- April 19, 2021
- Catagory Security
Securing remote workers is a never-ending job, regardless of how many there are at your organization, because there’s always new threats and new attack surfaces to protect.
After a while, it becomes clear to any cybersecurity expert that there are both do’s and don’ts when it comes to securing remote workers. These lessons are based on hard-won experience—in some cases because they’ve experienced a serious breach. However, there’s no reason that every organization needs to learn the hard way, so here’s some of the top mistakes your organization and your employees should avoid when securing remote workers, followed by do that are proven to work.
What not to do when securing remote workers
There’s many things employees shouldn’t do with their office computer and it’s important that you have policies in place to keep them from doing them.
- Don’t tolerate workarounds: Good security should never get in the way of employee productivity or impede business success, but it’s not uncommon for cybersecurity practices to constrain workers so that prompt them to find a way around a security policy. These workarounds might include employees using personal computers to access corporate networks and data without proper vetting of IT or exchanging documents using their personal email addresses saving passwords in the browsers. Employees need to understand the rules are there for reason.
- Do not ignoring warning signs: With more workers at home, it’s even harder to keep an eye on your fleet of workstations, so you need to make sure employees aren’t ignoring any hints their computer at home is under attack. Unexpected browser pop-ops or a sudden change in user settings are signs that unauthorized changes have been made and that the employee’s workstation has compromised. Ignoring these signs could lead to a much bigger problem that could impact the network security of the entire organization.
- Don’t let family use the company computer: With a corporate workstation at home during the pandemic, family members of remote workers may be tempted to use it for non-work-related activities that can lead to clicking on a link that infects the devices and compromises company data and applications.
- Don’t delay software updates and patches: When employees are in the middle of getting work done, they may be inclined to postpone much needed software updates and scheduled security scans when prompted. But the best way to keep workstations secure, no matter where they’re located, is by making sure they have the latest software updates, virus definitions, and other patches. Even in the era where many use Software-as-a-Service (SaaS) applications, operating system and application updates are still critical for robust security.
A few do’s that can go a long way
Some of the above don’ts suggest some do’s that should be happening instead, but here are few other key other do’s that go a long way to securing remote workers.
- Empower and train your workers: If employees understand why security measures are put in place and are given ways of getting things done quickly and efficiently without workarounds, they’re a great asset for protecting the organization. When you have the right people with the right training, it’s hard for a threat actor to gain a foothold within you network.
- Make the move to the cloud: If you haven’t already, migrate your data and applications to the cloud as much as possible. The fewer applications and data that reside on the workstation, the better. While SaaS security has its own set of challenges, a centralized cloud approach is easier to manage, especially in a pandemic, and easier anytime for SMBs with limited IT resources.
- Take a zero-trust approach: The cloud can be an effective security enabler for taking a Zero Trust Network Access (ZTNA) stance. It’s a mindset that’s becoming increasingly preferred because it assumes anything in a network can be a threat and separates remote workers from the network. User access is determined by third-party cloud provider to manage verifications and access to applications. If users don’t have the credentials, then they can’t access data and applications they’re not supposed, even they are legitimately employees of the company.
- Get second a opinion: When it comes to evaluating your security posture, it never hurts get an outside to take a look at what you’re doing and making sure it’s aligned with your goals. And if you’re new to securing remote workers, a Managed Security Services Provider can fill in the gaps, whether it’s just a risk assessment with recommendations or helping with ongoing management of your network security.
The security landscape dynamic even when you don’t have many employees working from home. Having clear policies and procedures in place is an important foundation for securing remote workers, but partnering with a managed services provider that can help you leverage the cloud, implement best practices and policies, and spot common pitfalls improve your overall security posture no matter how many remote workers you have.
- March 16, 2021
- Catagory endpoints
In the era of remote work, having a robust endpoint protection platform (EPP) in place is even more critical for maintaining network security. If you’re struggling to scale up to effectively secure each and every endpoint, you need to consider a cloud-based solution.
Even after many employees return to the office post-pandemic, a cloud-based EPP will continue to be essential for safeguarding organizations that have a great deal of remote workers because it makes it easier and more cost-effective to protect any workstation regardless of location, whether it’s desktop or laptop computer, or a smartphone or a tablet.
Prevention is just the beginning
An EPP is more than just anti-virus—it combines next-generation antivirus with more advanced security tools that leverage detection technologies such as signature matching, behavioral analytics, anomaly detection, and machine learning.
While different EPP offerings vary in features and functionality, there are a few things that should be included in any solution you may be considering. For starters, it should be able to prevent bad things from affecting your systems, such as malware and ransomware attacks, by applying behavioral analysis and machine learning to ward against file-based and fileless malware. It should also provide a great deal of endpoint control, including the ability to configure firewalls, ports, and devices.
But while prevention is table stakes in an EPP, you should be looking for more proactive capabilities if you’re to keep pace with the threats to your cybersecurity
Be more responsive
You shouldn’t just settle for comprehensive detection capabilities in an EPP. Because there are so many threat vectors to manage, you want to be able to respond automatically and effectively whenever possible.
