It’s March 2020 and without warning the COVID-19 pandemic has impacted the lives of people in more than 160 countries around the world. As an organization responsible for thousands of employees, customers and partners, you’ve made the principled decision to prioritize their safety.
Remote workforces are not new, but they have developed over time and have been well anticipated – for good reason. For security and IT leaders mobilizing a stable remote workforce, there are four critical considerations. How you react to them will influence the outcome of your employee work-from-home program.
For organizations that use a VPN for remote network access security, chances are you’re now dealing with scaling issues or bandwidth constraints – problems that cannot easily be solved. With this in mind, one must take a hard, critical look at the VPN when considering the current situation.
1. Resource Availability
Pushing mass users and BYOD endpoints outside the corporate perimeter for remote access introduces a big problem – latency. Network architectures designed with minimal ingress points and throughput can cause connection and response delays, constrain bandwidth, and ultimately impact productivity. VPN solutions are hardware-based and have limited bandwidth, making them slow, difficult to scale, and expensive to support the new mass-remote-user population. To avoid complexity, VPN policies are likely set for broad access, resulting in a network that’s wide open to any user.
In contrast to the VPN, a Software-Defined Perimeter (SDP) can alleviate network choke points, and solves the problem of the inherent lack of security that comes with overprivileged access. By design, SDP can deliver high availability, at scale, and do it more securely.
2. Resource Exposure
Unfortunately, in times of crisis there are malicious actors eager to exploit circumstances for personal gain. Your attack surface has quickly expanded, and VPN ports, which are always open and listening for connections, are highly vulnerable. This wide-open access lends itself to unauthorized lateral movement leaving sensitive resources exposed.
Cybercriminals know these flaws, which is why the US government has been cautioning enterprises relying on VPNs for mass work-from-home schemes:
“As organizations use VPNs for (remote access), more vulnerabilities are being found and targeted by malicious cyber actors,” – Cybersecurity and Infrastructure Security Agency (CISA) – a branch of the US Department of Homeland Security – said in an alert issued on March 13.
Single-Packet Authorization technology, unique to Appgate’s Software-Defined Perimeter, can dramatically reduce your network’s attack surface by making all ingress points into your network invisible. Fine-grained micro-segmentation further reduces your attack surface by making only the resources pertinent to someone’s job available, leaving everything else invisible and inaccessible.
3. Employee Wilderness Readiness
The majority of cyberattacks start with phishing, and fraudsters have become adept at using social engineering to harvest end-user login credentials, or dupe users into installing malware onto their device. Cybercriminals will look to exploit the human vector to manipulate the weak authentication of TCP/IP and ride an unsuspecting VPN tunnel into the heart of your network.
“Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords,” – Cybersecurity and Infrastructure Security Agency (CISA) – a branch of the US Department of Homeland Security – said in an alert issued on March 13.
Beyond educating your workforce about external threats, it is important to proactively remove those threats before they are able to manipulate your end users. Even more important is to recognize the inherent flaws of authenticating based on the IP address and password alone. With an SDP, you authenticate a user’s identity by gauging their contextual attributes, such as whether the device has malware, the date, time and their location, and the user’s role and privileges as defined by your identity provider or IAM system.
4. Simplicity at Scale
An under-resourced IT and security team is on the hook for implementing and maintaining hundreds or thousands of new external network connections. Often the complexity at this scale means the degradation of security in order to ensure business continuity.
Maintaining business workflows should not come at the cost of security. With an SDP, you can simplify policy management, integrate with existing business systems to automate access, decrease dependency on your firewall, reduce the number of rules, and unify your secure access solution across hybrid infrastructure.
Appgate SDP
Appgate SDP is the industry’s most comprehensive Software-Defined Perimeter, and is designed in accordance with the Cloud Security Alliance SDP specifications. It was purpose built for the elusive nature of today’s security perimeter, delivering secure access while enabling agile operations. It is the only SDP solution to receive Common Criteria certification.