Your Users Have Left the Building: Now What?

The dramatic growth of mobile devices, the widespread availability of always-on fast wireless networks, and the rapid adoption of cloud applications have transformed the viability of remote working. Employers are increasingly adopting flex schedules, implementing work from home options, and otherwise enabling their employees to work “off the grid”. Here at Akamai, my coworkers can be found all over the globe – setting up shop in places like hotels, coffee shops, airports and their own homes. We are not alone in this practice.

A report produced by Global Workplace and Flexjobs in 2017 stated that remote working in the U.S. had increased by 115% in a decade and that nearly 3% of the workforce in the U.S. works remotely at least 50% of the time. And in the UK, 37% of the workforce work remotely part or all of the time.

AWS Builder Community Hub

As a result, employees are increasingly working outside of the traditional corporate perimeter and accessing cloud applications and company networks from anywhere, at any time. Despite advances in mobile technology, the legacy approach of deploying a VPN on a laptop and backhauling traffic to the enterprise perimeter to inspect and control that traffic with a firewall or secure web gateway endures. But this is no longer viable.

–       The size and volume of workload traffic continues to grow and backhauling that traffic through a VPN can often dramatically decrease performance and user productivity.

–       Applications and workloads are migrating to the cloud – often eliminating the need for a user to be connected to the corporate network to do their job.

–       Even if the employee’s laptop has a VPN installed, many users will simply connect to the Internet and switch the VPN client off since the applications and data they need to work are not behind the enterprise perimeter.

–       The growing use of split VPNs means that not all remote traffic hits the corporate network.

According to Gartner, by 2021, 27% of corporate data traffic will bypass perimeter security, up from 10% today.

 The Risks

Despite the many positives that come with remote access, it also poses risks to the network. Mobile workers who operate off the corporate network and connect directly to the Internet expose an attractive attack surface for malicious actors. 

Here are some scenarios:

  • A user at a conference switches off the VPN client on their laptop and connects to the hotel’s guest Wi-Fi. All of the user’s traffic is now going directly to the Internet and bypassing the security and control provided by the corporate perimeter. Now, the only protection is the endpoint anti-virus. 
    What happens if the user visits a compromised web page or clicks on a phishing link? The anti-virus may be effective in detecting and blocking the threat, but malware evolves quickly and is written to specifically bypass and disable anti-virus, so relying on a single layer of protection is risky. 
    Once the laptop is compromised and the user is back inside the corporate perimeter, that device is an effective “back door” into the network. This compromised device can be used to move laterally across the network, infecting other devices and servers while looking for data to exfiltrate out of the company.
  • At the same conference, another user connects to what they believe is the hotel’s guest Wi-Fi, but is actually a rogue Wi-Fi network. This network allows malicious actors to easily compromise this user’s laptop by directing the user to websites that will deliver malware to the laptop.
  • A remote worker is browsing on a work laptop and decides to visit some inappropriate sites while on the clock. Since they are off the corporate network, you no longer have visibility and control of the traffic and it’s impossible to enforce the company’s Acceptable Use Policy. What is the reputational risk to the business of uncontrolled web browsing?

Zero Trust – A New Model

Given this threat-laden landscape, has relying on the traditional perimeter approach –  employing a VPN on the laptop – had its day? Well, we know the old approach of “trust-and-verify” is risky. A laptop that’s compromised when it’s outside the perimeter brings the threat back inside with it once the user eventually reconnects to the corporate network. 

In a zero trust security model, you have the same level of control and visibility for all users and devices, no matter where they are or how they are connected. Essentially, treat all devices as foreign and hostile. This is difficult with a legacy perimeter, but becomes easier if you adopt a cloud perimeter.

Using Akamai’s Cloud-based Enterprise Threat Protector to Deliver Proactive Protection for Remote Laptop Users  

Akamai’s Enterprise Client Connector and Enterprise Threat Protector allows companies to:

  • Quickly add an additional layer of proactive defense for off-network laptops to reduce risk and improve security.
  • Enforce an Acceptable Use Policy for remote users 
  • Get full visibility into off-network DNS traffic and detect anomalies

The lightweight connector automatically directs all of a laptop’s DNS requests to Enterprise Threat Protector when the laptop is not connected to the corporate VPN.

This significantly improves security defenses by proactively blocking DNS requests to malware and ransomware drop sites, malware command and control (CnC) servers, and DNS data exfiltration and phishing domains based on unique and up-to-date threat intelligence.

In addition, it lets you quickly and uniformly enforce compliance and your Acceptable Use Policy by blocking access to objectionable or inappropriate domains and content categories.

If your company has remote users or an increasingly mobile workforce, you’ll want to test your defenses today. We offer a free 30-day trial and report that will reveal threats detected on your network, the potential impact of these threats, and what web content your users are accessing. 

Visit to get started today.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: