June, 29, 2020
By Chester Wisniewski:: The unplanned shift to working from home caught many IT departments by surprise, which inevitably led to a lot of security concerns. Do we have enough VPN capacity? Did everyone bring their laptop home? Can we manage software updates with machines on home WiFi networks? While this certainly wasn’t something most of us had prepared for, we now are approaching phase two in many locations around the world… The move to reintegrating some of our workforce back to the office.
In a perfect world, most of us would be using Zero Trust Networking (ZTN) or Secure Access Service Edge (SASE) for accessing our applications, making the transition in and out of the office for most workers a zero effort endeavor, but very few of us are there yet. If we still have a perimeter, we will need to be cautious about how we reintegrate devices and data that have been outside the reach of management tools while some users were away. Here are some ideas on how to manage a few common situations.
Many organizations lost the ability to install or enforce updates for the duration of the stay-at-home order. Consider implementing a slightly restricted quarantine LAN to isolate these devices while the IT catches up on procedures for checking their security before reentering the corporate LAN environment. This would be very easy to do using the guest WiFi function of your wireless network and enable productivity to continue with the added safety of being able to quickly block or disconnect misbehaving devices.
Checking the integrity of company owned devices will be critical, especially as some users allowed their children or families to use their device, as it may have been the primary device in the household for homework and other activities. In addition to ensuring operating system and application updates are installed it would be prudent to do a full system scan using your endpoint security product, like Sophos Intercept X Endpoint.
Shadow IT is a problem at the best of times and to be honest, you have to admire the ingenuity of employees doing what they can in a time of crisis to get their job done. A good practice on return is to consider an IT amnesty program. Ask users to share what tools they needed to use while away that weren’t accessible or provided by IT. Use this as opportunity to learn where the gaps in your remote work strategy are and be sure to get sensitive data identified and brought back in where it can be protected and controlled. Common applications used during home work will include services like Dropbox, Facebook Messenger, WhatsApp, Slack and Google Docs.
For users without VPN access to company file shares, the use of personal cloud services and removable media will likely have been utilized. Work toward the elimination of these devices as a whole, as they are difficult to encrypt and easy to lose. Be sure everyone knows about your organization’s cloud storage service and help staff move any documents stored on personal devices or clouds to the officially sanctioned tools.
I see this as an excellent opportunity to implement new policies, embrace more secure modern tools that enable remote work and maybe even cut down on the amount of work travel as we become more accustomed to online meetings. Just don’t think it is business as usual. We’re moving forward now.
(The author is the principal research scientist at Sophos)
Video Story