Remote Work is Here to Stay: Is Your Solution Secure, Compliant and Scalable?

By Adam Gruber, CTO, Applied Insight

It’s no secret that one of the key outcomes of the pandemic has been a huge uptick in the requirement to support remote work, and it appears that the need for solutions is here to stay. Remote delivery and telework bring about unique opportunities for collaboration and greater flexibility for employees, but there are several technical challenges that organizations must overcome to ensure that these solutions are secure and compliant. This becomes even more important for public sector agencies and the companies that serve them, because most have heightened security needs due to the sensitivity of their missions and data. Aside from complex security and compliance requirements, setting up a feature-rich telework solution that is capable of scaling to accommodate the enterprise is no simple feat. The most oft-forgotten aspect of this is the usability – make sure your architecture is intuitive to use and enables work, rather than slowing it down.

During the early stages of the pandemic, many organizations struggled to come up with an adequate telework solution on-the-fly, since few were able to leverage significant expertise and lessons learned. At Applied Insight, we were fortunate in that we had already developed battle-tested remote work solutions for the Intelligence Community. Our cloud subject matter experts were able to transform their knowledge about building secure cloud architectures into a product suite that enabled secure, enterprise telework. These solutions could be rapidly deployed, and they easily scaled to meet ever-increasing demand without sacrificing a heightened end-user experience in the process.

Based on our experience in designing and implementing long-term enterprise telework solutions, here are a few guidelines to ensure that your remote work capability is something that you can count on, and your users will want to use.

• Enforce  Zero-Trust Security Throughout Your Systems
  One of the best ways to narrow your attack vectors is to enforce continuous authentication and authorization before granting access to sensitive data or services. This is the basis for the Zero Trust security model, which not only follows best practices for cloud compliance* and  supports recent White House memoranda for cyber security, it also limits the “blast radius” of cyber incidents, if they do occur. The premise of Zero Trust is that it is not sufficient to simply protect the perimeter of your networks; experience has shown that most networks can and will be compromised eventually – whether intentionally or not. While there are many different tools that can tackle specific aspects of implementing Zero Trust concepts, we prefer a holistic view to ensure that all aspects of a telework environment are protected – from the infrastructure down to the data – by integrating multiple applications and solutions. We layer Zero Trust applications throughout all corners of our customers’ environment to ensure that these principles are enforced across cloud services, networks, infrastructure, users, applications and data.
• Offer Flexible Multi-Factor Authentication (MFA) Solutions
  While enforcing MFA is not a novel concept, there is no “one-size-fits-all” solution. This is why remaining flexible in the selection of MFA technologies is critical to ensuring adoption of an enterprise remote work solution. By accommodating multiple MFA options, organizations can increase the flexibility of an implemented telework solution and remove roadblocks to its adoption across the user base. For many of our telework environments, we have enabled the use of physical tokens – such as DoD CAC and corporate badges – as well as software token options. Giving end-users throughout the organization several options to choose from will encourage wide adoption of remote solutions across the userbase.
• Prevent Issues Before They Become Incidents
  The largest hurdle to ensuring the continuous security of any telework solution is catching and preventing potential configuration drifts and compliance issues before they become security incidents. This is why an automated cloud solution can offer increased security. Cloud-based telework solutions grant security teams insight into all corners of the environment, from the Cloud Service Provider level down to the applications themselves. Automated cloud-based solutions allow better monitoring and help teams locate gaps in compliance frameworks and security control enforcement. The key to comprehensive security monitoring is through the integration of multiple toolsets, so the team obtains full visibility of all user activities, regardless of geographic location or device.

Designing, building, and implementing an enterprise architecture for secure telework is certainly not an easy undertaking, but it is definitely worthwhile, given the changing employment landscapes of today. Our approach is to leverage proven solutions that end-users want to use, not ones that they are simply forced to use. We have seen this strategy help to expand adoption and enable organizations to tackle this growing challenge once and for all.

*(See NIST SP 800-207)