Time to Plan for the New Normal of Remote Working

Remote working has been a hot topic for many years. Internet-based tools and capabilities have made it easier to enable remote working and work-from-home leading to a steady increase in the number of enterprises offering these options to their employees. However, the emergence of COVID-19 and the widespread work-at-home directives used to curb the progress of the pandemic have initiated an experiment in remote working on a grand scale. So, what have we learned so far? 

The first thing we learned is that remote working can be done on a grand scale. Despite initial technical issues, IT departments, cloud service providers and communication service providers adapted quickly and successfully to meet demand. We also confirmed that employees like working from home and the flexibility that it offers with many remote workers stating that they have no intention to return to the office. Remote working and work-from-home are here to stay and are now the new normal for enterprises. 

Time to plan for the new normal of remote working

While enterprises, cloud services and telecommunication companies can rightfully be proud of their ability to react quickly and adapt to the unprecedented situation that COVID-19 instigated, now is the time to start planning for the long-term reality of remote working and what that means for enterprises.

One of the areas of particular concern is data security. In a recent blog entitled “Gartner top 10 security projects for 2020-2021”, the number 1 security project recommended by Gartner was securing your remote workforce. Gartner recommended their clients to “Focus on business requirements and understand how users and groups access data and applications. Now that a few months have passed since the initial remote push, it’s time for a needs assessment and review of what has changed to determine if access levels are correct and whether any security measures are actually impeding work”.

With remote working, the attack surface has increased dramatically on devices and in environments that lie beyond the control of the enterprise. This is not welcome news for stressed and over-worked security teams who already struggle to respond to security events today.

The target for malicious actors is in most cases customer personal identity information, which not only raises security concerns, but also compliance and governance issues. With countries around the globe following the lead of the EU with strict data privacy and protection laws, the cost of a data breach can also include litigation by governments for lack of adequate response.

While strict policies and guidelines can be prescribed to ensure remote workers are working responsibly, the key for enterprises is to ensure that access to sensitive data is governed and monitored centrally. Identity Governance and Administration (IGA) solutions and best practices ensure that only the right people have access to sensitive data. IGA also ensures compliance with data privacy and protection laws even in the worst-case scenario of a data breach.

IGA can provide the foundation for enabling remote working in a secure and compliant manner enabling the enterprise to adapt to the new normal of a remote workforce.

The grand remote working experiment

Over the past years, several surveys have been performed on remote working with similar conclusions. Once of the main conclusions is that workers prefer to work remotely.

For example, Buffer, together with AnglelList, have performed a State of Remote Working survey for the past three years with consistent results. In 2018, 2019 and 2020, the percentage of respondents who said they would like to work remotely has been 90%, 99% and 98% respectively. These results are mirrored by similar state of remote working surveys over the same period. In the Remote Work 2020 survey, 82% of remote working survey respondents stated that they do not plan to ever return to an in-office setting.

In both surveys, the biggest benefits of remote working were the ability to work flexibly and the flexibility to work from anywhere. Even so, around 80% of remote workers work from home, which might sound comforting to security professionals, but still means 20% of remote workers are accessing the enterprise network from libraries, coffee bars and co-working spaces.

Up until this year, remote working was not the norm in most companies. With the outbreak of COVID-19, many enterprises had to send all employees home to work remotely and thereby instigate a grand experiment in remote working. Despite initial problems where Internet networks needed to be reconfigured leading to some outages and IPsec VPN capacity constraints, the networking, security, and IT support community scrambled admirably to meet the challenge. As we now experience a second wave of COVID-19 cases around the world, there is more confidence that the infrastructure can meet any challenges.

But, during all this scrambling to make things work, there has been little time to consider the data security implications of remote working. With infrastructure challenges behind us, perhaps this is a good time to consider data security, protection and privacy while preparing for the new normal of remote working.

Remote working leads to an increased attack surface

Security teams have been struggling for many years to keep up with the relentless growth in malicious attacks and the ingenuity of cybercriminals. A 2019 survey by Critical Start of Security Operations Center (SOC) professionals found that 80% of respondents had reported their SOC experiencing between 10% and 50% analyst churn in the previous year. This is directly due to an increase in the number of alerts that each analyst needs to examine.

