Ensuring Diligence In The Technology Era
Businesses today rely on partnerships and the mobile workforce to gain strategic advantages while also balancing the risk that comes with these services. Traditional virtual private networks (VPN) such as site-to-site VPN or remote access VPN, a method to ensure mobile employees are securely connected to headquarters, now require attention to detail. Changes in technology have challenged what we once believed to be set-and-forget solutions.
For business partners that frequently share data and require a siteto-site VPN, the two companies agree on the shared access network areas, configure security parameters for the virtual private network “tunnel” with a password/certificate and establish encrypted communication. This is much like a private fiber connection only secured over the internet. As partners merge, relocate, upgrade, or even move to cloud solutions, stale configurations are left behind in critical areas of the network, typically at the perimeter. As a result,what was once a simple solution to establish affordable connectivity is now an inherited technical debt that requires resources to conduct reviews and controls. Establishing controls,such as scheduled VPN configuration review to ensure these critical channels are up to date or still necessary,can help reduce risk and threats. Your organization inherits any oversight from partners or vendors that are connected via site-tosite VPN. Controls are needed to ensure that vendor management includes a reminder to partners on meeting certain compliance requirements and review of their own configurations, typically accomplished by requesting SOC reports. As organizations grow and begin to use automation and bots, whether for establishing VPN or conducting security controls, they should take appropriate steps to ensure previous human interaction on these reviews is not overseen by scripts.
“Technology creates opportunities for business, however, proper diligence is required to ensure security is the top priority now and into the future”
For mobile workers needing access to datacenters over internet, connectivity is established with a remote access client installed on a corporate workstation. The remote employee connects to a broadband internet service, typically over Wi-Fi, then initiates a private connection by entering credentials on the VPN remote access client. Typical configurations tunnel all traffic back to the corporate office where proper web filtering and firewalls can continue to protect the end-user. With frequent employee turnover, controls should be in place to ensure prompt de-provisioning of remote access and cloud applications. Daily malware threats create the need to ensure endpoint posture is tested before connecting to the network. The posture assessment ensures basic requirements are met on the remote employee’s workstation before it is allowed to connect to the corporate network. Antivirus software, recent security patches and operating system are some of the basic features that can be checked to reduce risk. As remote users embrace mobility and cloud application, new challenges arise for internet access and reduce the security complexity. Technologies such as endpoint DNS security are a great solution to ensure business is still the primary function while working remotely.
Technology creates opportunities for business, however, proper diligence is required to ensure security is the top priority now and into the future. Increased popularity of automation and cloud applications will continue to shape technology such as VPN. The days of set-and-forget solutions are no more.