Developing a Comprehensive Remote Access Security Framework
As previously discussed, mobility and bring-your-own-device (BYOD) programs have become staples of today’s working world. As such, it is more important than ever to recognize that the overall integrity and security of IT networks is ultimately determined by the weakest links in the communication chain. Ironically, the weakest links tend to be the same mobile endpoints spurring the BYOD movement – laptops, tablets, smartphones, etc. There are several reasons why these mobile endpoints are particularly vulnerable, including:
- They lack many physical access control mechanisms
- They attract malware
- They are often used while connected to unsafe networks, such as public Wi-Fi hotspots or unsecured hotel networks
Of course, if mobile endpoints are vulnerable, so too are the networks they access. Developing a comprehensive security framework that allows IT teams to assess and monitor these endpoints is a formidable challenge. In this series of posts, we’ll discuss why comprehensive remote access security is so important, and how it can be achieved. To start, we’ll examine the current state of BYOD and how unsecure mobile devices accessing corporate networks jeopardize sensitive company data.
The Current Situation
Increasingly, people are conducting transactions on-the-go while connected to unsecured networks in airports, coffee shops, restaurants, etc. Even with a basic out-of-the-box VPN solution, users may be opening themselves and their corporate networks to severe security threats, including viruses, spyware or bot infections, and Advanced Persistent Threats (APTs). APTs are arguably the most damaging, due to their stealthy nature and narrow focus. They are usually designed and executed with a very specific target in mind, such as the pending sales agreements of financial institutions. (We’ll take a closer look at these threats in our upcoming post on Device and Network Identity and Health.)
In the meantime, it’s worth pointing out that APTs have always been thought of as initiated from “inside” the network. These days, however, that is no longer accurate. These “inside” networks are now easily accessible from outside thanks mainly to the aforementioned unsecure network connections.
Just because people can access their corporate network remotely doesn’t mean that everyone should be able to. That’s why authenticating user and device identities and roles are so important. Device identities, in the context of network communication, are software, hardware and network attributes for a specific endpoint. User identities also encompass each individual attribute of an end user, which are primarily to determine whether a user should be allowed access to a network. Adding more information to user and device identities and also linking them by relationships improves the security of a network. Because of this, it’s only logical for enterprises to take it a step further and require more specific information about the endpoints and users requesting access rights.
This is where roles and attributes come into play. More granular depictions of user identities, roles and attributes could allow access to users that not only have the right role, but also the exact required attributes. By restricting access in such a way, a corporate network could, for example, grant access only to employees using approved devices who are in managerial positions at the company and using secure network connections. As more roles and attributes are factored in and relationships between all identity elements are better defined, network security improves immensely.
Coming up, we’ll discuss how establishing user identities and roles are an important step in determining Trust. Be sure to check back in!