COVID-19 and the need for remote working has added stress to these teams. According to a recent report from ESG and ISSA, “COVID-19 has forced cybersecurity professionals to change their priorities/activities, increased their workloads, increased the number of meetings they have had to attend, and increased the stress levels associated with their jobs. CISOs should take note of these changes and closely monitor cybersecurity team members for signs of burnout.”

In addition, the number of attacks has increased during COVID-19. In a recent report from VMware Carbon Black it was found that “The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address”. 91% of global respondents in the report survey stated that they had seen an increase in overall cyberattacks as a result of employees working from home.

Remote working poses both a data security and data privacy challenge

The main target for cybercriminals is what is termed Personal Identification Information (PII). According to the latest “Cost of a data breach report 2020” from Ponemon Institute, 80% of data breaches involve customer PII. The average cost of a data breach for an enterprise with more than 25,000 employees is $5.52 million, while the cost to smaller organizations of less than 500 people is $2.64 million.

This poses two sets of challenges; the first is a data security challenge as remote working effectively increases the attack surface and the second is that customer data privacy is also compromised.

With remote workers accessing enterprise networks through home office environments that might or might not be secure, there are more vulnerabilities for cybercriminals to exploit. Security teams can do very little unless corporate devices are allocated to each remote worker. But, even in these cases, it is hard to prevent users from accessing personal applications like social media, personal storage or streaming services and games using their enterprise device. The protections enjoyed while inside the corporate perimeter are now no longer available.

The fact that it is customer PII that is the main target for cybercriminals opens a new concern, namely data privacy and compliance. New data protection and privacy legislation similar to the EU’s GDPR is being adopted across the globe. According to the UN, 66% of countries globally now have data protection and privacy legislation in place. These legislations stipulate how quickly users need to be informed when a data breach occurs. Using GDPR as an example, organizations have up to 72 hours to inform affected customers of a detected data breach or face fines of up to €20 million or 4% of annual global turnover (whichever is higher).

This is a significant extra cost should a breach occur and affected customers cannot be identified quickly. The EU has also been willing to litigate in this area with fines already totaling €176 million in the past two years.

Identity Governance and Administration (IGA) for remote working

Protecting access to sensitive data by remote workers is not just about security devices and VPN solutions. It is also about managing who has access to specific data and ensuring that they can only access data that they are entitled to access. While it might not be possible to control the type of device or connection that remote workers use to access data, it is still possible to enforce rules as to the type of data that a specific identity or role can access in a specific situation.

The Omada IdentityPROCESS+ framework provides best practice guidelines on a wide range of IGA issues. This includes managing identities and roles, managing the type of data that specific identities and roles can access as well as responding to security breaches involving identities. The framework also includes guidance on governance and compliance to data protection and privacy laws including risk assessment of assets.

In preparing for remote working, enterprises can use IGA solutions like the Omada Identity Cloud and the IdentityPROCESS+ framework to establish a solid foundation for data protection and privacy using the following recommendations:Document who has access to which IT data and information resourcesMap identities to roles and create policies for the entitlements associated with a specific roleEnsure that when the work of each role changes then so do the entitlementsEnforce segregation of duties so multiple roles associated with an identity do not lead to unintended access to sensitive dataImprove efficiency by allowing real-time request and approval processes for data accessPerform regular audits on data access and compliance to identify anomaliesUse risk scores associated with each data and information resource to understand the severity of audit events

The Omada Identity Cloud provides the tools and automation to help enterprises to implement the processes recommended in the Omada IdentityPROCESS+ framework. The solution allows real-time enforcement and monitoring of data access and automation of audit processes, especially compliance audits. A compliance dashboard provides an overview of all the systems that contain sensitive data as well as the compliance level of each application and system. If there are compliance issues, remedial actions are recommended and can be executed immediately.

