With telecommuting here to stay, now is the perfect time to re-examine just how much network access you are giving your users and machines. You might be shocked to see how open your network really is. Most organizations allow more access than their users or machines will ever need or should ever have – this excessive trust is what allows attackers who get into the network to spread and cause a lot of damage.
Telecommuting is good as long as it is secure
American companies are currently discussing the how’s and when’s of returning to physical offices. A recent survey conducted by Zero Networks indicated that 70 percent of employees say they are expecting their company to offer the option to continue to work from home. This is because many companies, who were suddenly forced to make their workforce remote, in response to stay-at-home orders during the global pandemic, found their employees were able to maintain productivity and sustain workplace contributions from their makeshift home offices. As a result, many are considering more flexible, permanent telecommuting options for those workers that can do their jobs from anywhere.
However, the same survey indicated 36 percent of employees feel their company does not have the security tools in place to support long-term remote work. The reality is that telecommuting can expand the attack surface of the organization. It adds new networks, hot spots, phones, laptops and other devices into the mix – most of which are completely out of the organization’s direct control.
Suddenly, it is not just your employee and their laptop and phone that you need to worry about, but also their kids and their kids’ devices or the people at the local coffee shop that could pose a problem. It only takes one device on a home network or hotspot to become infected to potentially put your network at risk.
If an infected device is used to access the network, using some sort of secure connection, such as a virtual private network (VPN), the attacker is now inside and can access everything that employee can access. For most organizations, that’s a lot - we’ve seen that close to 71 percent of the network is usually accessible from any given machine inside the network. That’s way more access than any user will ever need or ever should have. This excessive trust is the primary reason why attacks are so successful.
We’re still dealing with the relics of perimeter defenses
If you have been in cybersecurity for even just a few years, you have probably come across the phrase, “the perimeter is dead and gone.” It is true, with the advent of mobile and cloud-native architectures, people can now be anywhere, using any device, to access any information or service, any time. The idea that you can build a wall (perimeter) and protect your critical resources and information is moot because those resources and information can literally be everywhere. The problem is the “soft center” that was your internal network is now everywhere too.
Unfortunately, defenses to protect resources wherever they are, with the ability to restrict access to only those users and devices that absolutely need it, hasn’t kept up. Instead, IT and security teams are struggling to try to make technologies, which were built during the days of the perimeter, such as router access control lists (ACLs), firewalls and network access control (NAC) systems, work for today’s perimeter-less environments. As a result, organization’s find themselves spending a ton of time and resources trying to make a square peg fit into a round hole.
What’s needed to support secure network access
What’s needed is a way for organizations to create, manage and maintain controls tailor-made for each and every user and device in the network, so it can only access what it should. To sustain this least privilege or zero trust stance (you choose which security buzzword you prefer), takes the use of advanced automation and smart self-service that ensures users have access to only the resources they need when they need them, without having to get security or IT involved.
Imagine, if every time you wanted to access your Gmail account from a new machine, you had to get in touch with Google’s IT and ask them to create and push a new rule for you? It simply doesn’t scale. Unfortunately, that’s what current network security solutions require today.
What you want is what Gmail actually does. When you go to access your email from a new machine, you simply have to prove it is you, by authenticating with your phone. After a few seconds, when everything checks out, you are on your way. In the background, Gmail automatically updates your policy, so next time, when you access your account from this new device, you don’t have to go through the process again. It’s simple and protects your email from unauthorized use.
We need the same thing for network access. We need to automate the policy creation and update process, so that each and every user in your network is restricted to only those resources they need to do their job, nothing more. If they need to make a new connection, they should be able to, after a simple self-service phone verification process that proves it is them.
This way, if an attacker gets into the network their access is limited and they can’t get more because they can’t prove they are legitimate. This will significantly reduce lateral movement, zero day exploits, ransomware and commodity malware propagation, and privilege escalation attacks. It also ensures that regardless of where a user is coming from, whether it’s their desk at the office or in their home, they are not creating any undue risks for your environment.