Employees around the world are shifting to telecommuting right now, which means IT leaders need to strategize about how to provide secure resource access. This moment is also a catalyst for reimagining how IT can manage workforces whether they’re based in the main office, in a remote office, at home, or scattered around the world.
We’ll first detail concrete steps organizations can take right now to enable their users, and then we’ll examine forward-thinking ways IT admins can reassess their architectures to meet new challenges and manage distributed workforces moving forward.
Assess Hardware & Track It
A key first step to enable distributed users is to ensure they have systems — primarily Mac®, Windows®, and Linux® — they need to effectively do their jobs. Admins also need to identify measures they can take to secure those systems, whether they’re in the office, in a coffee shop, or in a users’ home office:
- Ensure users have systems they can take home and on-the-go, as well as other office necessities like charging cables and additional monitors.
- Use an asset management tracking system to account for at-home hardware. The International Association of Information Technology Asset Managers (IAITAM) has recommended organizations sign out and track all IT assets, as well as tighten BYOD policies as they shift to remote work.
- Identify methods to secure and troubleshoot systems, including a remote command runner, remote desktop software, and remote monitoring and management (RMM) tools.
Identify Digital Tools & Strategies to Use Them
Once an organization has equipped users with the hardware they need, the next step is to ensure they have the software and digital tools they need as well:
- Implement digital collaboration tools and/or make sure you’re using them to the fullest extent. For example, offer guidance for virtual meetings, such as having cameras turned on so users can maintain face-to-face interaction wherever they’re based.
- Define a clear IT process for users who wish to adopt new tools as a way to limit shadow IT by users who are operating outside IT’s traditional, in-office purview.
Implement Security Measures & Guidance
IT admins must also educate users about digital threats, as well as take measures to lock down their machines because those machines serve as a conduit to all organizational resources:
- Educate users regularly about digital threats, like recognizing phishing emails and using good password hygiene. CSO Online noted in a recent article various attacks, including phishing, that attackers are using to take advantage of vulnerabilities during the COVID-19 pandemic.
- Institute system-based password management so users can change their passwords directly on their systems, using workflows they’re familiar with, rather than relying on less secure methods like email.
- Give users guidance about how and when to use a VPN, such as when they’re working on an unsecured network — and protect their VPN connection with multi-factor authentication (MFA).
- Identify other security policies, like full disk encryption and screen lock, to enforce across your fleet.
Looking Forward: The Domainless Enterprise
Beyond these ancillary tools and strategies, it’s also important to think about the core of your IT operations: your directory service. Rather than implementing solutions and vendors ad hoc, consider how you’ll ensure centralized control and visibility across your environment. It’s not enough to equip everyone with laptops and strong passwords and send them out of the office.
As current events are demonstrating, it’s time to rethink traditional IT architectures. Active Directory®, VPNs, and RDP ports are reaching their limits or exposing organizations to vulnerabilities as those organizations look to rapidly shift users to remote work. In the modern age, a cloud directory service is the most flexible and agile way to ensure you can provision, manage, and deprovision user access to all IT resources from a central point of command.
At JumpCloud, we aim to give IT admins innovative architectures to connect users to all IT resources from the cloud. With Directory-as-a-Service, admins can implement the new “domainless enterprise.” Instead of tethering IT operations and users to legacy infrastructure, a domainless enterprise can stretch to meet users and their devices wherever they are.
A domainless enterprise also equips admins to enable MFA on all access points, dictate password requirements, monitor activity across their infrastructure, and directly manage identity federation to all third-party services. Admins can federate core identities to resources — whether they’re systems, applications, networks, or files — and secure remote devices from a single pane of glass. Click here to learn more about the concept of a domainless enterprise and how to implement it.
You can also read this interview with JumpCloud’s own security engineer, Jim Matthews, where he discusses domainless security with SafetyDetectives.