Many organizations responded to the Coronavirus (Covid-19) virus by closing offices and allowed employees to work from home 'WFH'. After months of making "remote work" work; organizations and board of directors are now discussing permanent solutions. Work from home is no longer a perk, but business as usual.
Allowing employees to work from home requires a comprehensive secure access strategy that supports both work from home and growing shift towards hybrid IT (on-premise and SasS solutions). A consequence of work from home is that the organization's risk surface has increased; home networks and personal devices are included. Organizations face new and different security & data privacy risks. Enabling a secure remote workforce requires a new approach to your security program.
Zero Trust Approach
Protecting your organization's systems and data is hard; it's hard "on-premise," (the corporate network), where firewalls and physical security protect users. It is exponentially more challenging when the workforce is distributed. Traditional security strategies where we locked everything down for use in the office are not scalable with work from home and moving workloads to the cloud. Organizations need to support various workstyles that includes secure support for work in the office and work from home. Organizations need an approach to cybersecurity that reflects the shift from a centralized security perimeter to a decentralized model that relies on continuous verification of trust across every device, every user, and every application. Organizations cannot let their guard down in a world where security threats are continually evolving.
Never Trust Always Verify
Assume everything (users and devices) is on the insecure internet. When employees access email or collaboration applications; the device, network, and possibly the application is outside your "corporate network" and not managed by IT department. A secure solution is to leverage a users' full context to determine risk: identity, device, application, and sensitivity of data.
Identities checked and verified. A strong Identity and Access Management program will centralize user management. An organization will have a single source of truth to validate all user request access, use secure user authentication methods including MFA (multi-factor authentication) to ensure users accessing systems are whom they say they are, enable single sign-on (SSO), limit and monitor administrator accounts, monitor user behavior and policies enforced using conditional access around who can access specific data and when they can access it.
Ensure devices are known, healthy, and compliant. Organizations need to identify devices before trusting them. Developing an IT asset management program allows organizations to maintain and accurately document list outlining asset and data owner. Also the solution should include ability to monitor, manage, and control these devices.
Restrict access to allow only approved mobile apps and configuration. Discover apps in use in your organization and monitor application sessions. Devices allow employees to securely access applications from any device using modern user authentication, single-sign-on (SSO) to applications. Isolate applications that do not support modern authentication using virtual desktops, VPNs.
Label data based on sensitivity. Apply encryption in transit and at rest. Define rules and conditions to apply labels and encrypt automatically.
Are you confident in your 'WFH' strategy?
Let's schedule a call to discuss your company's work from home strategy.