Securing data in a remote work world

Remote working is here to stay, which means it is harder to control the environment in which employees work and access data. However, with IGA, it is possible to control, which data can be accessed and in which situations that access can be allowed. With regular audits and the compliance dashboard, it is possible to identify potential issues and take remedial action quickly. This goes a long way towards ensuring the protection and privacy of customer data and compliance with government regulations.

Written By Dan Joe Barry, Product Marketing Consultant


PAM met SecurIT (Dutch)

Eén van de grootste security-bedreigingen in het cyber security landschap is het misbruik van accounts met hoge (privileged) rechten op IT-systemen. Privileged Access Management (PAM) helpt organisaties om hun privileged accounts te beheren. Zo kunnen zij de kroonjuwelen beschermen, voldoen aan wet-en regelgeving en daarnaast ook nog datalekken voorkomen.

Samen met u maken wij uw PAM-programma succesvol.

PAM with SecurIT (Dutch)

FREE DOWNLOAD

Send download link to:

I confirm that I have read and agree to the Privacy Policy.

Subscribe to get exclusive content and recommendations every month. You can unsubscribe anytime.


About SecurIT

Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7). 


How to Predict Identity Needs with LogMeIn

SailPoint customer LogMeIn is the creator of LastPass, a top password management solution. They also provide users the ability to manage and network remote devices. LogMeIn started on their identity journey two years ago, looking for a solution that would mitigate risk and increase compliance. Being a SaaS providing company, a solution that could allow them to move quickly was essential.

With SailPoint, LogMeIn has:

•            Met compliance requirements with SOX critical applications

•            Increased operational efficiency through automation of certifications

•            Future-proofed their program with AI & ML technologies

Watch the video below to hear how a SaaS-first approach gave LogMeIn a running start on their identity program and how AI & ML technologies will ensure a more proactive approach for the future.


Ramp Up Container Security With Red Hat OpenShift and CyberArk

Microservices and containerized approaches are becoming increasingly critical elements of digital transformation strategies. Container platforms offer developers and operations teams a simplified way to build and deploy better applications faster across hybrid cloud environments, and at scale. In fact, a recent Capital One study shows 86% of technology leaders have prioritized container usage for more applications, largely to improve collaboration between developers and operations (50%) and enhance the developer experience (46%).

Red Hat® OpenShift® is one of the leading container platforms, providing enterprises with a consistent foundation and set of services for building and scaling containerized applications across hybrid environments. OpenShift leverages the underlying capabilities of the popular open source container orchestration platform, Kubernetes (K8s).

Today, several thousand enterprises use OpenShift to migrate application workloads to the cloud, as well as develop cloud-native applications using DevOps methodologies at scale. All of these applications use credentials, or secrets, to access databases and other sensitive resources – credentials that must be managed and secured the same way human access is. However, in a typical enterprise compute environment, OpenShift is likely just one of several platforms being used. This means credentials must be shared across multiple IT platforms, CI/CD tools, as well as cloud and hybrid environments. If these credentials are exposed, attackers can use them to escalate access and privilege, reach critical assets and cause significant harm – from exfiltrating or maliciously destroying sensitive data to crypto-jacking cloud resources.

Many development platforms and tools have their own native, or built-in, security components that manage credentials and access, and may even offer some form of audit support. Yet typically these security mechanisms don’t securely share secrets with other tools, instead creating isolated “islands of security” that make it difficult to consistently manage privileged credentials across the organization. To eliminate these disparate security islands and mitigate the risk of data breaches, all privileged credentials should be centrally managed, rotated, monitored and audited across the enterprise’s entire development and operations environment.

Our secrets management solution, CyberArk Application Access Manager designed to do just that. It provides a comprehensive, centralized solution for securing credentials and secrets for applications, containers and CI/CD tools across native cloud and DevOps environments. CyberArk Conjur, our open source secrets management tool, complements this enterprise offering.

Simplify Securing OpenShift Containers with Out-of-the-Box Integrations

Through several powerful integrations, CyberArk and Red Hat provide ways to simplify and strengthen security by safeguarding the credentials used by applications running in OpenShift containers.

