BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Manage these 3 IT Security Risks to Keep Your Remote Workforce Secure and Productive

February 22, 2019

  • Blog
  • Archive

A tight labor market, the globalization of technology, and many other factors continue to drive the trend toward workforces that are more mobile, embrace working from home, and that are in need of new solutions for cybersecurity.

According to Gartner, “by 2020, organizations that support a “choose-your-own-work-style” culture will boost employee retention rates by more than 10%.” Forbes has also posited that Financial Accounting Standards Board (FASB/IASB) accounting changes, which went into effect January 2019 in the US, impact every company leasing commercial real estate in a way that, as “cost-optimization strategy,” will induce businesses to increasingly hire remote workers and offer telecommuting options.

While remote work confers many benefits, the downside for information technology (IT) teams is that it does make IT security more complex. How can organizations ensure that their remote workers are empowered with the tools they need to be productive, without exposing the organization to inordinate cyber risk?

To that end, let’s consider three key challenges organizations face in enabling and protecting remote workforces, and then identify best practices for addressing these challenges.

  • Secure Remote Access to Corporate Resources
  • Bring Your Own Device (BYOD)
  • Enforcing Consistent Cybersecurity Hygiene

Today, remote employees usually connect to corporate resources directly via a VPN or hosted via cloud resources. These employees are often behind their own home routers that employ technology like NAT to isolate the network. However, this creates a network routing problem for traditional IT management and security solutions.

Corporate cybersecurity solutions cannot resolve and route to remote employees to push updates or directly query systems. Thus, all remote devices must poll (initiate an outbound connection) into cybersecurity resources for updates, or to submit data. This often requires a persistent outbound connection to determine state—regardless of using a VPN or cloud resources—and can falter from trivial network anomalies commonly found in home-based wireless networks or cellular technology.

Additionally, discovery technology, pushing policy updates, etc. all become batch-driven as opposed to near real-time due to name resolution and routing limitations. Even remote support technologies require an agent with a persistent connection to facilitate screen sharing since a routable connection inbound to SSH, VNC, RDP, etc. is not normally possible for remote employees.

Thus, the top cybersecurity challenge for remote employees fixates on devices that are no longer routable, reachable, or resolvable from a traditional corporate network for analysis and support because they are, in fact, not on the traditional corporate network. This leads to a remote access security gap that can be initiated by IT resources, versus the end user.

Remote employees are generally enabled via one of two policies:

  • Corporate-supplied information technology resources, or
  • Bring your own device (BYOD).

While corporate-deployed resources can be robustly hardened and controlled, personal devices are often shared and not subjected to the same security scrutiny. Organizations struggle to manage end-user devices with mobile device management (MDM), or enterprise mobility management (EMM) solutions, and technology that can only isolate applications and user data on a device.

IT teams can simply not harden employ-owned devices and govern the device operations as tightly as a corporate deployed system. While BYOD is no longer a new concept, organizations still struggle to enable it without introducing unnecessary risk. The methodology your organization chooses is ultimately a balance between cost, risk, and usability, with neither of the above options a clear winner.

The third challenge for securing remote workers involves fundamental cybersecurity controls like vulnerability assessments, patch management, and anti-virus. Traditionally, all of these were performed using network scanners, agents, and services to execute various functions, and require connectivity to on-premise servers.

Cloud technologies have made these security basics easier to manage, but many organizations have not matured enough to embrace these technologies for remote employees. However, organizations empowering remote employees should consider the cloud for managing basic cybersecurity disciplines since connectivity issues are only getting worse with cellular and other mobile technologies that cannot maintain a persistent and routable connection. The cloud offers universal resources—outside of a traditional data center—to which remote devices can securely connect and embrace methodologies like geolocation and two-factor authentication, for additional layers of security.

Best Practices for Securing a Remote Workforce

IT teams that need to secure a remote workforce should keep an open mind toward the acceptance of new technologies, methodologies, and workflows to accomplish cybersecurity best practices. This includes using MDM/EMM solutions, leveraging the cloud, and monitoring data and workflows to prevent a breach.

IT teams should think outside the box regarding connectivity. We live in the age of cellular and broadband, and will see a bandwidth evolution with 5GB. The theft of massive quantities of data can occur in just minutes using wireless technology, and new techniques are needed to defend against these threats. This is not only from a remote employee copying the data from corporate resources, but also cyberthreat actors breaching a remote employee and leveraging them as a beachhead.

Therefore, IT teams need to understand their business models and account for the roles remote employees play, and the data and system risks they represent. With this firmly in mind, organizations can build a strategy that enables workforce productivity, while prudently managing cyber risks, with the right mix of modern security technology and practices.

BeyondTrust technology has been engineered to enable organizations to embrace security best practices for a remote workforce. To learn how BeyondTrust can help you address secure remote access, privileged access management, and vulnerability management for your remote devices and mobile workforce, contact us today.

Photograph of Morey J. Haber

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.