Cybersecurity and Your New Remote Workforce
In some cases, even when resources such as messaging, email, and collaboration tools can be accessed by end users directly through the cloud, namely the public Internet, organizations still require users to connect to them through a traditional VPN. In many situations, this has been done for security reasons, such as to ensure that access is logged and to minimize the possibility of data leaks outside the perimeter.
However, as a practical reality, these approaches have proven impracticable given the huge volume of traffic that any significant workforce would generate. This has led these organizations to open up new avenues of access to allow users to directly use these cloud services.
These results can be useful from a safety perspective. In situations where legacy VPN was used as a security mechanism for cloud access, organizations had to instead rely more heavily on cloud solutions to achieve the same goals.
For example, by moving log points and enforcing policies from the network to the cloud service. This can be beneficial from a security perspective, as it helps the organization centralize log information and leverage tools that are more integrated into the cloud service.
In situations where VPN access was "strobe" access to security-related features such as the deployment of patches or AV updates, organizations had to move to a model where those patches could be deployed to end users without VPN access, thereby potentially increasing the efficiency of their installation for remote users.
BYOD has led to a situation where data containment is mandatory. After all, many of our employees do not have access to laptops or mobile devices provided by the firm. This means that to keep the organization running, we had to allow BYOD access in situations where we would not have done so in the past. This has created a situation where we should focus not on gating access to data from devices that we might not trust as much as internal endpoints, but instead make sure we are doing two things:
Authenticate user access to data instead of focusing solely on the device.
First of all, limit the possibilities of transferring data to an unreliable device and their further use.
In the long term, this focus on how to limit the data - where it can be used, where and how it can be stored, and so on - can ultimately work to improve overall posture.