How can IT admins keep their remote workers secure? This question has grown more complex to answer with the current shift toward mandatory remote work. As organizations focus on supporting their employees from wherever they may be, it’s vital that IT departments keep their employees’ resources secure. As such, the best steps IT teams can take for maintaining organizational security during extensive remote working must revolve around users and their machines.
IT departments can now leverage a platform to keep identities and systems secure in conjunction with training employees on maintaining a good security posture. Relying on just training your workforce can be dangerous, which is why coupling that with a foundational platform to protect user identities and systems for comprehensive security is a must.
Below, we’ll cover the traditional approach admins took for securing organizations, and how IT teams can best adapt that approach to suit extensive remote working.
The Traditional Approach
Traditionally, IT organizations thought of security as one that involved building a defense that centralized on a strong perimeter.
With the Windows® domain model, this avenue once made a great deal of sense. IT admins would stand up an Active Directory® (AD) instance and create their domain. They would then gate the domain through both physical access requirements and a firewall for virtual protection. Remote users in this legacy environment needed a VPN to tunnel back into the corporate network to access any resources.
This pattern of perimeter-based security worked well when most users were on-prem and their resources were Windows-based. However, as the cloud emerged, the pattern began to change.
Does This Approach Still Work?
As technology advanced, web applications became more critical. Cloud infrastructure like AWS® and Google Cloud Platform™ (GCP) started to eliminate the need for on-prem data centers. Mobile equipment and new platforms like Macs®, Linux® workstations, and iOS/Android devices grew in popular demand within the modern workforce. All of these changes started to erode the traditional concept of the domain. Most admins today have a variety of resources to secure that exist outside the perimeter of a Windows-based environment. To do so, IT admins typically control access to these new resources with AD add-ons like identity bridges, web application single sign-on (SSO) solutions, mobile device managers (MDMs), and more.
Incremental adjustments to an existing operating model were fine under normal circumstances, but now with a global shutdown demanding that the approach to work be transformed, IT needs to quickly adjust their processes. The idea of maintaining a strong perimeter for organizational security is now obsolete because that perimeter needs to stretch across entire nations.
Keeping Users Safe In a Remote World
The question then becomes this: How should IT admins adapt to this new way of working, and how do they keep their end users safe while doing so?
The most comprehensive solution can be found through a new, domainless approach. With a cloud directory service, IT departments can provide deep access control and device management capabilities regardless of location. Keeping a remote end user safe is largely about keeping their identity their own and protecting their system.
There are a number of key ways that IT admins can protect a user’s identity:
- Train your end users to enact long, strong passwords and teach them about multi-factor authentication (MFA).
- Have a system in place to detect phishing attempts and, if possible, know exactly where a user’s password is being changed or entered with system-based password management.
- Leverage a platform that can connect your users to their IT resources through one secure identity. That identity can be instantiated in a number of different ways including SSH keys, through SAML attestation, and MFA.
- Make sure your systems are patched and up to date, that anti-virus and anti-malware are operational and current, full disk encryption is enabled, and you’re aware of other security configurations and settings such as screen saver lock and application controls.
- For those that need a VPN, you’ll want to make sure that it’s present and can be easily used at the appropriate times.
Using the tools listed above, admins can provide a secure environment for any number of users while they work remotely. And with a cloud directory service, IT teams can utilize the above processes from one centralized platform, allowing for this sudden transition to a new way of working to be as painless as possible.
Interested in additional tools to help remote workers know the steps needed to secure their resources during this transformative time? Check out our employee education essentials series on security, or contact us with any questions you may have.
If you’d like to learn more about leveraging a cloud directory service to connect and enable your workforce securely, reach out for a personalized demo to see our platform in action.