The Five Elements of Remote Office-Centric Security

With much of the workforce working from home right now, there are several challenges to consider when it comes to the remote office-centric, an important one being security. Over the last several weeks we have seen a number of common requests from our clients. These requests tend to focus on updates and patching, cloud-based services, capacity planning and authentication. It is important that each of these trends are carefully considered and conducted correctly and thoroughly, so we have outlined five main elements of remote office-centric security below:

1. Security Infrastructure

To ensure your remote office infrastructure is secure, there are a number of tools or strategies you can leverage. For example, one recommendation is that you implement a risk-based approach or re-assess your existing approach with a focus on asset classification, service classification and data classification. A risk-based approach can be beneficial when planning your security strategy or during the decision-making process, for example when building a relevant security and access policy for bring-your-own-device (BYOD) versus using corporate assets. The steps to securely allow access from BYOD or corporate assets may be very different, especially now that you have considered the applicable risk related to each. No matter what the platform being used to access your services, you will want to deploy remote access solutions such as a VPN, VDI or Secure Access Service Edge (SASE) to secure and monitor these connections. All three options offer a secure solution for your users to access company files and tools.
Now more than ever, bad actors are looking for ways to gain access to organizations’ information and users’ credentials, which is why it is important to enable strong authentication and multi-factor authentication to protect your users and your organization. Consider condition-based sign-on and access. Condition-based checking takes into account different elements of a user’s attempt to authenticate or gain access, such as where they are logging in from, the time of sign on, the device they are using and other factors. These factors can then be used to determine the appropriate authentication method or assign the appropriate access the user. We have also seen a large uptick in measures to protect public facing infrastructure. This can be done using solutions like next generation firewalls (NGFW), web application firewalls (WAF) or proxies. As always, it is also a good idea to update to the latest software and firmware. Regular updates and patching are even more critical for devices and software that is public facing or directly supports the end users.
Once you have provided your users with access to your infrastructure, next you will need to implement the proper monitoring tools. During this step it is important to ask questions like, “Are you collecting logs from all your new or expanded devices and technologies?” If so, are you collecting the right logs for what you want to do? You may also want to consider a risk-based approach here to help determine where to focus your spend and effort. Some monitoring tactics include ensuring that all relevant events are being collected and updating use cases and correlation rules to effectively monitor your environment, as it may have changed considerably. Enhanced monitoring and behavioural analysis using SIEM or UEBA can also prove extremely useful in these new and expanded environments. Another critical step is conducting vulnerability scans against your external facing and new infrastructure, because you can be guaranteed that bad actors will.
Lastly, certificate management and security play a crucial role in securing infrastructure. Not only will you want to make sure all certificates are signed and valid, but you will also want to start conditioning your users to not click on websites that don’t have certificates. You can also complete penetration testing against new and existing access solutions and services to find potential vulnerabilities that a hacker could exploit.

2. Endpoint Security

As mentioned, bad actors are trying to take advantage of the current climate and are using fear to push new scams and malware. Given this, it is now more important than ever to put a proper endpoint security plan in place. The first step to securing your endpoints is to deploy an endpoint protection solution such as AV, update and patch your endpoints and make sure you have the right signatures. You may want to also consider an endpoint detection and response solution (EDR).
Much like securing your infrastructure, implementing an SSO and MFA solution will offer a more seamless login experience for your users and will keep them from using non unique passwords, which is especially helpful right now when users will be logging into many different portals and interfaces while working remotely. It may also help to enforce a strong/complex password policy, in which case SSO and MFA will help users adhere to the policy.
Lastly, you should enable endpoint encryption, ensure data on endpoints are being backed up and consider measures to protect users from web-based threats such as cloud-based security and DNS based security.

3. VDI – Cloud and On-Premise

The biggest threat to your virtual desktop infrastructure is that, in the rush to getting it up and running, your remote desktop protocol (RDP) gets exposed. It is crucial to protect your VDI RDP interface. You should never run RDP without enabling session encryption through VPN or RDP proxies. Secondly, you will need to make sure your golden image is protected which can be done by scanning for vulnerabilities, updating and patching accordingly, and balancing resource preservation and selected security measures. Some other things to consider include integrating your VDI with SSO and MFA solutions, considering DDoS protection and ensuring cloud specific security measures are considered for cloud-based VDI.

4. Collaboration Security

Collaboration security is always important, however with entire companies now operating remotely it has been pushed to the forefront. For example, Zoom has seen widespread adoption, which has created new interest with attackers. As with the other elements, collaboration tools should be integrated with SSO and MFA, and should have the latest versions up and running. Some actions you can take to secure your video conference is to implement meeting passwords, protecting your meeting IDs, setting join chimes and checking that the right people are attending your meetings. You will also want to avoid file sharing through a collaboration room unless it is locked. It is also critical to secure file sharing for collaboration by setting differentiators for public versus internal access capabilities. Examples of this would include strict use of SharePoint permissions or considering Cloud Security Access Brokers (CASB). CASB will give you visibility into what is happening on your cloud-based collaboration tools.

5. Training: User Policy and Awareness

Your people are your first and last line of defence, which is why training users on how to work in this new environment is an essential part of remote office-centric security. If your policies don’t already include guidance on the use of BYOD or corporate assets when working from home, it is a good idea to re-assess and revise it to include an acceptable use policy. It is beneficial for users to hear the “why” behind the new policies as well, so well-crafted communication around the changes is recommended as well. A few other items to train your workforce on are to be wary of and how to detect phishing scams, secure home network and wi-fi configuration and how to properly use remote access and collaboration tools.
To conclude, security should be a top concern when setting up the remote office-centric and there are many solutions available to you. Our team is well versed in all the elements outlined and we have many solutions and partners that we work with in each.