With Remote Work, Don’t Leave Security Behind
We’ve all heard how the global pandemic has accelerated workplace trends that were already well underway. Adoption of automation, e-commerce, and remote work has increased significantly, and many of the changes are here to stay. For example, many organizations that experienced positive outcomes after moving to remote work are planning to permanently reduce their on-premises workspaces. According to a recent McKinsey survey of 278 executives, business leaders anticipated reducing office space by 30%.
There’s no question that remote work can offer real advantages, not only in terms of health and safety, but in real estate and travel savings, business agility and employee satisfaction. In a recent survey by Owl Labs, half of participants indicated that they would seek jobs that offer remote work after the pandemic is over, and 23% would be will to take a pay cut to work remotely some of the time. However, in the rush to respond to the health crisis, many organizations were forced to extend their remote work programs with only minimal strategic planning. Although business agility remains important, it’s important not to forego essential best practices around cybersecurity.
Threat Actors Exploit a Wider Target Landscape
The more organizations extend their infrastructures, the higher the stakes in the event of a security incident. For example, in February 2021, hackers broke into a water treatment facility in Pinellas County, Florida, through dormant remote access software. Once inside, they attempted to poison the city of Oldsmar’s water supply by changing the level of sodium hydroxide in the system. Fortunately, the intrusion was quickly spotted by an alert employee at the treatment plant, but the public health consequences to the city’s 13,000 citizens could have been severe.
The Florida water treatment incident was exactly the type of attack anticipated in a recent DigiCert 2021 Security Predictions blog. In uncertain times, threat actors often leverage current events to gain an advantage. Remote workers are operating beyond traditional enterprise network perimeters, making the entire organization more vulnerable to attacks that might start in home offices, then move into the business. The blog noted that even common devices that are used at home for workers splitting time working at home and the office can be used to compromise an individual and allow for lateral movement into a business. DigiCert predicted that news of data breaches would increase in 2021, as the public learns about companies that have done a poor job of securing their remote workforce.
As organizations and employees adjust to the “new normal,” it’s up to businesses to remain vigilant as more employees continue to work remotely.
Mitigating Risk with PKI and Best Practices
Public key infrastructure (PKI) certificates, together with a virtual private network (VPN), provide an ideal foundation that lets organizations ensure secure access to the corporate private network.
VPNs have long been the resource of choice to support enterprise remote access, but to be truly secure, a VPN must be protected through multifactor authentication.
PKI digital certificates offer a flexible, frictionless way to authenticate all devices and users on the network. They are cryptographically secure, so organizations can be assured that a particular certificate actually came from their company, or a trusted source that has issued it. PKI certificates are also ideal for large organizations because they offer a high level of control. Organizations can revoke access at any time if an employee leaves the company. The certificates also incorporate an expiration date for additional peace of mind.
Securing the Remote Workforce at Scale
Agility is increasingly essential for driving business outcomes, and one of the main strengths of PKI certificates is their support for rapid deployment. Using a modern PKI management solution, organizations can quickly and easily distribute and manage certificates to protect all devices, data, and employees that are connecting to the network. Today’s enterprise organizations are increasingly migrating to cloud and hybrid environments, and ideally a PKI management tool should be deployable either as an on-premises or cloud solution, or as a service managed by their trusted certificate authority.
With the right management solution, enterprise organizations can support rapid signing for large numbers of devices and users, deploying digital certificates on demand using API-based automation.
To ensure flexibility, a modern PKI management tool should be capable of integrating with a variety of third-party solutions, including mobile device management (MDM) and unified endpoint management (UEM) platforms for secure device enrollment and management. Some organizations may also wish to support additional security measures such as smart cards and hardware security modules (HSMs).
A Secure Strategy Starts with Communication
A combined VPN and PKI solution, enabled by a robust PKI management tool, can provide the end-to-end protection that today’s increasingly remote workforces require. To realize the full potential of any security solution, organizations must also support and protect their use by implementing the right policies to keep it running at its best. Employee awareness and communication about security best practices are key to ensuring a successful adoption of any security solution—and enabling an organization to tap the full value of their security investment.