CyberArk Application Access Manager integrations with Red Hat OpenShift offer major benefits for cross-functional teams, including:

  • Development: Simplifies how developers write code to use credentials to securely access databases and other sensitive resources with flexible APIs. Code running in OpenShift containers can seamlessly access – and use – the required credentials, which are centrally managed and secured by CyberArk.
  • Operations: Automatically secures and rotates secrets used by OpenShift containers based on the organization’s policies managed by the CyberArk platform. This eliminates the need for operations to manually change, populate and provide audit trails for credentials used by containers.
  • Security: Separates the duties so that each container-based application only has access to the credentials or secrets needed to access the specific resources they are authorized to access. Policy-based access controls are set by the organization’s security team and managed by the CyberArk platform.

Together, CyberArk and Red Hat can help eliminate security islands and siloed credentials, enabling developers and operations teams to more easily and securely deploy applications at scale.

Secretless Broker Further Improves Security and Simplifies How Developers Write Code

CyberArk Application Access Manager provides OpenShift developers with flexible APIs including environmental variables and Rest APIs. Each supported method is designed to secure secrets to databases and other sensitive resources, helping developers stay focused developing code and moving fast.

Developers looking for an alternative to APIs can take advantage of Secretless Broker, a feature within CyberArk Application Access Manager and CyberArk Conjur. With Secretless Broker, applications can securely connect to databases, services and other protected resources – without ever accessing or even knowing the credential.

When an application needs to securely access a resource, it simply makes a local connection request to Secretless Broker. Secretless Broker then automatically authenticates the app using the native characteristics of the OpenShift container and establishes a connection to the database or other resource. This approach reduces the attack surface by preventing credentials from being exposed to applications. After all, applications cannot leak credentials that they don’t have access to. This also provides a simpler way for developers to write code to securely access databases.

3 Ways to Get Started with CyberArk and OpenShift: Webinar, Workshop and Resource Library

Join Red Hat and CyberArk for a live webinar, “Modernize DevOps with CyberArk Secrets Management and Red Hat OpenShift,” on Tuesday, November 10, 2020 at 1:00 pm EST. Attendees will explore lessons learned from recent breaches involving DevOps environments and the implications for containerized apps, key benefits of enhancing platform-specific secrets management capabilities with a centralized approach, and practical steps to take that strengthen containerized application security without impacting developer velocity.

Register here to reserve your spot. For a deeper dive, webinar attendees can join an interactive, hands-on technical workshop hosted by Red Hat and CyberArk on December 10, 2020.

Source: CyberArk


Live Webinar (17 november 2020): Privileged Access Cloud Security: Insider tips en aanbevolen procedures

Dinsdag, November 17, 2020: 10.00 uur CET


Er wordt steeds vaker gekozen voor cloudtoepassingen en -services en dat brengt ook uitdagingen met zich mee. Organisaties van over de hele wereld worstelen met de kennis en kunde over privileged access van externe werknemers, derden en contractanten. Het belang van deze kennis en beveliging is echter wel hoog. Wist u bijvoorbeeld dat 77% van de hacks in cloud een gevolg is van gelekte inloggegevens? Het wordt de hoogste tijd dat uw gebruikers gemakkelijk èn veilig toegang krijgen tot de cloud.

Sluit aan bij de webinar van SecurIT en Thycotic over Privileged Access Cloud Security. Wij leggen onze praktische aanpak uit en geven u handvatten voor het definiëren en implementeren van privileged best practices voor cloud security. 

Krijg de antwoorden op deze belangrijke vragen: 

  1. Wat zijn de kritieke verschillen die voortvloeien uit privileged toegang tot cloudtoepassingen? 
  2. Hoe creëren overprivileged gebruikers een van de grootste risico’s in de cloud? 
  3. Wat is de beste manier om een aanpak met de minste bevoegdheden te implementeren die de toegang tot cloud privileged access garandeert? 
  4. Welke geautomatiseerde tools kunnen helpen bij het beheren en beveiligen van privileged access voor cloudtoepassingen? 
  5. Welke materialen of bronnen ontvang ik? 

en_USEnglish