Working from home and security
In the rush to shift employees to home offices to comply with public health requirements, many companies were forced to relax their own security standards, but as it becomes obvious that temporary situations are going to be with us at some level for the foreseeable future, it’s time to revisit quickly implemented workarounds and ensure that well-thought-out security protocols continue to be supported.
That was the starting point for a roundtable webinar hosted earlier this week by Tehama, a Teradici Advantage Partner Program member company providing secure solutions utilizing Teradici Cloud Access Software. The session featured Dane Young of YOUNGTECH and Aaron Spradlin of cleverDome, both experts in enterprise IT security, along with Gene Villeneuve and Jaymes Davis of Tehama and Paul Austin of Teradici.
The 45-minute discussion on the topic “Sustaining a Virtual Workplace of the Future,” focused on properly assessing and managing the risks companies expose themselves to in shifting employees home without adequate consideration of the exposure of corporate digital assets and resources involved in doing so.
The panel covered a number of key considerations around data security, data sovereignty, trust, user experience, and quality in cloud-based solutions. A few key takeaways from the session are included below.
Security and end user experience are inseparable
If your security processes impact performance and usability for end users, ultimately they’ll be tempted to implement workarounds that will leave you vulnerable.
“A big challenge around security is that it can often be incredibly complex to implement,” said Paul Austin, director of global channels for Teradici. “Even more so in the context of remote access, with numerous components like firewalls and VPNs which can confuse users unaccustomed to them and increase the support burden of already overtaxed resources.”
As Dane Young summed it up: “We have to make sure the solutions are simple enough that end users can consume them and trust them and perform their jobs reliably without creating barriers with security that prevent them from doing their jobs.
Risk management needs to permeate everything
You need a process in place to address risk management and compliance as you’re making IT decisions and managing change.
“I think the biggest risk that we have to take into consideration is how you’re making the decisions, and that risk management process in decision making – what are we going to do, what is the risk of the decision vs the outcome,” said Aaron Spradlin, co-founder and chief visionary officer of cleverDome as well as CIO and CISO for United Planners Financial Services. “If you don’t have a culture, a process, and a team in place to make these decisions, that is a big risk people are facing in the short term.”
High-feature, low-cost comes with a price
Companies are paying the price for high-feature, low-cost solutions, and unfortunately, they’re often paying it in the form of security breaches.
For Aaron Spradlin, recognizing this risk this is one of the top challenges organizations face.
“It has been proven out over and over to be a key risk decision,” he said. “You’ve got to find high-quality products, and you’ve got to be willing to pay for them, because there is a cost that people are paying for high-feature and low-cost.”
To be sustainable, it must be secure
Sustainable, long-term work from home solutions need to address how employees from home networks can operate without reducing the security of company assets and data.
As Jaymes Davis, director of product strategy for Tehama, puts it – companies need to recognize and address the “gap of reality,” in that employees are often working at home on networks and computers that are shared with others and may not be as secure as IT departments would like to assume.
“Understand that particular PC may become communal, as they have kids that are working on online school work, or a spouse that may be working at a separate company – there’s a risk of cross contamination.”
Dane Young points out the dangers posed to organizations who didn’t have a plan and have sent home trusted devices to operate on home networks with no threat protection, leaving them vulnerable to breaches and data exfiltration.
“All sorts of policies that were hardline are being revised because they had no choice,” he said. “There needs to be a safe solution that is sustainable longer than two or three weeks.”
There are simple, sustainable solutions available
Centralizing valuable resources and assets under a common framework that assumes both the network connection and end device cannot be trusted is completely doable with current technology and it also offers the best combination of security and performance.
Aaron Spradlin explained why his organization has relied on Tehama for many years now.
“The ability to address many different risk factors simultaneously within a stack – administration, development, customer service, all under a single platform. It became a core component for us.”