The current and future challenges facing digital enterprises, which in turn rely on remote working employees, business associates, partners, cannot be mitigated by the current architectures, like generic VPN or RDP or VDI solutions. What’s needed is a fresh and radical thinking to deal with current and emerging challenges and threat landscape.
Most organizations primarily focus on perimeter security. But the traditional definitions of the term perimeter are no longer applicable today. In the digital world, the term perimeter is no more limited to the physical data centre alone, but covers everything right from end-user devices, IoT, and network to everything else that data traverses.
The network and the organizational perimeters are now amorphous as compared to what they were before. The lines between inside and outside the organization have blurred. The weakest link in the chain is often the end-user. Thus, organizations must adopt a stringent approach to secure all access across their networks, applications, and environment.
Current challenges
- SSL VPNs operate at the network layer and expose the corporate network to malware at end-user devices
- Polymorphic malware cannot be detected by antivirus
- Classic signature-based malware and ransomware may still get through the AV and get access to corporate intranet
- When a user browses the Internet, websites track user’s actions, interests, preferences, behaviors and use them for improving user experience, serve targeted ads and to make money by sharing the user demographics data with other websites. The same data may get leaked into the dark web and other bad actors who can potentially use this data to launch a targeted attack on individuals and through them to their employers
- People working remotely could copy confidential company data on BYOD devices
- Unauthorized or BYOD devices, used extensively in untrusted networks, could carry malware or key loggers
- Lack of control over end user’s internet access
- Limited or no control over device entry/access
- A device could be unauthorized for a variety of reasons like non-compliance to organization security standards
- Device may not have the right patch levels or DLP, AV, other approved software installed
- There is no way to find out user’s location and time of access to make a decision whether to allow a user to access the resources/operations
- No way to find out if the device is authorized to access the resources or operations on basis of a combination of multiple parameters or within a context
- Some assurance/guarantee of end user bandwidth requirements
- Provisioning laptops to end users is time consuming and logistically complex
- Addressing productivity/attendance issues.
Yesterday’s solutions or architectures cannot solve today’s and tomorrow’s problems or concerns.
You may have come across one or more of the problems listed above in your organization or company. Don’t ignore them and ask your remote access product/solution vendor how it can solve or mitigate each of these concerns/problems.