While many organizations
already have telecommute policies and solutions in place, they are most
commonly for either fully-remote workers or for employees who typically work in
the office but need flexibility for unusual situations. The current environment
most companies now face may put their remote workplace capabilities to the
test.
This is most pronounced when
considering security controls, cyber-hygiene, and reducing risk exposure that a
more remote workforce creates. Are organizations prepared for such a
distributed workforce and the potential risks that come with it?
When it comes to IT
administration teams, outsourced IT, and third-party vendors who might have
privileged access to systems and infrastructure, they need secure, granular
access to critical infrastructure resources regardless of location and without
the hassles of a virtual private network (VPN). Ideally, how privileged users
access these systems shouldn’t be different, regardless of whether they are in
an on-premise data center or accessing remotely.
Ditch the VPN
Last year it was reported
that Citrix was breached through a password spraying attack that also sought to
leverage VPN access. ARS Technica also reported last year that energy companies have specifically become targets of attacks that
use password spraying and VPN hacking.
Unlike a VPN that generally
gives users visibility to the entire network, organizations should only grant
access to resources on a per-resource basis. This gives privileged internal IT
admins access to only as much infrastructure as necessary, while limiting
access by an outsourced team to only the servers and network hardware their role
requires.
Privileged users should
authenticate through Active Directory, LDAP, or whatever the authoritative
identity store is, or grant granular, federated privileged access to resources
for business partners and third-party vendors.
Guard against cyber-attacks
by combining risk-level with role-based access controls, user context and MFA
to enable intelligent, automated and real-time decisions for granting
privileged access to users who are remotely accessing servers, on password
checkout or when using a shared account to log into remote systems.
Secure Privileged Access
for On-Site and Remote Administration
Here are six ways any
organization can create consistency in their privileged access management (PAM)
approaches to secure remote access to data center and cloud-based
infrastructures through a cloud-based service or on-premises deployment.
- Grant IT administrators secure,
context-aware access to a controlled set of servers, network devices and
Infrastructure-as-a-Service (IaaS). - Enable outsourced IT without the
need of including administrators in Active Directory. - Control access to specific data
center and cloud-based resources without the increased risk of providing full
VPN access. - Secure all administrative access
with risk-aware, multi-factor authentication (MFA). - Single secure access point for
administrators to manage infrastructure using shared accounts or their own
Active Directory account. - Enable secure remote access to data
center and cloud-based infrastructures for internal users, third party vendors
and outsourced IT through a cloud service or on-premises deployment.
Nate Yocom is Chief Technology Officer at Centrify
