As more employees are being forced to work from home due to the COVID-19 pandemic, security teams are scrambling to ensure that they know what assets are being used to access the corporate networks. That challenge for those who had no contingency plan for employees working outside of their normal, assigned workspaces is considerable.
Security information and event management (SIEM) and other network management tools designed to flag users logging on from locations other than the corporate network need to be reconfigured to accept workers logging on from home or other remote IP addresses. New assets that are connecting to the corporate network need to be identified and vetted by the security team, even if those assets belong to the company’s employees.
Corporate security software that is configured to identify any possible connection from outside the company network needs to be modified to accept the new normal.
We can expect to see a lot of security applications returning false positives while companies slowly work through the process of whitelisting employees who are now working from home. Or not. This sea change in how companies are doing business might, in fact, be the kind of shift to push Zero Trust security models to the forefront, authenticating each user, device and application each time it tries to access corporate resources.
Regardless of what security model a company uses, it is still essential to have an inventory of every device connecting to the network, who owns it, how it will operate on the network, and some method of determining if the assets are indeed doing what they are supposed to do.
Remember that these changes do not apply only to on-prem networks. With companies expanding their cloud resources, in many cases to act as a buffer to the corporate network, their security teams need to vet the devices and users trying to access those cloud resources as well.
For companies that are planning major expansions of their cloud resources, security teams should be considering implementing cloud access security brokers (CASB) technology. CASBs are applications that sit either on-prem or in the cloud to enforce security, compliance and governance policies for cloud-based applications. It is a useful tool that sits on the edge of the network that connects to the cloud and can provide a detailed list of applications that on in use on the network and by whom. It also can be used to discover shadow IT and often is used in conjunction with IT asset management applications.
If your company is making a major move to the cloud due to the COVID-19 pandemic or simply to offload on-prem resources, a CASB tool might well be in your future. But then, so are re-tuning your SIEMs and other security tools, along with ensuring that user and device authentication are up to scratch.