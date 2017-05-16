In today’s digital era, a mobile, distributed workforce is common—and growing. According to IDC, the number of mobile workers will rise to more than 105 million by 2020—almost three-quarters of the U.S. workforce. While offering employees this flexibility makes it easier to recruit new job candidates, it has also made securing the corporate network and providing access to enterprise applications behind the firewall more complex than ever.

The reasons for this growing complexity go beyond just anywhere, anytime, any device access to corporate data and applications, both on premises and in the cloud. The growing number of devices (employees, customers, or partners) accessing the network from beyond the traditional perimeter has increased the attack surface. The number and variety of cyber threats continue to grow. Compliance and regulations, especially for privacy and protecting customer data, are stricter than ever. Add to this the growing volume of newly connected devices, such as the Internet of Things (IoT), and the remote-access challenge becomes even more daunting.

While IT leaders acknowledge the challenges, they also know what’s needed to address them.

“It’s incredibly hard to secure remote access to the network with so many ways to gain access today,” says Kevin Cunningham, president and co-founder at SailPoint. “For example, the drive toward bring your own device (BYOD) has created an increased demand for access to enterprise apps and data beyond simple email and calendars. Employees expect to be able to access applications and data from any of their devices.

“To better manage the risks associated with BYOD, IT needs better visibility into and control over the access privileges granted to workers,” he adds.

We reached out to influential IT leaders to learn about their challenges with securing remote access to the corporate network. Here’s their advice:

1. Protect your data.

“The number one challenge is adopting what Forrester terms a ‘mobile-first’ mindset,” says Steven F. Fox (@securelexicon), senior cybersecurity officer with a federal agency. “This means applying context-aware controls that secure data differently depending on where in the supply chain it is provided and consumed.”

Dr. Guy Bunker (@guybunker), senior vice president of products at Clearswift, elaborates. “The No. 1 challenge is to protect their critical information, no matter where it is held or how it is accessed. This challenge is made even more complex with the cloud and the need for increased collaboration.”

Daren Glenister (@DarenGlenister), CTO of Synchronoss, offers this advice. “Knowing how to protect data once it leaves the device is a key first step toward solving this problem. Security professionals should also be concerned about the blurred lines between personal and business devices. Knowing where your data is stored will be critical, especially when it comes to remote users.”

Others point to the wide distribution of data. “The biggest challenge is the prevalence of data, as it is now everywhere. It used to be that important data was kept in one safe place, but that just isn’t the case anymore,” says George Gerchow (@georgegerchow), vice president of security and compliance at Sumo Logic. “Now hackers can test their boundaries by accessing a small amount of data at first, but use any knowledge gained to access another key piece of data and continue the process until they hit you where it really hurts.”

2. Tighten up your monitoring policies.

Monitoring user and device access is essential, and involves “ensuring positive user identity and controlling data rights and access,” says Andrew Kalat (@lerg) co-host, the Defensive Security Podcast.

Understanding and tracking access to the network can also help with industry compliance. “Reporting and monitoring of remote access traffic, including for protocols such as SSH, was one of our biggest challenges prior to implementing our enterprise access solution,” says John Payne, (@jcapayne) chief architect, enterprise infrastructure at Akamai. “Full logging of all access activity, across devices, we will make meeting compliance requirements significantly easier.”

“As we move to a distributed workforce that is mobile and mobile across devices, we need to look at how we allow employees to securely access resources that remain on premises. The challenge is, how do we do this with a variety of device types and a variety of operating systems that IT may or may not own and support?” says Jim Cooper (@jimccooper), distinguished technologist, DXC.Technology.

3. Balance protected access with user experience.

If accessing the network is too complicated, or onerous, users may circumvent the very controls IT has put in place. The answer: balancing protection with the user experience (UX). “It’s critical not to introduce too much friction to the users who want instance data access on the go,” says Kalat, of the Defensive Security Podcast.

Dion Hinchcliffe (@dhinchcliffe), chief strategy officer of 7Summits, elaborates. “The top challenge is not providing such a burden to the worker via layers of security that it negatively impacts the mobile work experience,” he says. “Unfortunately, it's still common to require multiple logins, enforce rapid time-outs, ban highly desired apps, and otherwise add too much friction to an IT form factor that should otherwise significantly boost productivity, not inadvertently hinder it.”

4. Educate your users.

Adopt a strategy for teaching your users why their help is essential and how to avoid cyber threats such as phishing emails. “It’s not just about protecting the larger attack surface—it’s also about users’ behavior on their devices,” says Ed Featherston (@efeatherston), vice president and principal architect at Cloud Technology Partners. “User behavior continues to be the biggest area of weakness in corporate attacks, inadvertently putting their mobile devices at risk just by clicking on the wrong link in an email,” he says. “A compromised device becomes a weapon against the corporate network, unknown to the user.”

5. Understand the new risk points.

“I would say the greatest challenge is data theft due to hacking and viruses that come in through vulnerable, remote-access VPN networks,” says Alexandra Levit (@alevit), partner at PeopleResults.

And don’t forget third-party networks, notes Wayne Sadin (@waynesadin), CIO at Affinitas Life. “My number one challenge is securing employees' connections to the multiple networks—internal, plus those of partners and cloud vendors—that are essential for doing business today.”

The Bottom Line

Joe DeFelice (@JoeAtAkamai) senior director of enterprise security at Akamai, offers this advice: “We are moving away from providing unfettered access to the corporate network to providing tightly controlled access to all applications based on user, group, or role. This greatly reduces our attack surface and provides much better visibility into who and what can access our critical data.”

It is possible to secure remote access to enterprise applications behind the firewall. Learn more about Akamai’s approach and why your enterprise needs a new access model.