Over the last few weeks, most organisations have had to transition to enable their employees to work remotely. The key focus has been on business continuity during this trying time. Unfortunately, business continuity isn’t so easy. Keeping the day-to-day operations of the business running has been one of the hardest IT challenges that most organisations have faced in the last decade. It’s one for which many organisations might not have had a plan in place. So, how have organizations been handling this transition? And how should they be incorporating security into their work? Let’s examine this in greater detail using a hypothetical organization as an example.
The Importance of an Inventory in Remote Asset Deployment
With the move to remote working, the first priority would be to get physical hardware out to all previously office-based employees. These workers need laptops, reliable internet access and specific security software such as a VPN. Rolling out these devices might be easy enough. But for the sake of security, organizations need to make sure that they keep track of their new corporate assets. That’s why having an up-to-date inventory of all devices currently in the infrastructure is key to moving onto the next steps in the business continuity plan and in a timely manner. The truth is that the impetus to scale up quickly has left many organisations without a complete inventory of what devices are now within their corporate infrastructure. Organizations, therefore, need a way of passively discovering a complete list of their assets within a short amount of time. This method should work across networks so that no device is left undiscovered.
The Need to Look Beyond Rapid Deployment
Once all hardware and software has been inventoried, the organization will now have a clear view of what additional items they will need to procure in order to ensure all of their workforce is able to work as effectively in a remote setting as they could in the office. If orders for new hardware were necessary, the business’s primary objective would be to fulfil them and make sure that those devices could access the corporate network. Unfortunately, this is where a lot of organisations fall short. Let’s assume an organisation is able to acquire hardware and software for all its new remote employees and that it is also able to expand its infrastructure with either physical hardware or cloud-based solutions. The expansion rate would be senior management’s first priority – continue to provide excellent levels of customer service whilst keeping the business afloat. “Let’s get everyone connected and working from home and then we can look at our security posture, once we know the business is still running.” The initial focus of simply getting people online could have taken organisations a few weeks to complete. In that time, attention to security measures might have fallen significantly. Potential malware or malicious activity could have thus taken place, and the organisation would have had no idea. Perhaps the malware could have found its way to the corporate server build templates, and while the organisation was expanding its infrastructure, it might have inadvertently deployed the hidden malware code to all newly built servers. Without tools in place to cross-check that rapidly deployed devices are identical to the original hardened devices, there would be no way to tell if there was a security breach.
Business continuity, Infrastructure continuity
That’s why it’s important to have technical security controls in place. Tools such as Tripwire Enterprise have the ability to compare a baseline of newly created devices to both the pre-authorized devices that have been hardened and to the organisation’s guidelines. Being alerted to any deviations in real-time brings with it the ability to take an infected device off the network instantly and remove the risk of a security breach. A lot of organizations used to rely on the fact that once they developed templates of devices and had hardened them, nobody had permission to change them, and so they were considered reliable. This might have been the case in the past, but with all the hurdles that IT departments are having to jump through in order to keep their workplace’s infrastructure continuity and business continuity going, there are often areas that are overlooked or put on the back burner. This mindset is where a lot of security risks are introduced.
Security as a Central Focus
Being able to assist IT departments via automation tools should be a no-brainer. But regardless of which way an organization decides to adapt in these trying times, security should be considered a critical part of the expansion efforts, and it should be automatically baked into an organization’s expansion efforts involving its remote employees. Removing the idea of security being a side project or afterthought helps to reduce an organization’s risk profile while maintaining its focus on business and infrastructure continuity.
Editors note: Special thanks to Dean Ferrando for his contribution towards this article.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.