Organizations everywhere sprinted to establish work-from-home (WFH) access in the last few months as the global pandemic impacted our everyday life. Continued uncertainty means that supporting and securing that remote workforce is now looking more like a marathon.
The changing face of work
In a recent poll of over 2,000 HR leaders, approximately 17% responded that they are currently looking at moving to permanent WFH policies. This follows the lead set by some of the world’s largest employers:
- Twitter has announced that its employees can now work from home “forever.”
- Facebook and Zillow say employees will continue to work remotely until at least 2021; Amazon says until October 2020; and Capital One said that employees will work from home until after the upcoming Labor Day at a minimum.
- Nationwide has closed five offices, putting 4,000 employees on the permanent WFH roster.
- Other household names have also moved towards an extended WFH policy in varying degrees.
WFH security for the long run
The number of large and small businesses adopting permanent remote-work policies is likely to continue to grow. Many companies during the initial crisis simply extended their existing remote access with increased VPN licenses and bandwidth increases. With the idea that working from home is becoming the new normal, the time is now to look at modernizing your remote workforce security.
Modernizing your security strategy
With so many resources now cloud-based—including office and collaboration applications—continuing to use a traditional VPN methodology means that users must access these cloud-based resources through the corporate VPN. This doubles both the bandwidth usage and the impact on routers and firewalls.
Migrating to a direct-to-cloud model lets users access cloud resources directly, improving the end-user experience, increasing efficiency and reducing demand on resources. When the right controls are in place, cloud-based access is just as secure as traditional VPN.
This modern access approach allows users to securely access the Internet, receive updates and be remotely managed by the IT team, no matter where their devices are located. Properly securing this access requires the use of cloud-based systems, including patch management, anti-virus (AV) and endpoint detection and response (EDR) management, inventory control, and secure access service edge (SASE)/proxy controls. Most organizations also need to access legacy internal systems, which can be accomplished with a single sign-on (SSO) gateway solution.
Patching, compliance and inventory
Maintaining a fully remote workforce can make patching and compliance challenging. There are some excellent SaaS patch management systems available that can ensure systems are patched and updated whenever they are connected to the Internet. Some of these systems also include inventory and compliance modules to provide a complete remote workstation solution.
AV and EDR protections
Remote systems must be equipped to protect themselves from attack. Combining strong AV and EDR solutions is necessary. A cloud-based EDR tool that includes strong preventative controls is a must. These solutions stop attacks and give the IT team the necessary tools and data to identify compromises to the first line of defense.
In 2019, Gartner introduced the term SASE (pronounced sassy) to label the evolving solutions emerging in the technology marketplace. SASE solutions can also be known as cloud-based proxy or browser isolation tools. These tools combine network security functions with WAN capabilities to support an organization’s changing needs and allow the organization to control system site access. Sites can be permitted by category, and known malicious site access can be blocked. When considering solutions, it’s important to remember that forcing the proxy connection does add additional security, but more complete security comes with full browser isolation. This protects the endpoint from malicious websites by not allowing any active content to run on the workstation.
Legacy access with SSO
There are multiple ways to provide access to legacy internal applications. One approach is to use an SSO gateway to provide strong verification with multi-factor authentication that also allows access to internal applications. An SSO solution can also ease user access issues by requiring just one log-in and password input session for access to resources. For applications that are not web-based, there are solutions that can provide secure access to IP and port-based applications.
Ready for next-level security for remote access?
With strong controls around the remote workstation and direct access to cloud and internal resources, managing your remote workforce can be both secure and efficient.
Sirius has the technical expertise and technology resources to help you reduce the complexity and increase the security for your remote team. If you’re ready to discuss how your organization can move beyond a traditional firewall-based security strategy to an identity-based perimeter, reach out to your Sirius representative or contact us today.