The worldwide increase in remote work has presented organizations with a parallel increase in cyber threats that business leaders, security teams, and information technology executives must confront, says Kevin Beebe, vice president, and chief information security officer of MacStadium.
Costly data breaches and malware attacks are on the rise. A recent reportOpens a new window found that 20% of organizations experienced a data breach due to a remote worker. Additionally, highlighting the changing nature of dangers a growing remote workforce poses is the finding in IBM’s “Cost of a Data Breach Report 2021Opens a new window ,†which showed that organizations with a remote workforce took 58 days longer to identify and contain a breach than office-based organizations.
To cope with the burgeoning security and compliance requirements, hybrid-work environments require, many are turning to desktop-as-a-service (DaaS) solutions. Gartner predictedOpens a new window last April that businesses would boost their DaaS investments by 26% by December 2022.
Varying Approaches
How companies tackle remote-workforce security issues depends on the infrastructure and operating system in use. Different tools and methodologies are most appropriate for Linux, Mac, and Windows systems when managing endpoint protection, identity access management, vulnerability management, data protection, and threat management. Due to the inherent dissimilarities among the three, a standard security strategy remains elusive.
Mobile device management (MDM) and Unified Endpoint Management software can effectively secure most Windows and Linux systems. MDM and UEM make possible the automation, control, and security of administrative policies by IT departments on machines spanning laptops, tablets, smartphones, and other devices connected to an organization’s network. MDM software can help achieve security objectives, but a single pane of glass for all hardware and software platforms remains challenging.
The Windows operating system tends to integrate tighter with Identity management (IdM) security software than other operating systems. IdM controls what people in an organization are authorized to gain access to tech resources so they may do their jobs. Well-known IdM software includes Microsoft Azure Active Directory, Oracle Identity Management, and Okta Identity Management.
But IdM security solutions go beyond mere software applications. They also encompass the identity-based policies and technologies throughout an organization that bars unauthorized access, block data removal, and send critical alerts when necessary. Managing security in Windows frequently uses a group policy, where access control depends on the user’s specific role within an organization. Providers are working to bring standard SSO and Active Directory integrations for cross-platform use and help implement a Zero Trust security model across the organization.Â
Implementing granular group policy and role-based access controls among the many challenges in enforcing Mac operating system security. Many organizations still allow users to be local administrators on their Mac and use personal iCloud accounts to integrate with features of the user’s other Apple devices like iPad, iPhone, and Apple Watch, but this can be risky. MDM softwares for Mac can be effective solutions for managing these risks. Still, ideal access control would not be one where the MDM moderates the changes a local administrator might make. Whitelisting and blacklisting the applications users are allowed to install is also beneficial to ensure that new vulnerabilities are not introduced before mitigation and remediation strategies can be developed.
Rise of the Virtual Machines
As desktop virtualization has become more popular in recent years, the trend in security has been to integrate identity management into the virtual desktop infrastructure (VDI). The migration to becoming a cloud workforce means a simultaneous departure from using local services that manage application and database access.
Such services include the Security Assertion Markup Language (SAML), which yields access to more than one web app while requiring only a single login-credential set, and single sign-on (SSO), which does the same thing.
MacOS has had to clear more hurdles than Linux and Windows operating systems due, again, to the fact that MacOS users have typically been local administrators on their Mac.
Yet, desktop virtualization essentially provides the opportunity to provide additional layers of security to lock down a device in a virtual environment utilizing stricter controls for remote workers. And VDI inherently allows a company’s security team better control over identity management. This is due to an added software layer that enables security teams to integrate SAML, SSO, multi-factor authentication, and cryptographic security at the level of the local connection broker and respective virtual machine. With encrypted network traffic and a “gold†base image of the operating system and application environment, administrators may exercise unrestricted control over critical functions, the customer environment, and the virtual desktop. VDI desktop can be purpose-built to an individual use case with more stringent security controls, all without affecting the usability of a user’s local device and their integrations with other devices.
macOS once again has lagged behind other operating systems in virtual desktop capabilities, partially due to Apple’s EULA and business strategy. Still, several platforms have enabled VDI and DaaS for Mac within the Apple EULA’s constraints and increased integration capabilities with another standard security tooling.
See More: How Do Virtual Machines Really Work?
Withstanding Prevalent Remote-work Security Threats
Social engineering and phishing attacks tend to be the most widespread types of assaults against which we must defend. These are fraudulent messages — email, text and voice — purporting to be from a credible source that seeks to persuade individuals to share private, personal data so the perpetrators may profit from the stolen information.
Continual security-awareness training is key to guarding against phishing because stopping them is impossible.
Endpoint security protection is a potent tactic to employ in distributed-work environments. Most of all, endpoint-generated traffic can be encrypted and potential threats can be detected, quarantined, or eliminated in real-time when users succumb to phishing attacks. Security solutions offer a robust endpoint-security product across platforms: Linux, Mac, and Windows.
With so many diverse tools and solutions used to address security risks, consolidating threat information into a single pane of glass can be key to fast incident response, where every second can mean a dramatic increase in the scope of an attack. Automating as many incident response workflows based on triggered alerts can be even more valuable. With network and endpoint forensics data in customized dashboards, insights solutions enable security teams to analyze all authentications, log activity, and vulnerability insights in real-time across distributed desktop, VDI, hybrid and multi-cloud environments. With AI and API system integrations, we can now eliminate most manual incident response activities that previously relied on human intervention.
For companies with smaller security teams, partnering with network security vendors who offer managed solutions with proactive security response can be beneficial in augmenting limited internal resources and expertise. Outsourcing system monitoring and security-device management to an MSSP can provide 24/7 protection, proactive threat detection and response, and automated patching and upgrades.
See More: Cybersecurity in the TIme of Remote Threats
Best Practices
A comprehensive security plan for any organization begins with visibility.
With that overarching theme in place, security teams should complete a business-impact analysis in which each user group and internal team explains how it uses apps and the types of data residing in those apps. That information is critical for the security team to develop a strategy to protect all platforms and appropriately manage risks.
Visibility and transparency across an organization’s technologies and resources will result in best-in-class strategies for security awareness training, asset management, identity management, vulnerability management, threat management, backup and recovery planning, data protection, and overall adherence to compliance controls.
With this step-by-step and thorough preparation, leaders throughout the organization will have confidence that the final implementation of the security strategy is rock solid.
What are the most common security threats regarding remote work, and how to combat them? Let us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!
Image Source: Shutterstock