Secure Remote Access
The COVID-19 pandemic has suddenly hastened the move toward remote work and the need to implement secure remote access.
Key Challenges
Secure remote access to on-premises and cloud applications requires identity and access management (IAM) controls that a VPN, virtual desktop infrastructure (VDI)/desktop as a service (DaaS), zero trust network access (ZTNA) or cloud access security broker (CASB) alone cannot provide.
Multifactor authentication (MFA) is an essential control to establish trust in a remote user’s identity and reduce account takeover (ATO) risks, but it is difficult to rapidly provision robust MFA options at scale.
Modern access management (AM) tools represent the future for remote worker access, but legacy applications represent a significant hurdle to the workforce of the future.
Recommendations
Security and risk management (SRM) leaders responsible for identity and access management should:
Liaise with other SRM and infrastructure and operations leaders to determine remote access requirements and to identify what remote access tools are and will be used.
Implement or expand use of MFA across all remote access use cases. Enable out of band (OOB) SMS as an interim solution only; migrate users to mobile push or hardware tokens, prioritizing by risk. If using OOB SMS is unavoidable, seek compensating controls.
Standardize on modern identity protocols — Security Assertion Markup Language (SAML), OpenID Connect (OIDC) and OAuth — for single sign-on (SSO) to securely provide access for remote workers to applications and data.
Categorise critical applications according to support for modern identity protocols, and enable legacy web apps with identity-aware proxies (properly secured) and agents.
Follow the “response, recovery, renewal” action plan to address MFA and AM requirements during the COVID-19 pandemic and subsequently.
Introduction
Occasional or permanent remote work is increasingly the norm for a large part of the workforce in many enterprises and can be supported via a range of technologies including VPN, ZTNA and CASB.
However, secure remote access to on-premises and cloud applications requires IAM controls that these tools cannot natively provide. Now, the COVID-19 pandemic has suddenly created a demand for remote work at unprecedented scale.
Thus, there is an urgent need to rapidly expand the use of MFA for any kind of remote access and, particularly for SaaS and other public cloud access, to enforce additional corporate controls using an AM tool.
What can SRM leaders responsible for IAM (“IAM leaders”) do to address these needs? This research offers IAM leaders technology and policy guidance for enhancing remote access security through MFA and AM (see photo in post).
Source: Gartner Report
Do you have any questions?
Call 020 3637 6095
Or email support@geekheads.co.uk