The Three Human Failures Behind Remote Access Shortcomings

Whenever news of a network security breach reaches the public airwaves, observers are quick to assign blame to some combination of technological shortcomings and human error that allowed an attacker to slip through the victim’s cyber defenses. When it comes to remote access in particular, network security is even more dependent on technology like VPNs, and employees who do their part and follow company protocol. Unfortunately, network administrators often find themselves in a position where, due to human imperfection, remote access technology is the constant that protects their network. Here are the three types of people who are guilty of common, understandable human errors that network administrators need to have on their radar, and try to protect against, as they build a network security infrastructure: The Strained IT Pro Information security professionals are modern-day gladiators, fighting back against complex network security threats, internal and external, as quickly as they form. Yet, as a Ponemon Institute study revealed earlier this year, many IT departments are overburdened as they try to defend against all of these threats at once. The problem is actually two-fold: a dearth of talent to fill positions (according to the study, 70 percent of the organizations say they do not have sufficient IT security staff) and turnover in security positions that can be filled (CISOs leave their positions, on average, after 2.5 years). The result is that IT departments, despite their best efforts, cannot defend against every attack particularly as cyberattackers diversify and expand their efforts in the coming years. The Oblivious Employee For companies that lack a consistent frontline defense by their IT staff, employees are next...

Who Will Foot the Bill for BYOD?

The concept of “Bring Your Own Device” seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they’re probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees gain convenience. Of course, it’s never really been that simple or straightforward. And now, following a ruling by the California Second District Court of Appeal, BYOD looks poised to become even more complicated. Last month, the court ruled that companies in the state must reimburse employees who use their personal phones for work purposes. Specifically, the ruling covers voice call expenses, and reimbursement is not contingent on an employee’s phone plan – even if the employee has unlimited minutes, for example, the employer must reimburse a “reasonable percentage” of the bill. The consensus in IT circles is that the ruling muddies the water around BYOD. Now that there’s a legal precedent for voice call reimbursement, mandatory data reimbursement could be the next shoe to drop. And why wouldn’t it? Americans rack up more expenses for mobile data consumption than they do for voice calls. Should the law evolve, and if the California ruling sets a national precedent for other states, many companies may find BYOD no longer saves them that much money. DataHive Consulting’s Hyoun Park has said that the ruling would be a “deal killer” for many companies, while Forrester Research’s David Johnson told Computerworld that BYOD could now be “sidetracked”...

Vehicle VPNs, Part Two: Business World Implications

In recent years, remote access security has become a major focus of IT departments in businesses small and large. The rapid growth in the use of smartphones and tablet computers, the bring-your-own-device (BYOD) trend and an increasing number of companies allowing employees to work from home have all but assured this. VPNs, as such, have become widely popular as a means of securing those data tunnels between end devices and internal corporate networks. But now, there’s another endpoint that requires the attention of IT managers: cars. Actually, to be more specific, “connected cars.” In a previous blog post, we discussed the continuing evolution of connected cars and how vehicle VPNs can help prevent critical security breaches. The vulnerabilities we covered focused on travel safety and machine-to-machine (M2M) concerns in people’s homes. Today, we’ll take a look at the more business-oriented issues at play and their implications on the corporate world. The Basics of Remote Access Let’s start with the same basic principle that applies to remote access everywhere: a corporate network is only as secure as the device and communications channel used to access it. VPNs have long been used to secure communications between laptops and private company networks across many industries. In most cases, employees were using company-issued laptops. In the last five years, however, we’ve seen a paradigm shift where more and more people are using personal laptops as well as smartphones and tablet computers to work from outside the office. BYOD certainly created a few headaches for IT departments when it came to security, but the benefits were too substantial to ignore — flexibility, improved access...

What Windows XP’s End of Support Means for Security

This past summer, there was a lot of discussion around the advent of Windows 8, but one topic that was seemingly lost among all of the reviews of the latest operating system (OS) was the encroaching retirement of Windows XP. When you consider that this time next year (April 14th, to be exact,) security fixes, patches for vulnerabilities and updates to software will disappear to the more than 15 percent of midsize and large enterprises still running Windows XP, companies are remiss to not recognize its huge security implications. If companies don’t migrate to Windows 7 or higher, they will leave their entire network and systems vulnerable to malicious exploits targeting the expired OS, like cyber and DDOS attacks, data theft and hacking. In other words, it’s absolutely critical that organizations migrate to a modern OS ASAP. To do this, however, companies will need to do a clean install, meaning they’ll need to transition all user data and reinstall or repackage all of their applications to the new Windows 7 or Windows 8 system. Normally, this can be a time and labor-intensive process, and requires testing all hardware, peripherals and applications to make sure they work with one of Microsoft’s newest OSs. And this means third-party remote access VPN and security software, too – because, while Windows 8 comes will embedded features like DirectAccess and Secure Boot, their pitfalls make it essential to deploy layered security measures in order to effectively lock down a corporate network. So as companies try to beat the clock, where should they turn? For optimal security without breaking the bank, they’ll need robust solutions that...

Expert Q&A: Establishing a Secure Data Center and Cloud with Remote Access

*Editor’s Note: This is Part One of an article that originally appeared in The Data Center Journal’s  Industry Perspective Column By: Rainer Enders, VPN Expert and CTO, Americas, at NCP engineering: Industry Perspective: What are some of the main security concerns for data center managers today? Rainer Enders: The evolution of modern data centers, while beneficial for many reasons, is exposing serious security pain points along the way. For one, as data centers grow in size to keep up with enterprise computing needs, it becomes increasingly difficult for IT managers to adequately protect all corporate assets, which include everything from data and documentation to software and supplies. As capacity expands, data center managers are finding it harder to maintain critical IT compliance and security measures, such as managing and de-provisioning privileged user access, and running compliance reports that are growing in both depth and volume. Additionally, with the rising popularity of virtualized and cloud environments, data center managers are tasked with baking security into all compute, network, storage and hypervisor layers. This is a considerably difficult task, in light of the numerous emerging attack vectors that constantly increase in sophistication, such as ever-morphing advanced persistent threats (APTs) that are compromising critical corporate information. IP: What specific security challenges arise as companies outsource to the cloud and rely on remote services with increasing frequency? RE: The most critical security challenges that arise in cloud deployments are compromises to remote access connections—in the form of session-hijacking attacks, for example—and compromises of cloud-hosted resources, such as virtual machines, from within the hosted provider network. Insufficient security architectures and controls in operator networks can cause...