News of the Google Docs phishing scam is not the first time that shared cloud-based resources have hit the headlines for all the wrong reasons. Many popular collaboration and IT management tools, such as Teamviewer and Slack, have had their time in the spotlight for compromises and breaches. The truth is these systems unwittingly provide an easy backdoor for cybercriminals and add yet another dimension to the expanding surface of attack that modern companies find themselves faced with, which is already escalating thanks to the growing number of mobile devices and the increasing presence of the Internet of Things (IoT). The way we work is changing. Today’s connected world is customer-driven, and business happens everywhere. More and more organizations are realizing that their applications must move with the business. From laptops and computers to tablets and smartphones, enterprises are becoming more flexible and customer experience is becoming seamless. However, mobile work spaces must satisfy not just employees but also IT teams. Employees expect to be productive and be able to collaborate with their colleagues; IT teams expect to deliver applications and tools seamlessly across any device while having enterprise-level control to ensure data security. So, how can companies continue being flexible while at the same time reducing security threats? The answer is to remove as much of the attack surface as possible. Here are five tips to help IT departments secure their borders as effectively as possible:
1. Remove the parts you cannot control
If you cannot control a part of your process, you cannot secure it and must rely on the controlling agent to warrant its integrity. While you may not be able to remove every potential weak link in the chain, you can minimize your risk exposure by reducing your reliance on third-party cloud-based systems. On-premises alternatives remove the single external point of failure that can put your networks at risk of compromise.
2. Ensure you have secure privileged access
There are three key points that need to be made here:
- Don’t allow for weak privilege access such as single password authentication that provides backdoors to gain system access. Instead, strong native authentication mechanisms should be enforced.
- Do not authorize system access account credentials to be registered and stored outside of your controllable realm. Allowing a third-party vendor to store credentials for your endpoints opens a prime attack vector.
- Don’t allow system access accounts to be easily shared or distributed as the sharing and distributing itself will require protection.
3. Don’t expose your data and system information
Any type of system information, as harmless as it may seem, represents intelligence data that can be used to exploit known vulnerabilities. As with privilege access accounts, do not let system information leave your premises. Allowing this information to be managed and stored by third-party vendors means you are relying on their security risk compliance policies to protect your data.
4. Stay connected to your users
By making greater use of background endpoint management tools, you can perform scans and pre-empt any issues without involving or interrupting the user. Crucially, this also means you need to ensure that your users’ remote laptops are patched and up-to-date, which is one of the quickest ways to stop the vast majority of malware threats gaining access to your systems.
5. Audit, Audit, Audit!
When it comes to your IT systems management, you must ensure that you audit every system access and operator action. Even though auditing is an after-the-fact reactive measure, it can also be pre-emptive as it enables you to prevent an error from being repeated. Additionally, it can act as an additional layer of internal security; if users/admins know they are being audited, they are less inclined to do harm.
Conclusion
Remote working and the need for collaboration is not going to go away. In fact, it’s likely to increase in the coming years. The tightrope that IT departments need to walk is one of allowing users as much freedom as possible while at the same time keeping a tight rein on security. Do this and they can rest assured that even though the user is remote, no data is leaving the company premises, and they have complete management capability.
About the Author: Pascal Bergeot has 20 years of experience in software technology development, software consulting and general management including design, implementation and commercialization. Since founding Goverlan, Pascal has developed innovative and secure remote administration solutions while providing organizational leadership. Prior to founding Goverlan in 1998, Pascal worked as an IT software development consultant and systems administrator at Goldman Sachs in New York City. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
