New Hybrid Working Models Drive New Risk Management Approaches
By: Ali Gomulu
While the global pandemic continues to change the way we work, unlike where enterprises found themselves last year at this time (with most employees forced to work from home), the options for working remotely continue to evolve.
After a very busy time in 2020 assisting our enterprise clients across many industries to secure their communications and protect their assets in the middle of the uncertainty, this year we are implementing access management solutions that are even more automated, intuitive, and cloud-friendly, that run in the background, making the lives of the IT and OT teams we serve less complicated.
Consistency, Automation & Intelligence for Hybrid Workforce Scenarios
Understanding and addressing increasing risks as cyberattacks become more sophisticated and pervasive has become one of the top goals for CISOs, who have already been investing in ensuring the access control platforms they use support multi-cloud, hybrid computing and communications architectures.
Access by an expanding array of privileged users over an increasing number of virtual, cloud-hosted critical business applications has defined the innovations we have been creating and implementing at some of the world’s largest telecom and cloud service providers, systems integrators, and enterprises.
Legacy approaches developed for static infrastructure are no longer enough. With the surge of digital transformation now combined with the requirement to support “work from anywhere” mandates, consistent policy enforcement and real time visibility and control for an increasingly dynamic, distributed infrastructure has never been more critical.
Security tools are central to enabling a structured approach to managing critical access risks as businesses and organizations evolve, and with a modern, intelligent and scalable privileged access platform and set of tools, enterprises can progressively automate and scale access management to align risk mitigation with business needs, including securing the growing “edge” as more autonomous systems, including sensors, expand the attack surface.
In addition to more compute happening at the edge, with privileged employees now working from the office, from the data center, from their homes, from their favorite coffee shops, on the train commuting into work again, and from global travel as the economy picks up, the job of the CISO and IT/OT teams is getting more difficult, and impossible to manage without modern tools.
By acting as a bridge between environments, across cloud and premise-based systems, a dynamic enforcement point for granular authorization policies for all privileged actions can enable flexibility and support monitoring, management and protection against attacks exploiting privileged credentials.
By looking at risk management holistically and aligning cybersecurity with cloud transformation and new hybrid workplace programs, enterprises can go beyond today, and position themselves for an even more fragmented world where physical and digital “borders” merge.
Traditional approaches to managing privileged access for hybrid architectures, cloud–based services, and work-from-anywhere environments have fallen short, which is why Ironsphere has invested in building our PAM solutions to enable, for example, extending password control capabilities to the Amazon Web Services (AWS) admin console, governing SSH keys for developers deploying applications on public cloud services and more.
Working with our partners, we are making it possible for our mutual clients to leverage investments in privileged access control to address the ongoing need for security and compliance, even as employees maintain often unpredictable schedules.
Our clients are concerned about facilitating multi-cloud deployments with this new layer of work-from-anywhere, and require a model that is extensible across environments and effective at detecting threats to privileged access security that can be compromised because of lack of oversight or malware extracting credentials from provisioning scripts, as we have seen in the surge of ransomware attacks especially.
The business impetus for adopting cloud architectures is to drive agility, to roll out applications and services both internally (supporting employee collaboration) and externally (supporting excellent customer experiences). Cloud is growing because of the natural benefits of economies of scale and operational cost savings. The rewards are worth it, only if the implications of the diversity of working models is comprehensively addressed, with an increasing number of privileged identities, including people (developers) and machines (APIs, code in the form of containers, IoT gateways, and more).
The ascension of DevOps within our client’s environments has also proven to drive the need for more privileged accounts, including those set up for contractors, not just employees. Many of these contractors work almost exclusively from home, and can touch many critical business applications, systems, data, and other assets.
We are bringing the most advanced privilege access solutions, flexible, faster to implement, and easier to manage, with access and actions integrated into automated workflows and processes.
Applying best practices in securing least privilege access and role-based access has never been more important, and as the economy heats up and businesses scramble to keep up with returning demands, it is vital that policy enforcement be easily integrated and instantiated in dynamic and distributed infrastructure, supporting a dynamic and distributed workforce.
In summary, there is no turning back from the requirement to support workers working from anywhere and everywhere, securely. The continuing impetus toward digital transformation and automation means enterprises are rethinking how privileged identities and credentials are managed and secured, not only to ensure risk mitigation through defenses against increasingly aggressive adversaries, but also to ensure employees can be productive from anywhere, at any time, as the world slowly continues to recover from the pandemic, and the economy opens back up.
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.
Corporate information security governance is a foundation upon which organizations can build an increasingly significant part of their overall risk management platform. The foundation of a successful security governance program begins with strong upper-level management support, including the CEO, Chairman and Board Members.
Data Privacy Day is held on the 28th of January every year, and is designed to raise awareness among businesses, governments, and other organizations on not only the right to privacy, but the responsibility associated with protecting the data of customers, citizens and consumers.