FEATURE: MOBILE MANAGEMENT
///////////////////////////////////////////////////////////////////////
Endpoint robustness and
limiting user rights Corporate cybersecurity solutions cannot
resolve and route to remote employees to
push updates or query systems directly. All
remote devices must therefore poll into
cybersecurity resources for updates or to
submit data and often require a persistent
outbound connection to determine state
regardless if using a VPN or cloud resources.
It’s clear that deploying the same security
on endpoints and remote users is very
challenging. Therefore, it is important
to understand the various endpoint
vulnerabilities. I find that too many
organisations deploy new endpoint solutions
without validating whether they achieved
the goal of securing the end devices. Discovery technology, pushing policy
updates, etc all become batch driven in
lieu of near real time. Even remote support
technologies require an agent with a
persistent connection in order to facilitate
screen sharing since a routable connection
inbound to SSH, VNC, RDP, etc is not
normally possible for remote employees.
As a CISO, you also need to understand
that attacks are constantly changing, so
validating how your systems hold up against
new attacks is important. Therefore, the number one cybersecurity
challenge for remote employees is based
on devices that are no longer routable,
reachable or resolvable from a traditional
cooperate network for analysis and support.
important identity hygiene is in our current
threat landscape. Passwords should always
be unique but your most sensitive identities,
including your corporate services, should also
be backup up by a second factor.
What is important to know is that while
you may not always be able to uncover
vulnerabilities, the correct configuration
and security applications can make it
exponentially more difficult to exploit
those that do exist. Also, why not get your
endpoint tested by the experts with a service
such as penetration testing?
Constant security validation
Remote employees’ technology can come in
two forms – corporate supplied IT resources
and Bring Your Own Device (BYOD). While
corporate deployed resources can be
hardened and controlled in extreme ways,
personal devices are often shared and not
subjected to the same security scrutiny.
A final thing that I also recommend CISOs
look at is how they validate the security of
their remote users. Since we know that this
user group is more exposed, it is important
that you validate the integrity of the
endpoint constantly. The largest cybersecurity challenge occurs
in the latter. Organisations struggle to
manage end user devices with Mobile
Device Management (MDM) solutions and
technology that can only isolate applications
and user data on a device. They cannot
harden it and govern its operations as tightly
as a corporate deployed system.
This could for instance be done at any
connection to your networks and applications
– this is why we have NAC, VPN and identity
access management solutions which validate
not just the user but also the security of the
device before granting connection. Therefore, this is the second most important
cybersecurity threat for remote employees;
how to allow BYOD without introducing
unnecessary risk. This includes having
administrative access to the device since you
are the owner.
MOREY HABER, CHIEF TECHNOLOGY
OFFICER, BEYONDTRUST The third challenge for remote employees
involves traditional cybersecurity controls
like vulnerability assessments, patch
management and anti-virus. Traditionally,
all of these where performed using network
scanners, agent and services to perform
various functions. But these require
connectivity to on premise servers. With
the cloud, these disciplines have become
easier to manage but many organisations
Remote employees traditionally connect to
corporate resources using a VPN or cloud
resources directly. They are often behind
their own home routers that use technology
like Network Address Translator (NAT) to
isolate the network. This creates a network
routing problem.
48
INTELLIGENTCIO
have not matured enough to embrace these
technologies for remote employees.
Therefore, organisations empowering
remote employees should consider the
cloud for managing basic cybersecurity
disciplines since the problems with
connectivity are only getting worse with
cellular and other mobile technologies.
Advice for CISOs
The best advice for CISOs that need to
secure the remote workforce involves
an open mind and acceptance of new
technologies, methodologies and workflows
to accomplish cybersecurity best practices.
This includes using MDM solutions,
leveraging the cloud and monitoring data
and workflows to prevent a breach.
CISOs need to think out of the box
regarding connectivity. We live in the
age of cellular, broadband and will see a
bandwidth evolution with 5G. The theft of
large quantities of data can occur within
minutes using wireless technology and new
techniques are needed to defend against
these threats.
This is not only from a remote employee
copying the data from corporate resources
but also threat actors breaching a remote
employee and leveraging them as a beach
head. Therefore, CISOs need to understand
their business models, the roles remote
employees play and the data and system
risks they represent. Then, a defensive
strategy can be built using modern security
technology and practices. n
Morey Haber, Chief Technology
Officer, BeyondTrust
www.intelligentcio.com