Ultimately, remote working allows staff to carry out their roles away from the office, and allows them to access the key tools that they require to do so. These tools could range from things like devices, data and applications, telephony and communications systems.
There are three key objectives for any remote working solution, these are:
In today’s computing environment, with applications and data typically provided by a mix of on-premise and cloud resources, the concept of remote access has changed. For many cloud-based applications, the key components should already be in place and battle tested by ‘business as usual’ operations. For on-premise applications the situation is usually more nuanced. Typically, an organisation will have some on-premise applications that are already served by a VPN, for regular remote working.
In a business continuity scenario this needs to scale at speed – taking in new use cases, new user communities and new applications. The good news is that there are many virtual appliance VPNs and remote access solutions available. These can be rapidly deployed to reliably scale access and securely to your users.
When working remotely, users expect to carry out their roles as usual, with minimum disruption or inconvenience. Ideally, access to apps, files and systems stay consistent.
A hotspot for this is authentication. Most applications come with a basic two factor authentication (2FA) option as standard. For office-based users, they probably only ever use a standard username and password. For remote access, this is simply not secure enough.
Best practice authentication solution takes into account factors above and beyond ‘do they have the right credentials?’ Modern MFA solutions consider a whole host of variable factors; how you log on, where from, what you are accessing, time, device used and so on. This is much more difficult for hackers to imitate, in order to gain access to your network, and is also less intrusive to the user.
Once the user has been authenticated it’s then possible to quickly sign them on to the other applications with no further action from the user themselves. This Single Sign-On works across cloud, hybrid and VPN access, to on-premise access. Not only does it simplify the user experience, it means less calls to the helpdesk and vastly improved security too.
In the event that a user requires remote access, IT would typically onboard an individual on to the remote access system manually. These processes are rarely scalable during a business disruption.
When large numbers of users are asked to work remotely, IT staff who themselves may not be able to make it into the office, must scramble to support these users, essentially creating a crisis within a crisis.
We advise that you scrutinise the practicalities of a deployment and of a business continuity scale up. Would your situation rely on hardware? Is significant admin involved? Will you receive technical external support? All important questions to consider.
One of the more frustrating and unforeseen limitations of scaling remote access solutions, is that they are typically licence-based or have capped user allowance.
Check to see if your remote access solution has a business continuity plan, reasonable use policy, or add-on which would allow you to temporarily flex user count, to accommodate a spike.
Rollouts and scale ups of remote access solutions are often time critical. If you don’t have the time or inhouse expertise to focus on the rollout, then outsourcing is a great way of achieving rapid deployment.
If you choose to outsource, be sure that they are familiar with, and accredited to work on the chosen technology solution.
If you’re in need of a quick, effective solution to scale up your remote access authentication, network bandwidth or security management, please get in touch. We’d be delighted to discuss how we could be of help.
As security professionals, it’s fair to say we are often risk averse, so what happens when we have no option but to open ourselves up to potential new threats as part of a digital transformation or cloud migration project?
We often find that transformation projects are a brilliant catalyst for cybersecurity infrastructure refreshes and upgrades. So, if you are up to your neck in Cloud Transformation projects or just about to dip your toe in, you’ll find insights and tips in our Guide to Managing Cloud Transformation Risk.
Adoption of cloud computing is at the heart of most organisations – digital transformation strategies. Cloud computing promises increased flexibility, scope for scalability, automatic updates and simplified collaboration.
On the way to achieving these benefits, organisations face an array of new security challenges:
An explosion of cloud-based applications and mobile devices has blurred old boundaries around organisations and network security, resulting in a vanishing perimeter and increased focus on identity based user and device authentication.
To keep up with the pace of change, business users are adopting cloud services; bypassing IT to deploy the applications they need to meet their business objectives, but consequently creating digital islands of data and potential backdoors into the network.
How we access computers and networks hasn’t changed much – passwords are still the dominant user authentication method, and more complex passwords do little to combat identity theft, which has become the number one attack vector.
The 2019 Data Breach Investigations Report confirmed that not much has changed, 80% of hacking-related breaches still involve 80% compromised and weak credentials.
User Experience
78% of security professionals think the biggest threat to endpoint security is negligence among employees.*
User frustration with passwords has reached epic levels. Ensuring your authentication experience is both secure AND user friendly will discourage users from attempting to bypass your security controls. Consider these ways to promote user adoption:
Implement Single Sign-On Technology – Logging into one central hub is more convenient for users which means administrators can apply more stringent controls such as Multi-Factor Authentication or increased password complexity.
Consider Biometrics – It’s incumbent upon mobile manufacturers to establish a verifiable ID, so that application and service providers can extend levels of trust to a device and its associated applications. These devices can also be used for authentication.
Roll out Awareness Training – If end users appreciate why security controls have been introduced and how to identify threats, they are more likely to adopt secure working practices.
Authenticate cloud users, devices and other assets proportionate to associated risks. Endeavour to ensure that security does not negatively impact productivity by only authenticating when it’s necessary.
86% of organisations describe their cloud strategy as multi-cloud.*
An organisation’s cloud ecosystem refers to the hardware, software, cloud providers, consultants, integrators and other third-party partners that work together to form an organisation’s extended cloud infrastructure. As organisations move more workloads and data to the cloud, they grow increasingly dependent on third-party technologies and services to support their businesses. This, of course, increases complexity and widens the risk landscape. But the following actions can help you mitigate ecosystem risks related to your cloud transformation:
Gartner predicts that through 2022 at least 95% of security failures in the cloud will be caused by the customers.*
When it comes to cloud security, cloud service providers and their customers frequently have conflicting ideas on who’s responsible for what. For example, one common misconception among organisations procuring cloud services is that responsibility for securing their data shifts completely to the cloud provider. In fact, it does not. The following governance controls can help your organisation manage security responsibilities with your cloud providers:
Phishing attacks are exploiting the social networking aspects of cloud-based collaboration tools.
Passwords, static identity and access management rules don’t provide sufficient defence against attacks that take advantage of cloud vulnerabilities, and the myriad of employees and third-parties who need access to cloud applications at any time, from any device.
Therefore, secure access to cloud applications requires a high level of assurance that users are who they say they are, and that their access is appropriate given their responsibilities and doesn’t put the business in harm’s way.
While managing access has historically revolved around traditional identity and access management tools, today’s new cloud realities require organisations to go well beyond those basic controls to:
A major European airline faces a record £183.4 million fine after personal details of 500,000 customers were exposed to cybercriminals.*
When it comes to regulatory compliance, organisations need to understand what types of data they have in the cloud and where that data resides. With traditional on-premise systems, auditors can literally see where data is stored. IT can also restrict or segment data based on attributes like geography, group and data type.
In contrast, cloud computing relies on the ability to host data in multiple locations. Multi-cloud environments complicate data privacy and compliance even more because data simultaneously resides in multiple cloud instances. These may have different business purposes and may be bound by different contractual relationships.
Implementing the following compliance controls can help your organisation meet a variety of internal and external regulatory requirements:
There are a number of key challenges and myriad of tools available to support digital transformation projects. Moving to the Cloud is akin to moving home:
1. Take stock of users, applications, location and devices; so you have full visibility of what you are protecting.
2. Understand the impact and value of your data, so you can prioritise and protect accordingly.
3. Put tools in place so you can control of your data, users and policies.
4. Introduce a strong identity-based access policy in place for your users to protect your data and network.
© Copyright BlueFort Security Ltd.