Nine mandates to secure your remote workforce
Blog Article Published: 04/22/2020
By Ishani Sircar, Manager, Product Marketing at CipherCloud
Are We in a Cloud-First Environment?
Let us look at a regular workday: A few updates on Slack, followed by emails on Microsoft Outlook, updating attendance on Workday, a few meetings with partners on Microsoft Teams, updating the status of leads on Salesforce…look familiar? In these remote working times, this is a regular day for most employees.
To curb the COVID-19 pandemic, organizations are encouraging employees to work remotely. However, operating with a fully remote workforce is unchartered waters for most organizations. This surge in the remote workforce has strained the existing IT infrastructure with more and more unmanaged devices accessing the enterprise network and using cloud apps for day to day operations. As enterprises extend their collaboration to cloud further, lack of visibility and control to the edge raises exposure to data loss, compliance violations, and breaches. Security and risk management leaders are plagued with these questions:
- What would be the right mix of access controls and policies to ensure the data is always handled correctly? What are the risks originating from employees and the numerous personal devices being used? Who are the users, what devices are they using and what is their location?
- Is the organization still following all the data privacy and compliance regulations across all of its office locations? What are the region-based penalties for non-compliance?
- In the new remote-work environment, is your organization ready to face any new emerging threats, vulnerabilities, and data leakages, with such a wide attack surface?
What is the New Normal?
360-degree visibility and control over all remote users, devices, clouds, and data being accessed.
Keeping the remote workforce secured and operational is the key to maintaining continuity in the current cloud-mobile world. A consolidated and centralized multi-cloud security strategy enables the organization to keep its data, or let’s say its crown jewels, safe.
Building Blocks to Securing the Remote Environment
CASBs are tailor-made to address the cloud security concerns of the cloud-mobile environment. The following are some key recommendations and CASB capabilities to solve the #1 problem the industry faces today: protecting sensitive data in a remote work environment.
- Maintain deep visibility into the cloud apps: Shadow IT Discovery helps you stream and analyze all the log activity from remote devices, providing you 360-degree visibility into user activity across sanctioned and unsanctioned clouds.
- Zero-Trust Identity Control: CASB provides full support for SSO integration to verify the user at the door, maintain comprehensive logging of user access, and step-up the user authentication with Multi-Factor Authentication (MFA).
- Focus on human-centric security: It is important for organizations to define security controls that go beyond user verification at the door. Technologies such as UEBA and Adaptive Access Controls perform a continuous risk assessment of user activity while the user is logged in, and can block access to the data in case of anomalous user behavior. Examples of anomalous behavior might include a user downloading several gigabytes of files at 2 a.m., or attempting a valid log-in from Beijing only two hours after logging in from Chicago, Illinois.
- Define powerful data protection controls: Set strong DLP policies to identify, classify and protect sensitive and restricted data (PII, PCI, and PHI) at rest, in motion or in use. DLP can enforce actions for restricted sharing (ethical firewalling), isolation of infected files, or automatic encryption of sensitive content.
- Secure your emails: Email continues to be the number one threat vector in cybersecurity both for threat protection and data loss. The problem is compounded with cloud-based business email – Microsoft Office 365 and Gmail from G Suite. DLP for emails defines policies to protect your email data even before it leaves the organization premises.
- Secure offline access: Native Information Rights Management (IRM) secures offline data access, protecting the data that gets downloaded from the cloud applications to users’ devices. In the event of data misuse, administrators have the ability to retract data access, even if it was downloaded and copied to another device.
- Zero-Day Threat Prevention: A fully remote workforce has broadened the cloud-born attack surface. Detect and isolate threats, anomalies, malware shared over tools across clouds, in real-time. Deploy CSPM to understand your cloud risk posture with an assessment of your cloud environment against the security and compliance best practices with a consolidated dashboard view.
- Advanced-Data Privacy and Compliance: With so much information traveling outside the enterprise perimeter, violations are bound to happen. CASBs enable organizations to govern and remediate any compliance violations with out of the box rules, regulatory reports pertaining to data privacy (CIS, HIPAA, GDPR, CCPA, and Data Residency) and CIS templates, and actionable risk dashboards.
- Manage Personal Devices: One of the biggest pain points due to a remote workforce is keeping track of data access and usage by BYO devices, and preventing data leak or loss in any form from the personal unmanaged devices. CASB’s external integration support with MDM solutions help control data access from personal devices and block the devices in case of user behavior anomaly.
Complementary user-centric and data-centric approaches to policy enforcement would be the key to securing the workforce and the data vital for the organization’s business continuity. To know more about fully securing the remote workforce, and ensuring business continuity in these times, watch the webinar “Managing Cloud Security Risks in a Remote Workforce Environment.” And last, but definitely the most important, security and risk management leaders should plan to educate the remote workforce about best practices and maintain an open line of communication that could really be the game-changer to get us through these times!
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.