Before the realities of COVID-19, only 3 percent of the workforce was working remotely more than half-time. As the pandemic continues to spread, agencies are implementing remote work to abide by stay-at-home orders – but this isn’t an easy transition for organizations that rely on in-office workers. This rapid change has brought attention to the security risks associated with remote work, especially for organizations that are moving to remote access so quickly.
In a recent webinar, Jake Liefer, Manager, Consulting Services, and Brice Daniels, Senior Manager, Consulting Services, both with FireEye, explored the risks that organizations are facing with remote access and the different access options available to help with the decision-making process.
“Oftentimes you may have some entities or some teams that are remote but given the breadth and depth that we are dealing with at this time, we are seeing a significant amount of challenges around VPN enrollment,” said Liefer. “Migrating users that aren’t even provisioned laptop systems they can take home – the challenge becomes how are these employees connected to their environment?”
For many agencies and organizations, remote work is here to stay, making these security decisions even more important. Recently, in an interview with NextGov, Defense Secretary Mark Esper said: “Pentagon officials who are able to telework can expect to do so for ‘as long as necessary’ and until the U.S. is ‘beyond the coronavirus crisis.’”
As organizations navigate this new territory, they can consider a variety of access options. Liefer and Daniels offered explanations, risks, and benefits analysis for twelve common architecture approaches.
“These enable the rapid amount of change that is currently happening at organizations with remote access – especially business functions that have trouble being remote.”
Here are three access architectures agencies can consider:
Direct access allows network protocol tools to connect to the internet. While simple, this is the least secure and highest risk method of remote access enablement. Many organizations prohibit direct access with firewall configurations, but there are still risks of shadow IT with public cloud platforms, third party service access, and phishing. Direct access requires constant monitoring of unmanaged devices.
Enterprise organizations have allowed remote access to a handful of technologies, reducing some risk. This architecture improves remote access management with VPN solutions that are either full tunnel or split tunnel solutions. Risks associated with this use include unauthenticated attacks and compromised credentials and systems. “Guarding this VPN capability and functionality is of utmost importance,” explained Liefer.“Over the past few years the implementation of multifactor authentication has served to provide more protection.”
The Zero Trust model uses an identity provider to access applications and grant authorizations. Many organizations are moving towards this model but are facing challenges with legacy systems and network exemptions that are leaving data vulnerable. This architecture is faced with endpoint visibility and authentication and authorization issues which can put a burden on IT teams.
As organizations continue to embrace the remote work environment, it’s important that the security measures and tactics they employ evolve. Daniels urges organizations to think about the threats they are already facing and determine how risk can be better mitigated. This may be authentication, endpoint and physical controls, user controls, networks controls, or a combination.
“Do you have visibility into the remote device? What device are employees actually making use of?” questioned Daniels. When you don’t know exactly what employees are doing, or what networks they are connecting to, it’s important to implement security protocols that can combat a variety of threats.
Learn what other architectures organizations can use to secure remote workforces here.