Remote working for the long haul and IT crisis planning for the long term
August 2020 by : John Matthews, CIO, ExtraHop
Enterprise IT has radically changed almost overnight. The events of the last few months have pushed organisations into a position many had considered but for which few had prepared: mass remote working or “teleworking.”
As lockdown orders went into effect, many organisations, from enterprises to government agencies, shifted their workforces to remote work in an effort to ensure business continuity and minimise disruption.
Remote working tools, like video conferencing software, instantly became central to business continuity. VPNs, which allow for a secure connection between the home network and the enterprise, have seen a huge resurgence and Remote Desktop Protocol (RDP) use has soared by 41 percent, according to Shodan data.
Months later, offices have started to reopen but it looks like remote working will continue to be a part of daily life. Now IT and security organisations are faced with a new task: How to take the rapid, large-scale digital transformation that has taken place in the last few months, and make it work long-term.
A Question of Access––and Security
First, there’s the matter of access. When employees work remotely, many of them will be accessing corporate resources over insecure connections and personal devices. This means that the proper measures need to be implemented in order to provide access without compromising security.
VPNs and VDI play a key role here, but they need to be used effectively to mitigate performance problems. Enabling visibility across the VPN delivery chain is critical—not only to deal with performance bottlenecks at the gateway, but to document how well IT can deliver that performance and, if needed, demonstrate resource requirements to management. Many organisations are also accelerating adoption of cloud infrastructure and services, which substantially lessen or altogether eliminate the need for employees to connect to the corporate network.
Then there’s the matter of security. When configuring VPN access or migrating workloads to the cloud, there are many security best practices that can and should be used, particularly when managing a large remote workforce.
Watch for abnormal behaviour patterns. Security and IT teams need to be vigilant to spot the locations from which users are remoting in, which remote access apps they are using, and the behaviour of their user accounts. Of particular interest should be Active Directory account behaviour. IT teams should watch for failed logins and repeated lockouts—which could be a sign that an attacker is trying to get in from a compromised user device.
Shore up your weakest link: People. Your remote workers are especially vulnerable now and their personal security habits may leave an organisation exposed to attack. They might use weak passwords as their single factor of authentication for their home devices. Those devices may be irregularly updated, potentially leaving old vulnerabilities present. Adversaries are trying to exploit their fears around COVID-19 too and Google reports that phishing has skyrocketed by 350 percent.
Organisations to recognise that precarious position and build defences around that fact. Primarily, users need to know how to defend themselves and the enterprise. Enterprises must communicate quickly and clearly to employees about the necessity of patching and updating their machines, choosing strong passwords and resetting them regularly, enabling multi-factor authentication where possible and providing ongoing education about the kinds of threats arrayed against remote workers.
This is an opportunity to think about people and processes. Consider escalation paths, for example. Senior IT engineers need to focus on larger issues within the enterprise—such as hunting sophisticated threats or designing more secure remote connectivity—and not spend their time fixing minor problems on the IT help desk. To make the most of your senior staff, you may have to re-organise those escalation paths and equip your frontline personnel to do more on their own.
These kinds of short term measures are critical, but traditional perimeter-based networks weren’t built to be stretched like this and have often not kept up with new threats or new ways of working or technological advancements like the cloud. Enterprises need to see the pandemic as a stress test; an opportunity to reexamine how they carry out remote access. There are a number of longer-term options that enterprises can consider.
Migrate toward the cloud
The current situation should prompt enterprises to migrate further towards the cloud, as a way to simplify access. By pushing more workloads to the cloud and relying more heavily on SaaS, enterprises can more manageably enable remote working and secure access for the long term. But they should do so carefully, and with security in mind.
Visibility into your environment will still be a prime concern. Until relatively recently, cloud providers either did not provide visibility tools, or provided ones which did not integrate easily with enterprise visibility tools. Without the ability to unify visibility across data centre and cloud environments, enterprises risk data leakage and exposing themselves to attackers.
Accept that the perimeter is dead
Previous generations of security thought about the protection and prevention at the perimeter. They assumed that data and employees stayed in the office and one could draw a neat line around a network and set up defensible walls where its borders lay. That is demonstrably not the case anymore but many enterprises still use the infrastructure that that mindset built. It’s with that infrastructure that many enterprises are currently struggling to manage mass remote working.
In an age of mobile workers and even more mobile data, concepts like Zero Trust Network Access have arisen to transcend perimeters. Enterprises need to shift away from prevention and protection and towards detection and response, a model which accepts the porous nature of modern networks.
Reduce security and access friction in the long term
Going forward, employees must be able to remotely access enterprise resources securely and seamlessly. Desktop as a Service and virtualisation are ways to deliver employee workstations into their home. The cloud can also help enterprises ensure business continuity and maintain access to critical applications in the event of a crisis.
Again visibility here is critical. That means enabling rapid visibility across the network which can tackle performance bottlenecks and see oncoming threats. In cases like the current one, it must be able to do so without the benefit of agent-based endpoint visibility, due to the prevalence of employee owned devices.