Security That Goes from Anywhere to Anywhere Else

istock 1093539466

In networking and security, there has been a tendency to equate the term "working from anywhere" with "working from home," partly because the need for remote access went mainstream when the pandemic suddenly caused many employees to work from home offices. But the two terms are not the same. Working from anywhere truly means anywhere with security that's consistent whether someone is working from a data center, home office, airport, hotel room, or other remote location. Secure access to applications and other resources must be available all the time no matter where someone may be physically located. The security policies and solutions need to follow users and data from anywhere to anywhere else. Although some organizations were on track to implement work-from-anywhere strategies in the next few years to meet employee demand, the pandemic accelerated the timeline.

Setting Up Work-from-anywhere Security

When the pandemic hit, many organizations weren't prepared to deal with the sudden need for work-from-home security. They didn't have adequate access controls and many employees were connecting to the corporate office from poorly secured home networks and using vulnerable endpoint devices. This lack of security had some serious consequences as cybercriminals capitalized on the weaknesses. According to the 1H Global Threat Landscape Report from FortiGuard Labs, ransomware incidents increased nearly 1100% from June 2020 to June 2021. A recent global ransomware survey conducted by Fortinet backs up that statistic with 67% reporting that their organization has been a target of ransomware. 

After so many months of working from home, it turns out employees like it and many organizations are moving forward with hybrid work arrangements that allow their workers to work from the corporate office for a few days each week, but work remotely the rest of the time. To turn hybrid work into a reality, organizations need to make it possible for their employees and their devices to move seamlessly between multiple locations with access to applications located in the cloud, data center, or SaaS environments.

Some organizations have attempted to implement work-from-anywhere strategies with solutions from a dozen or more vendors, but this approach almost always leads to confusion and complexity. If one vendor provides endpoint protection and another does authorization and identity verification, and yet another supplies firewalls or cloud-based zero-trust services on the various cloud platforms, creating a cohesive and reliable solution is almost impossible. The result is often a mess of complex workarounds and extra hours of IT staff time to get solutions to function, even poorly. Maintaining the setup over time certainly doesn't get any easier and security gaps almost inevitably surface.

Taking a Platform Approach to Work-from-anywhere

To make it possible for solutions to follow and protect users, data, and applications from end to end, you need to step back and look at the big picture. Endpoint security needs to work seamlessly with access controls on the network and in the cloud. Security can't stop at the edge of the campus, branch, data center or cloud, so the Secure SD-WAN and SASE solutions need to work with edge security and networking solutions. Zero-trust policies need to be enforced everywhere with access policy engines, and policy and threat intelligence need to span the entire network.

To reduce complexity, it makes sense to create a roadmap for a unified strategy that consolidates as many security solutions as possible. Organizations should identify a cybersecurity mesh platform with solutions that are designed to work as an integrated system. They might be deployed directly on the security mesh platform or interoperate with that platform through clients and APIs. Taking this type of platform approach means zero trust, endpoint, and network security can all be unified by a common set of APIs and integration points to ensure users can seamlessly shift from one location to another with a consistent and secure experience. On the IT side, the cybersecurity mesh simplifies policy creation and enforcement, ensures uniform configurations, centralizes management, and makes it possible to monitor and control users, devices, data, applications, and workflows.

This platform strategy can be applied to the three most common WFA situations: the home office, the corporate office, and the mobile worker.

Work-from-anywhere from the Home Office

Remote and hybrid employees typically log in from a particular remote location such as their home, which has the basic infrastructure they need to do their job, such as a monitor and laptop, which may or may not be properly secured. The employee's devices are connected to a home network which also may not be secure and may include vulnerable devices such as gaming systems and smart appliances. To secure home users, organizations need an integrated combination of endpoint security, zero trust access, identity management, and network security solutions. A home office solution needs to extend the corporate firewall protections to the entire home network. It also should segment the home network to provide corporate IT visibility of corporate traffic and optimize bandwidth for business applications, while ensuring employee privacy for the non-work section of the network.

Work-from-anywhere from the Corporate Office

When employees are working from the corporate office, strong endpoint security remains an important part of a layered defense. Compromised endpoint devices continue to be a primary vector for a network breach. These devices can provide an entry point for cybercriminals to bypass corporate controls.  Endpoint detection and remediation capabilities remain of critical importance especially as cybercriminals leverage email as an attack vector, with phishing emails being the most common delivery method for ransomware seeking to encrypt corporate files.

To secure users, devices, and servers in the office, organizations need the same integrated combination of endpoint security, zero trust access, and identity management that is required for the home office. It also should include networking and security solutions, such as Secure SD-WAN, that offer advanced networking tools that are designed to operate from a unified security platform. Deploying solutions as part of a fully integrated cybersecurity mesh platform architecture in this way provides stronger security, easier management and orchestration, and better total cost of ownership than solutions operating in isolation.

Work-from-anywhere from the Road

Users traveling or working outside the corporate office or their primary remote space are often exposed to unique threat environments.  When mobile users connect to the applications and resources they need to do their jobs, they may use unknown and unsecured networks and access points, which can potentially be used to compromise the network. Cybercriminals can use these unprotected networks and access points to snoop on exposed communications or launch attacks from inadequately protected devices. As with the corporate and home locations, securing mobile workers requires strong endpoint security and zero trust solutions for secure access to critical resources. A mobile network solution also should include multifactor authentication, a cloud-based secure web gateway, cloud access security broker (CASB), and a secure access service edge (SASE) solution. Additionally, zero-trust network access (ZTNA) is critical to extend secure application access and protections to mobile workers.

Protection Everywhere

Workers are on the move and they need to be protected wherever they go. It doesn't matter where a user or device operates, security must be consistent and effective. Trying to assemble a collection of disparate technologies with separate management and configuration consoles is a recipe for frustration and has the potential to leave security holes that cybercriminals can exploit. Implementing an integrated cybersecurity mesh platform with solutions that work together can keep employees secure anywhere and everywhere.

Read more about why the Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform.


Copyright © 2021 IDG Communications, Inc.