Enterprises need to secure end users’ devices to protect corporate resources
The prevailing pandemic has impacted businesses and organisations in ways unforeseen even by the most visionary and entrepreneurial minds
By Nandan Bhatkal
Organizations across the length and breadth of the world have been scrambling to tweak processes and recalibrate operations one way or the other to keep businesses running. Many of those who did not adopt remote working earlier, are rolling out work from home solutions for their workforce now. Companies, especially those which come under the purview of different regulatory watchdogs, such as BFSI sector, too, are taking the leap, thanks to coming-of-age secure remote access, and identity and access management solutions.
Change you must: The sooner the better
As the consequences of Covid-19 crisis are still unfolding, businesses must change the way things used to be done till a few months ago. Even companies with deep pockets to pay their employees and vendors, won’t survive unless they adapt to the new reality. Those who are still procrastinating may cease to exist. The sooner they take the leap, the better would be their chances of sailing through the troubled waters.
The people: Still key to survival and success
Availability of secure digital workspace solutions notwithstanding, the outcome of all these changes and the eventual survival of businesses ultimately hinge on the people and how they adapt to the new reality. Unless the people, employees, contractors, associates, vendors, partners, et al., are encouraged and enabled to perform their roles and responsibilities with equal efficiency, irrespective of where they are working from, businesses cannot survive.
Security concerns over remote working
Interestingly, the very people who are key to the survival of a business are also the weak link in this digital world. Thus, companies rolling out work from home solutions face the challenge in ensuring secure remote access to their employees. A dispersed workforce, using unmanaged devices and unknown networks, present serious threats to corporate applications and resources. And with unscrupulous elements lurking in the dark web, companies become more susceptible to cyberattacks and malware attacks. Then the question arises: How can companies ensure that security and privacy frameworks remain unyielding? How can organizations continue to be ISO27001 or compliant to other regulatory guidelines?
Ensure compliance, continue business as usual
Under the given circumstances, companies need to enable their people to work from the safety of their homes, without undermining the security aspects. Using zero-trust architecture, they can provide secure remote access to employees, contractors, associates, vendors, partners, etc. to run the business at scale. In doing so, there are essentially three things that need to be taken care of.
- Positively identify all your people and devices, without fail
- Instead of considering only user name and password, use multiple parameters, like log-in time, device location, hardware component identification, IP addresses, etc.
- Identify the device, application and/or user every time when an access request is raised
- Be context driven to evaluate need for access. Define rules for granting or denying an access. If need be, ask for more authentication information whilst dealing with an access request. Use a combination of all the above factors to determine the next course of action, in real time and at scale.
- Once convinced that the entity (user/device) is legitimate & authentic, determine the extent to which an access could be granted. Accordingly
- Provide VDI for people to perform their roles
- Allow access to only those applications that the user needs to perform his or her duty in the given context
- Do not allow any remote device to access any internal network. None of the internal IP addresses should ever be assigned or exposed to a remote device.
With this water-tight framework in place, organizations can recalibrate their operations to survive and ensure quick revival in the post Covid-19 environment. Employees, on the other hand, can function with ease using company-issued devices, rented laptops or personal endpoints.
(The author is the VP – Enterprise Solutions at Accops)