The new reality of remote working is driving businesses to re-examine their network security posture. Let’s face it: these networks were originally architected to support a dramatically different work environment. IT now must secure the network by bringing into the fold a myriad of remote, mobile and digital workspace devices, some of which were previously secondary at-home devices for employees to use.
Ensuring consistent access controls regardless of device used, protecting the network against threats and providing a secure remote work environment without slowing down user productivity – this is the multi-faceted task world of IT today. To keep pace, it’s vital to evolve to a network security infrastructure that can support this hybrid workspace environment of remote and mobile users.
The goal is to reach a new equilibrium in which remote working is no longer a security concern but rather a regular, ongoing means of doing business. There is a balance to be achieved: providing users with access to their applications that is similar to the experience they would have if they were on-site, while still protecting the company’s assets from any threats users may inadvertently introduce.
To get to equilibrium will take some refinement. Consider these four practices for a highly secure remote computing environment:
- Take the Zero Trust Approach to User Access. The shift to remote working presents an opportunity to reassess employee roles to protect against unauthorized access to applications and data. Role-based network access is the first step to universal, consistent access control – remote, mobile or on-site. As employees shift responsibilities, onboard or offboard, keeping up to date on access control is essential to data protection.
Zero Trust security also includes intrusion detection and network segmentation. Identity-based access can authenticate, authorize and control every user and device connecting to the network. Some solutions can even secure legacy wired and wireless networks that were created before BYOD, mobility and remote working made architecting security much more complex. These can enable IT to unify policy enforcement, while at the same time keeping traffic secure and separate. Business-facing operations and corporate-managed networks with IoT-managed client devices, for example, can co-exist without sacrificing security or operational efficiency.
- Extend Device Visibility. As a result of work-from-home (WFH), the lines are becoming more blurred between corporate devices and the personal devices employees have been comfortably using for some time. We know our remote workers, whether mobile or WFH, want to use all the smartphone, tablet, laptop or IoT devices they believe will help them be more productive. Security may not always be top of mind as they focus on getting work done. Remote users want security to work in the background and without interference as they upload an application or connect a new device. The solution is to gain full device visibility across the network by intelligently discovering and profiling all connected devices. This includes detailed device attributes such as device type, vendor, hardware version, and contextual behavior including applications and resources accessed. Once this information is known, it can be used to enforce policies allowing those devices only the access they need to perform their approved tasks.
We also know employees may be allowed to connect new device types like smartphones or video conferencing equipment without IT’s knowledge. Using automated provisioning, these devices can be discovered, then automatically segmented based on a given policy, or even quarantined in the event they are unauthorized or behaving in a malicious or insecure manner. As employees want to connect more IoT and mobile devices to the network, thorough visibility and access controls will prevent network breaches caused by those devices which lack solid built-in security and advanced authentication.
- Choose the Right Access Point. There are a number of options for establishing secure, remote worker connectivity to the network. Key options are remote wireless access points or VPNs. Wi-Fi is now the primary way users and devices connect, and cloud-based voice and video apps are how we collaborate. A wireless access point covers all the bases. The most advanced will provide a secure, automatic VPN connection that enables a remote worker to see the same SSIDs as if on site. They then have consistent access to data and applications that are already governed by Zero Trust access controls.
In comparison, traditional VPNs may be the simplest path for businesses that already provide remote access via a VPN. However, there are technical considerations. The firewall or VPN concentrator must have enough capacity to support the full scale of VPN encryption and connectivity. Also, IT needs to examine the different versions of VPN licensing. If you are planning to deploy Chromebooks, for example, make sure you understand whether additional licenses are required for mobile devices to connect to the VPN.
- Incorporate Auto-Remediation. Today, it’s advisable to consider the move to an ‘intelligent edge’ model as remote working shifts the edge to WFH networks. Employing artificial intelligence (AI), machine learning and automation, IT can resolve networking issues before they reach a remote worker’s desk. AI-powered auto-remediation is able to reduce resolution time by almost 90%, a significant WFH benefit as remote workers want to avoid unproductive downtime. Also, with smarter IoT-enabled devices in the network, automated detection and remediation capability is becoming critical. For remote workers, having threats detected and quarantined before they get to their WFH workspace is essential to data protection and their own productivity.
Meeting the Future
While WFH has presented a new set of challenges it is also an opportunity to strengthen networking security and transition the network into one better equipped for the next 21st century disruptive event. But, it can be done! Incorporating automation and AI into remediation and threat detection, extending Zero Trust access controls across all workspace environments, and enabling worker device choices to meet security standards is the business network for the future.