Managing and securing remote workers has long been a fact of life for the modern enterprise. However, in the face of the COVID-19 pandemic, many organizations are dealing with a surge of remote workers, unlike anything they had seen before. With a significant portion of their workforce now operating remotely, their cyber-risk profiles shifted, forcing many of them to adjust their approach to security.
In the face of the pandemic, failing to handle remote connections securely is not an option. Not long after the onset of the COVID-19 pandemic in the United States, the Federal Bureau of Investigation (FBI) warned of an uptick of cyber-attacks targeting remote workers. Against this backdrop, an organization’s strategy for securing remote connections must involve an emphasis on using context and least privilege to guide access and authentication decisions.
The introduction of new risks is the price for enabling remote connectivity — particularly for privileged users. These new risks can take any number of forms, from an attacker entering the network using stolen administrator credentials to a user accessing the network from an infected machine and unwittingly spreading malware throughout the environment. Many of the attacks the FBI warned about exploited Remote Desktop Protocol (RDP). Often, these incidents took the form of brute-force attacks, though, in some situations, threat actors used phishing and vishing schemes to steal user credentials.
Attacks against Virtual Private Networks (VPNs) rose as well, challenging a common line of defense for businesses. While Virtual Private Networks (VPNs) are widely used, they are not without drawbacks—they are often costly, and do not easily scale. In addition, on their own, they do not provide the best protection for privileged users. This reality is due to several factors, starting with the prospect of credential theft. If an attacker can obtain an employee’s credentials for their company’s Virtual Private Network (VPN), the attacker can obtain broad access to corporate resources. The danger of this is even deeper in the case of third-party contractors and vendors who may be accessing the Virtual Private Network (VPN) from machines that are not in compliance with the other organization’s security policies. Unless the organization has implemented effective network segmentation and least privileged access, a threat actor can do significant damage.
There are a number of solutions to these problems, but not all are created equal. Virtual Private Networks (VPNs) are, of course, better than nothing. However, they do not address all of the risks associated with securing privileged accounts, particularly those belonging to contractors and other third-parties attempting to access enterprise networks from systems outside the enterprise’s control. A better solution is to layer privileged access management (PAM) capabilities on top of a Virtual Private Network (VPN). This approach enables enterprises to have more granular control and uses a jump host to serve as an access broker so that the danger of infected machines connecting directly to the network remotely is eliminated.
The best solution, however, is to leave Virtual Private Networks (VPNs) behind in favor of a strategy that relies strictly on distributed jump host capabilities to secure remote connections. This approach allows organizations to employ the principle of least privilege and grant access to specific resources while ensuring users only have just enough access to do what is required—and only maintain that access for a limited amount of time. It also avoids the potential scalability, performance, and security drawbacks that accompany Virtual Private Network (VPN). Combined with the ability to use context such as the health of the device, IP address, and user behavior, organizations can enforce high levels of security to protect their remote workforce.