To this end, EPP solutions are adding detection and response (EDR) capabilities so that you can detect, investigate, and remediate through automation capabilities, while also having the ability to customize the platform for your environment. Today’s EPP and EDR platforms recognize that the sheer volume of security alerts are far more than cybersecurity analysts can address without being able to automate some tasks.
Ideally, you want to streamline the number of tools implemented by your cybersecurity team—one per category is enough, although it’s fine if you want to take a best-of-breed approach rather than a single solution. However, having multiple firewall products to manage creates more problems than it solves. Open source solutions may also make sense because you can leverage the community support optimize them for more effective security. You should also keep the door open for integration with third-party solutions that add specific capabilities you need to secure your environment.
Ideally, an EPP implementation should not only improve security but also productivity of your IT staff, which is why it’s important to avoid complexity.
Simplify security with a partner
An EPP doesn’t have to be yet another costly cybersecurity implementation that must be maintained and managed. Cloud-based solutions facilitated by a managed service provider along with their team can help with detection and incident response, and even proactive activities such as hunting and penetration testing.
For smaller organizations, tapping into the expertise of a managed security services and availing itself the capabilities of a modern, cloud-based EPP can go a long way to keeping up with endpoint security requirements and mitigating the threats that come with a remote workforce.
- February 25, 2021
- Catagory Security
The ability to work anywhere was already driving cloud security trends before the pandemic hit, but remote work played a heightened role in 2020 and will continue to do so as employers maintain a hybrid approach to staffing—many will continue to work from home even once others return to the office.
That means many of the cloud security trends we’ve seen over the last year will continue for the foreseeable future, and the cloud will be part of the solution in securing proliferating endpoints.
Remote work has led to more attacks and shoring up of cloud security as endpoints proliferate. Mix in adoption of 5G networks and SD WAN, and you’ve got a recipe for even more attack surfaces that look tempting to hackers. Cybersecurity teams need see every endpoint connected to the network and how they impact cloud security as users connect to public services as well as those still run on-premises and some delivered by managed service providers.
Cloud security misconfigurations
As remote work remains a reality for many employees, it unfortunately means misconfigurations of cloud security will continue to pose a risk to the organization. Easily providing access to applications and data to many users and endpoints requires a robust security strategy that enables IT teams to see all the data traffic traversing its corporate network and across various cloud services. It’s critical that they understand who is responsible for securing what, as it can differ depending on the cloud service provider while improving identity and access management adding better cloud security controls. This should include the use of multifactor authentication to protect user credentials and help to avoid common threats such as phishing attacks.
Continued reliance on VPNs
Virtual Private Networks (VPNs) have always been an essential tool for enabling remote work, and they will continue to be necessary to enable employees to access the corporate network securely. Provisioning, maintaining, and securing them through robust encryption will continue to be a high priority task for cybersecurity teams as relying on consumer grade VPNs downloaded by home users for personal devices present too much risk to the organization.
Security awareness training
End user behaviour has always had an impact on cloud security, but as remote work continues, organizations must make sure they put time and resources into cybersecurity awareness training from the C-level on down. Every employee, including remote workers, must understand how data breaches and other security incidents, whether caused by threat actors or honest mistakes, can disrupt business operations and the resulting consequences.
The answer is in the cloud
As much as remote work poses a threat to cloud security, the cloud is likely to provide the solution. The traditional network perimeter has arguably been long gone for years with the rise of the cloud, distributed and global workforces, and the Bring-Your-Own-Device (BYOD) trend that is now par for the course.
Just as many applications and data now reside in the cloud, organizations need to transition to more security being delivered via the cloud, and that includes the securing of endpoints. Cloud-delivered endpoint protection platform (EPP) will become essential for safeguarding organizations that have a great deal of remote workers, even after many employees return to the office.
EPP will make it easier for you to protect any workstation regardless of location, whether it’s desktop or laptop computer, or a smartphone or a tablet. And while this may look like yet another time-consuming and costly cybersecurity implementation that must be undertaken, it’s something an experienced managed service provider can help you to cost-effectively deploy and manage to maintain both security and availability of applications and data as remote work continues.
- February 11, 2021
- Catagory training
A significant trend running parallel to cloud adoption has been the increasing use of open source software, and whether your applications and data on are on-premise or residing with one of the many cloud service providers, understanding open source technologies is essential.
A fall 2020 survey of 3,440 professional developers and managers conducted by O’Reilly Media and sponsored by IBM found that open source is maintaining and even increasing its influence. It’s become somewhat ubiquitous, with survey respondents expressing strong support for it in general and for specific skills in several open source technologies. For example, a whopping 94 percent view open source as being equal or better than proprietary software.
