With the nature of work evolving (in-office, remote, hybrid, fractionalized, out-sourced, etc.) many companies now know that the need to manage and secure their networks must evolve as well. A recent Gartner study found that 74% of businesses will offer permanent work-at-home arrangements and environments to their employees post-pandemic. This evolution is forcing companies to evaluate their work from home strategies to optimize security without compromising user experience.
As mentioned previously, bad actors are relentless. They also can be both patient and opportunistic.
They’ll be patient if they determine the environment is safe for them to do a little exploring. Once a bad actor gains access to a company’s network, they can sometimes “hang out” for up to four to six months before they decide to do something. They're taking advantage of that time to do reconnaissance. They are mapping out the network, figuring out how many servers and workstations and printers, etc., basically building an asset list. Then they can then start prioritizing and determining high value targets, and when to strike.
They can also be opportunistic. They think of it as an ROI exercise. What is the best way to extract the most value at the least cost? The trend is that it's taking less time for them to go in and execute an attack. As MSPs become more sophisticated threat hunters, the bad actors are executing quickly before they lose access.
Remote work has added tremendous complexity to the job of maintaining network security. The old thinking was to secure the office, the data center, and all internet edge appliances. Essentially secure the castle and all the assets inside. Now, all the assets are dispersed. The internet edge is now outside the castle.
Without the appropriate tools and expertise, many companies have lost their ability to manage those endpoints in a meaningful way, or even deploy software to them to try to solve the problem.
In addition, many companies have to deal with the lack of a firewall. Initially the quick fix was the deployment of VPNs. That proved to be problematic for a number of reasons. In the last year, the approach has been refined to “ditch the VPN” and figure out more secure ways of providing that level of protection to a dispersed work force. Solutions such as Citrix provide significant support in addressing this issue.
There are a number of “new normal” rules that should be followed when planning your organization’s remote connectivity and security plan, however, the simple rule to remember is “The Castle and Moat are Not Sufficient.”
Going forward, organizations must explore solutions that:
Protect both corporate and employee-owned (BYOD) devices
Incorporate SaaS, cloud, and on-premises applications
Single identity for all authenticated services
Same security regardless of where the user is
A user must provide two or more pieces of evidence to verify their identity.
Zero Trust is designed to move the focus of perimeter-based defenses to securing every user and asset. Zero trust continually confirms identity instead of implicitly trusting every user within the network perimeter.
Sign up with your e-mail address to receive news and updates.
8040 Excelsior Drive #402, Madison WI | 608.824.2060 | info@envisionitllc.com
Privacy Policy