Remote-access technologies are top-of-mind for most IT professionals now, and remote work is a trend which is likely here to stay for the long term. If you’re looking to update your organization’s security policy, NIST has recently published an excellent bulletin outlining some of the unique security challenges posed by remote work.
NIST categorizes remote-access technologies into four main categories: Tunneling, Portals, Direct Application Access, and Remote Desktop Access. With the rise of BYOD (bring your own device) policies and cloud-based applications, it has become common for organizations to employ multiple solutions for remote access, each with their own unique security considerations. Regardless of which remote-access technologies your organization is using, it is important to continually ensure each is being used in a way that protects data from compromise.
The NIST bulletin highlights a few important points:
- Organizations should assume that devices used for remote work will be compromised. Make sure that sensitive data is encrypted, or better yet, implement solutions that don’t store any sensitive data on client devices.
- Devices used in external environments are under greater risk for compromise than devices in enterprise environments, so tighter security controls are advisable. Security controls can also vary widely by device, so you may need to give more specific security guidance for BYOD devices used for remote work.
- Each additional form of remote access that is exposed increases the risk of compromise. This can be mitigated by implementing tiers of access for different client devices, and by situating remote access servers so they serve as a single point of entry.
Grey Market Labs is a Public Benefit Corporation with the mission to “protect life online”. Our Advisory services can help you navigate the conflicting and overwhelming enterprise privacy and data protection guidance. Our products provide cost-effective and comprehensive privacy-as-a-service, delivering proactive internet protection for remote work and distributed teams. Simply: we prevent data from being compromised, establish trust between users and protect our customers work, online. CONTACT US to see how we can solve some hard problems together.