This preference extends to their cloud providers, with 70 per cent of respondents saying they prefer one based on open source technologies. Overall, those surveyed associate open source with more job opportunities, more professional opportunities, and higher wages. Linux in particular was highlighted in the survey as being an important technology, with 95 per cent of developers citing it as important to their career, as well as containers and databases. Linux is also highlighted as a critical technology for unifying hybrid cloud environments.
Given that containers and databases are critical enabling technologies in cloud environments, it’s not surprising that open source flavours are popular, especially as they can be spooled up quickly and easily.
Open source powers the cloud
Being able to rapidly and easily spin up computing, network and storage resources is enabling cloud adoption, so it makes sense that open source would ride its coattails, as it appeals to organizations looking to be able to respond nimbly to business requirements without expensive investments in on-site, proprietary technologies that eat up the time of in-house IT staff.
Another benefit of open source noted by the O’Reilly Media survey is vendors and cloud providers can rapidly apply updates, patches and other bug fixes, which improves overall reliability and security, while end users always have the latest and greatest applications on any device, especially mobile ones that use the cloud as their supporting backend. In the meantime, the cloud computing providers are also enjoying the same benefits of not being bogged now with licensing and administrative costs that go along with proprietary technologies.
As already mentioned, Linux is seen as a critical building block for unifying hybrid cloud environments as a common platform, and turn, innovation in the cloud is contributing to the development of the Linux kernel, which a collaborative process of millions of developers. Ultimately, open source technologies are what make the cloud possible.
Ensure you have open source expertise on tap
If open source is powering the cloud, and you’re at any stage of embarking on your cloud journey, then you need to think about the open source skills you have on staff as well ensure your managed service provider is making the same investments.
The O’Reilly Media survey makes it clear that developers and their managers are fiercely loyal to open source technologies, and that other third-party cloud services are increasingly turning to them to solve technical and business problems. In addition, the collaborative nature of open source means there is a constant loop back to improving and evolving open source technologies, particularly the Linux kernel. For businesses this means there are many benefits to being aligned with open source trends and acquiring relevant skills.
For developers and other IT workers, open source represents opportunities for professional advancement and interesting projects; for businesses, it means cost savings and agility because it reduces the potential for vendor lock-in. If you wan to realize the competitive advantages of open source, you need access to the right experts and skills, which not only means having those people on staff, but also accessing them through an experienced managed services provider.
Sanjeev Spolia is CEO of Supra ITS
- January 28, 2021
- Catagory remote work
The move to remote work nearly a year ago accelerated cloud computing trends that were already in play. With no quick return to offices expected in 2021, businesses of all sizes should plan to prioritize further cloud and Software-as-a-Service (SaaS) investments to support distributed workforces, while being mindful six key trends.
Cloud is enabling new ways of doing business
Moving to cloud computing or SaaS offerings isn’t just about getting on the latest technology bandwagon or saving money on capital or operational expenses. The cloud enables organizations of all sizes to do business better to make employees more productive across many departments, including finance, human resources and marketing, no matter where they are located. Cloud computing and SaaS also level the playing field to allow smaller business to compete with large competitors.
Security is a critical differentiator
Even with all these productivity gains from cloud computing and SaaS, the move to remote work as heighted the need for robust security, so organizations need to set aside time, resources and attention on their security strategy as to prevent breaches and disruptions that might impede any newfound productivity or cost them revenue through lost customers who lose trust.
Not everything will be in the cloud
Even as cloud computing and SaaS continue to take off to support distributed remote workforces, hybrid environments that mix on-site computing, storage, and services with public cloud offerings from vendors such as Amazon Web Services (AWS) or Microsoft Azure will become the norm, and everything will need to work together in concert, securely. Different providers will need to work together to as they each get spooled up to meet the specific requirements of different lines of business within an organization.
A spring cleaning of all compute resources
Organizations will begin to realize not everything that got migrated to the cloud needed to be moved, so even as cloud computing adoption will continue to accelerate, it’s become clearer which workloads need to be in the cloud, and which ones should be winding down, including any outdated data that goes with them, to be even more efficient and get the best bang for the buck from their cloud spend.
Training across the board: Getting the most from cloud computing while keeping it secure will mean investments in training for IT staff as well as raising the cybersecurity awareness of workers across the board as to adequately safeguard organizations as the era of remote work continues. Both cloud providers and their customers will want to make sure they’re providing both entry level knowledge of the cloud as well as creating advanced experts as a means to enable the business.
Consolidation of cloud providers
While it’s unlikely that an organization will want to put all their eggs in one basket—not all service providers are great at everything—they will want to keep the number of cloud computing environments and SaaS applications manageable. While larger enterprises will likely give most of the budget to the big players, smaller ones will likely want work with a local managed services provider that will prioritize their business and help the navigate all the emerging cloud computing deployment options and guide them on the necessary governance and security.
If 2020 was all about a mad scramble to support a remote workforce and iron out the kinks, then 2021 will be about looking to the future with new investment in cloud computing and SaaS offerings while building on the foundation that was put in place.