Throughout the pandemic there have been numerous attacks on Zoom calls and remote desktop protocol operations. Today’s columnist, Jason Berland of MorganFranklin Consulting, offers four tips on how security pros can use identity-centric security to lock down RDPs and curtail attacks on video calls. (Credit: Zoom)

Two decades ago, many business leaders viewed working from home as a perk for employees. Others were skeptical, fearing employees would become distracted or disconnected from their teams. For workers today, the landscape has changed dramatically.

Even before the coronavirus exploded into a crisis, enterprises were adjusting to a new reality: one where cost-cutting, mobile computing and the need to promote a work-life balance for employees made supporting a remote workforce more attractive. The pandemic has accelerated this trend and forced businesses to grapple with a larger percentage of their staff going virtual than ever before.

As staff members trade their office cubicles for desks a few feet from their bedrooms, IT teams should expect to deal with users connecting from unmanaged personal networks and devices, as well as changes to the onboarding and offboarding process. Regardless of the collaboration tools and cloud services workers adopt, identity serves as the bridge between users, applications, and data. As a member of the Identity Defined Security Alliance (IDSA), we focus on identity as a way to deal with an ever-evolving threat landscape. Whether they are ready or not, enterprises have to deal with the demands of a remote workforce,  and identity defined security helps them do it safely. Identity defined security delivers real time, intelligence-based access to data and applications by integrating IAM infrastructure with enterprise cyber security technologies. An identity-centric approach to enterprise security lets enterprises optimize their cyber security investment while controlling risk as IT infrastructures converge.

How, you ask? Here are four ways an identity-centric approach can improve security for remote workers:

  • Empower secure collaboration with identity and access controls.

In the early days of the pandemic, news reports of attempts to hack teleconferencing calls were common. There was also a spike in reported remote desktop protocol (RDP) attacks. As users look to work remotely, security teams must protect online collaboration tools. By integrating their identity and access management (IAM) infrastructure with their security systems, organizations can build a stronger wall around corporate assets and data. This approach lets companies take enforcement actions like revoking user access to certain applications in response to high-risk events, such as policy violations. Additionally, businesses can leverage multifactor authentication (MFA) based on identity to wrap another layer of security around tools such as Zoom or Cisco Webex by using it as a challenge during the initial log-in process or in response to suspicious activity.

  • Leverage dynamic policy enforcement to protect users and devices.

When an employee works in his or her office at company headquarters with a device provisioned by IT, security teams can easily track their behavior and the health of the device. However, with a remote workforce, unmanaged devices are connecting to the corporate network from places ranging from coffee shops to home offices.

Identity-centric security calls for businesses to correlate information about the user and their device to provide the context needed to make smart decisions about authentication and access. Geographic location, IP address, time of day—all these factors are used to establish a baseline of normal user behavior and attributes. If someone tries to access resources in ways that deviate from their normal activity, it’s often a sign that there’s something wrong. For example, a user suddenly attempting to access an application multiple times at 2 a.m. from a foreign country may indicate evidence of an attack and warrant revocation of privileges or other actions.

Enterprises that have seen the numbers of remote workers spike because of the pandemic should prepare for some user behavior to change, such as the places they are accessing the network from or the time of day they are logged on. Security teams should make identity policies dynamic and adaptable to deal with those changes.

  • Physical controls are not enough; organizations need software-based identity-defined controls.

Think of a data center administrator. Prior to the pandemic, he or she could only access the systems in the data center by entering a room using an employee badge. In the event of a stay-at-home order, workers will need to access those machines remotely. Enabling that access opens up potential security hazards for an organization’s most sensitive systems. With a remote workforce, the physical safeguards that were in place to control access no longer matter. In their place, enterprises that can enact identity-focused controls—from privilege management to multifactor authentication—can more effectively adjust to support remote workers without compromising security, compliance, or business operations.

  • Deploy a ‘least-privilege’ approach on BYOD devices.

It’s only natural for employees working from home to switch between personal and corporate devices. Unfortunately, unmanaged devices represent a big unknown for security teams. If an employee accesses sensitive data or applications from a compromised or unpatched device, the organization’s risk profile can shift right under the security team’s feet. Security teams should limit access to critical systems and data by unmanaged devices, extending the principle of least privilege that governs company-issued devices. Consider least privilege an essential part of a Zero Trust architecture. It reduces the damage done in the event an individual endpoint gets compromised in an attack by hampering the ability of threat actors to move laterally once they are inside the network. Granting users just enough rights to perform their job duties shrinks the threat landscape, whether employees are off-site or on-premises. 

Securing the new normal

Right now, it looks like the trend towards a more remote workforce will continue to march on well into 2021. A recent Gallup poll of U.S.  workers found that nearly two-thirds of those who have worked from home during the pandemic would like to continue to do so. One way or another, businesses have to be prepared to support an increasingly remote staff. With identity-centric security, organizations can support the new normal without sacrificing their ability to protect their users and data.

Jason Berland, managing director of IAM-Cybersecurity, MorganFranklin Consulting

Original article source was posted here