Remote work which is secure and effective. What tools to choose?
The threats caused by COVID-19 have made many companies switch over to remote work. The survey conducted in April 2020 by Nationale-Nederlanden says that 25% of the respondents would like to continue working from home also when the pandemics is over. A similar number of people could combine remote work with coming to the office. This situation leaves entrepreneurs no choice but to reorganise the operation and implementation of tools to ensure that home office will not undermine the security of the company’s key data.
What is the greatest threat related to remote work? First and foremost, it is the loss of control over how employees log into the corporate systems, what tools they use for this purpose and what they actually do with the company data. This, in turn, leads directly to issues with maintaining compliance with security policies and external regulations.
What solutions can be used and which areas should be reinforced to guarantee data security?
Employees who connect with the company systems from their homes use Wi-Fi networks which can have insufficient security features. For this reason the company is exposed to the threat of data leaks. In order to mitigate it, many companies require the use of VPN. A virtual private network (VPN) enables the encryption of the entire communication, but it does not eliminate the necessity of using passwords and logins and it does not enforce the implementation of multi-factor authentication. It means that employees use data which can be stolen and misused by hackers.
A solution to this problem is the CyberArk Alero system which removes passwords and VPN from the equation. Instead it introduces dynamically generated QR codes and biometrics. An employee uses a fingerprint or a facial scan to get access to systems.
The CyberArk tools also enable monitoring and control over when and who gets access to what data.
The elimination of logins and passwords as the sole method of accessing corporate systems is an important step towards greater security. All the more so, because employees share their credentials with colleagues for convenience reasons. Also, they often write down their logins and passwords or send them via unsecured means.
In order to prevent such behaviours, it is necessary to implement multi-factor authentication, i.e. a method of logging into applications, websites or databases that requires providing other elements apart from the user name and the password. It could a PIN code, a password sent via SMS or biometric data. This solution is used by CyberArk Alero, explains Krzysztof Andrian, CEO at Concept Data.
Since multi-factor authentication can be cumbersome when an employee logs into many corporate systems and applications on a daily basis, it is a good idea to implement Single Sign-On. It enables access to all authorized resources after entering one password to any business service of an organization. Thus, users can avoid multiple sign-ons to the various systems they use. Such solutions are offered by Okta, among other providers.
Granting and controlling privileges
Remote employees need access to their company’s internal systems. This is the only way they can do their job. On the other hand, they are also allowed to view key business information, including sensitive data. That is why the company must control who gets access to such data and should also revoke any such privileges once the employee stops needing this information or if it is misused.
The Identity and Access Management (IAM) systems are designed to verify, grant and revoke user privileges as well as to control the activity of users with specific access permissions and to alarm when they overstep their privileges. One of the leading providers of such solutions is SailPoint and its products are included in our portfolio, says Krzysztof Andrian.
These solutions also provide support in the area of employee on-boarding. In our present times of widespread remote work, induction of new employees becomes particularly complicated. The IAM system assists in granting relevant access privileges to business resources and applications. It automates the training assignments and verifies the participation of employees in training courses. It coordinates the collection of all necessary permissions, authorizations and confirmations for the purpose of accessing various sources. It provides quick and automated distribution of login credentials for systems, e-mail services and documents.
Some employees have higher privileges regarding the company systems. They are referred as to privileged users. They can access corporate databases and view information that is of crucial importance to the enterprise. They should be given only the necessary and relevant rights, but they must also be monitored in terms of what they do and which data they access. IT solutions can come handy in this respect as well.
Imperva’s systems provide real-time monitoring and control of all operations in databases and of users who log into databases locally and remotely. As a result, companies get full visibility of who used particular information and when, where and how it was done. In addition, they monitor responses from databased in the context of leaks or security breachers, they detect anomalies and, if needed, they can block such responses, explains Krzysztof Andrian.
Therefore they protect the company from misuses and unauthorized actions performed by people who have managed to steal logins and passwords of privileged users.
Compliance with policies
All operations carried out as part of remote working must comply with external and internal regulations, including the personal data protection laws specified in the General Data Protection Regulation and the Act on the National Cybersecurity System. Pursuant to these laws, data controllers are under the obligation to report breaches, while key service operators and providers have to ensure the adequate level of protection against incidents as well as manage, predict and report such incidents.
The IAM systems enable continuous monitoring and control of access to resources and applications and they generate alarms if any abuses are detected. As a result, a company can quickly identify and solve any problems as well as detect when and who had access to what data.
Moreover, the digital identity management solutions ensure compliance with the company’s internal regulations such as procedures, standards and security policies. They define who can have access to IT resources and on what principles. The IAM systems facilitate the adherence to such guidelines.
Remote work requires some changes in the company’s operations. However, such changes must not reduce the level of business information security. Through the use of relevant technologies one can work from any location without exposing the company to the threat of losing key business data.
All solutions specified in the text are offered by Concept Data. Please contact us at: firstname.lastname@example.org. We will gladly answer additional questions and give individual advice on the systems which are best suited to your company.
Company’s Registration Address:
Concept Data SA
ul. Piękna 24/26A
office: +48 22 833 86 35
fax: +48 22 832 17 19
ul. Gen. Józefa Zajączka 9B
office: +48 22 833 86 35
fax: +48 22 832 17 19
Gen. Zajączka office
ul. Gen. Józefa Zajączka 9B
ul. Piękna 24/26A,