Reducing Risk to the Enterprise With Trusted Devices
It has been a long hard slog to get to this point in the year. Not all that long ago we were plagued with the mentality that businesses needed to have butts in seats to get things done. If that past year has taught us nothing else about remote work, it is that it is a viable option.
There was the initial mad rush for companies as they had to pivot (in some cases almost overnight) to having their workforce spread to the four winds. Organizations had to make do with the hardware that they had on hand. In some cases, they had to send desktops home with their staff in lieu of laptops.
We have been on a remote work footing for at least 10 months now for many organizations. I’ve been very fortunate to have a couple CISO round tables per week since March, and I have been able to witness the shift in organizational responses from one of triage and firefighting to a more strategic view of how remote work will manifest in the years to come
There have been challenges to be certain. One of the more prevalent items in discussion was around scaling to meet the demand of a remote workforce was one of the earlier issues. VPN deployments that may have historically been undersized had to ramp up in short order to meet the new demands. Companies had to contend with how they were going to address the security posture assessment of devices that were connecting to their networks. Decisions were made. There was a requirement to keep the lights on and keep business rolling wherever possible.
Now we have been able to settle in with a better understanding of how to handle our remote workforce requirements. This last 10 months has given security practices the ability to make changes to better democratize security for their employees.
Not every zero-trust approach to securing the workforce is created equal - our guide will outline the requirements your solution should have to support a modern organization.
Zero Trust and Remote Workers
So, what do I mean by that? When we look at the world through a zero trust lens it’s all about reducing the risk in our organizations, reducing costs of security through streamlined processes and tools. Looking beyond. The end goal is to make it as easy as possible for the remote staff to be able to get their jobs done safely and securely without having to worry about the security tools.
People are very good at what they are good at doing. For instance, finance people or human resources personnel are not necessarily going to have a firm grasp of cybersecurity nor should they be expected to do so. For those of us running security programs we need to make life easier while maintaining a high level of security. Also, providing security tools to staff that enable them to be able to self-manage is a significant plus.
As an example, if a remote employee is trying to connect to a corporate network and their browser is out-of-date it would be beneficial to provide them with the ability to patch that browser themselves without the need to engage the helpdesk which is already having to deal with a great deal.
Compliance and Remote Workers
Compliance requirements are another reason to look at improving the tools that you use to secure the remote workers. Even in a pandemic the auditors will still need to do their job. We have a fiduciary responsibility to protect our enterprises and being able to demonstrate that we’re accomplishing this task you can utilize MFA to control access to sensitive information in your company. The audit trail from a tool like this goes a long way to demonstrate compliance for the audit team.
Endpoint Security and Trusted Devices
Device trust is essential for any enterprise. This is brought into sharp focus with our remote teams and the likelihood that this will continue for months to come. There is a need to be sure of the devices attaching to your assets are patched to current or n-1. Having visibility of the devices, understanding their posture and managing the risks associated with them will help to reduce vulnerability exposures.
As the number of cloud-based services increases this breaks the deprecated notion of castle and moat perimeter-based security. The perimeter is anywhere an access decision is being made. It helps us to sleep better at night when we know that we can trust the devices that we need to keep business running and the lights on.
Try Duo For Free
With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.