My TechDecisions

Compliance, IT Infrastructure, Network Security, News, Unified Communications

The Great Resignation and Hybrid Work are Changing the Security Landscape

Supporting a remote/hybrid work environment complicates IT environments— Here are a few tips for employers to remain hypervigilant in their security practices.

Leave a Comment

Hybrid Work security
aleutie/ stock.adobe.com

Record numbers of Americans are quitting their jobs in what many are now calling the “Great Resignation.” Remaining employees who have had an opportunity to prove their value and ability to work productively from anywhere are placing intense pressure on their employers to support a remote/hybrid work environment.

Gartner recently stated that “51% of global knowledge workers will be remote by the end of 2021,” while a Gallup survey found that 9 in 10 people prefer a hybrid workstyle. With employees calling the shots, companies need to prioritize establishing secure remote work capabilities if they want to retain top talent.

However, the transition to remote work complicates IT environments, and in turn, employers must be hypervigilant in their security practices. Given that employees now work both inside and outside the office perimeter, the attack surface has increased exponentially.

Expanding existing VPN infrastructure can increase complexity, introduce restrictions, and impact user experience. Devices outside the corporate network also make OS and software patches more difficult to apply, resulting in vulnerabilities, especially if devices being used are not IT sanctioned.

Without proper guardrails in place, sensitive or regulated data can end up on employee computers. On top of all this, ransomware attacks have become even more effective, leaving organizations with devastating financial consequences. Remember the simple fact that security fails in this order: people, process, and then product/tools.

This new work landscape means that IT leaders need to address security with a fresh perspective, and the public cloud offers compelling options that can help companies enable remote and hybrid workers securely.

Know Your Options

When it comes to giving remote or hybrid workers access to applications and corporate data, cloud-based virtual desktops can deliver a better security experience than a fleet of distributed laptops and desktops. If you are considering cloud desktops, there are two approaches to evaluate:

  1. Do it yourself (DIY). While implementing virtual desktops on your own in the cloud may give your company greater ability to customize the solution, it can also pose security risks, desktop downtime and incur significant cloud computing costs if not architected and managed properly. Ensure your team has the necessary knowledge and skillsets to build the right processes to maintain what was built and that key knowledge is transferred appropriately between team members over the lifecycle of the deployment.
  2. SaaS-based Cloud PC service. In using a SaaS service, deployment is faster, management is simpler and costs can be more predictable. One key difference between SaaS and DIY is that SaaS automates the same outcome for all customers and reduces the burden on IT to maintain the deployment for performance and security. Remember when everyone built their own Exchanges servers? Moving to a SaaS based email system it’s likely made maintenance and managing security risks much simpler for your team.

Another thing to note is that not all SaaS providers have the same approach in how they may have access to sensitive data. Ask your provider how they ensure security across the platform, and whether they are in scope if your company must conduct compliance or security audits.

Key Considerations: How to Enact a Zero Trust Approach

When companies build products, countless decisions are made based on the priority of the problems they want to solve. What is the most important in a stack rank 1-N? Security, cost, reliability, scale, number of regions or clouds to support? These decisions result in the underlying architecture, which can have profound consequences on data security, the success of the cloud desktop project, and more importantly, the level of risk faced by the organization.

Related: Microsoft Pushes Zero Trust Capabilities In Azure

When switching to cloud desktops, companies have a unique opportunity to strengthen their security posture to protect access to corporate resources including applications and data. One popular concept is zero-trust framework.

In the context of zero-trust, trusting no one (either inside or outside the organization), companies should include the vendor running their virtual desktops. Achieving Zero Trust demands training people, ensuring process changes and leveraging technology choices correctly.

Here are 4 aspects of security to consider when incorporating a zero-trust framework in your cloud desktop approach:

Principle of Least Privilege (PoLP)

When it comes to cloud desktops, architecture determines the level of privilege a solution needs. If you’d like to prioritize knowing where your data flows and who access it, start with looking at your solution’s approach to PoLP.

To provide some background, there are two ways to achieve PoLP for sensitive data. One way is to put people and processes in place to ensure that the data is not accessible. This is a common runbook used by IT and works well when IT has absolute control over the deployment with a good audit process in place to ensure compliance. On the cloud, the introduction of 3rd and 4th parties makes this more difficult because you will need to rely on other parties to comply with your data handling requirements.

The second method is to ensure no access to any data at all. This means that your 3rd and 4th parties do not have any access, nor does any data flow through them, making the solution simpler to adopt from a security perspective.

Related: NSA: This Is How Admins Should Do Network Security

In this PoLP context for cloud desktops, different “cloud-based architectures” have very different results. When a solution originally built for an on-premises data center is later installed on the cloud, its architecture operates under the assumption that IT has complete control over all parts.

But on the cloud, these assumptions are different. A cloud-native architecture allows the deployment of cloud apps, desktops, and workstations in a way that protects personally identifiable information (PII) and customer data.

When evaluating a Cloud PC or Cloud VDI vendor, be sure to ask hard and important questions: How much access will administrators have to my environment? Where will my data be located? Where will my data flow? Does my data pass through any infrastructure shared with other companies? Is the data in transit and at rest secured through encryption?

By following the PoLP and requiring the minimum access privileges to customer’s corporate resources, vendors can minimize the attack surface while also providing the customer with full access to their active directory, networking, firewalls, operating system, virtual machines, data, and group policies – along with the ability to control their own environment.

Conditional Access

Aside from the security attacks infiltrated by malicious actors, companies should also be prepared for situations involving hybrid workers who make simple mistakes resulting in a security compromise. At a high level, this is all about proving a user’s identity and then providing access based on the context of the user’s situation. What is the user’s role? What do they need to accomplish? Where are they located? What device are they using? What network are they on?

Related: Both Negligent and Malicious Insider Cyber Threats Are Increasing

Once this context is achieved, IT can set and enforce policies around what actions the user can take – Should they be allowed to print or take a screenshot? Should they have access at all? These conditional access guardrails will mitigate the risk of an insider security breach, whether malicious or accidental.

Multi-Factor Authentication (MFA)

As consumers, we’ve seen the rising popularity of MFA requirements as we access a variety of online services. Businesses operating at a smaller scale should be no different since bad actors target companies of any size.

Any time there is data and IP to protect, MFA is necessary. This means that all hybrid workers attempting to gain access should be required to identify themselves with more than just a username and password, but by multiple independent methods, such as an authenticator app, SMS text message, or answers to secret security questions. When establishing a cloud desktop solution, ensure your vendor can integrate with your MFA solution.

IT Visibility

Without comprehensive visibility into IT infrastructure, IT teams have no way of properly monitoring remote/hybrid workers and desktops and will fail to detect risks or breaches. As you are considering cloud desktops, understand the capabilities that each vendor can provide relative to not only desktop performance and availability, but additional data that can sync with SIEM systems, such as log-on attempts, user locations, and other security events. Ensure that your IT team has complete, real-time visibility into your IT landscape.

Remote Work is the Future

Remote and hybrid work are here to stay and it is up to business leaders to prioritize agile data security practices that can protect the organization while still ensuring employees and contractors are effective and productive. As founder and former CEO of Intel Andy Grove once said, “only the paranoid survive.”

Jimmy Chang, Chief Products Officer at Workspot

Jimmy Chang is the Chief Products Officer at Workspot.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