With unprecedented numbers of workers setting up shop in their homes, the changing IT infrastructure landscape introduces new security challenges. While the weary and wary IT support staffer may not have to walk down the hallway to help someone connect to the printer, Felix the cat sitting on the armchair isn’t going to be of much help changing the password on the Wi-Fi router.Additional risks are encountered as employees use home networks with substandard security protocols. They introduce additional devices and shadow IT lacking proper vetting from company security leaders. All meetings and calls are conducted virtually, typically via 3rd party solutions. Document signing, as well as file sharing and storing, are all online
The move to a remote workforce extends an enterprise’s IT landscape by introducing new networks, devices and applications; and as a result, new risks. To address these enhanced risks, IT security personnel need an effective and efficient security control monitoring solution built on a Big Data platform that collects real time machine generated events from the enterprise and home networks.
Q-Compliance’s unique Splunk-based architecture enables real time monitoring and alerting of potential security and compliance issues, providing true insight into your risk posture across the extended enterprise. With hundreds of out-of-the-box analytics built around the NIST 800-53 controls, Q-Compliance can help you continuously monitor security controls related to common teleworking technology risk areas.
Using the table at the end of this article, you can identify which controls relate to the following common risks associated with an extended, teleworking enterprise.
- Remote Access to Servers
Risks: Keeping business moving, from PowerPoints to executing contracts, means remote workers must connect to central servers in order to access and share business sensitive information. Without proper access controls and customized permissions, unintended access may be granted.
- Video and Teleconferencing
Risks: These communication tools are frequently 3rd party solution providers, and may not be authorized solutions for the sharing of sensitive information, yet they become an essential means for communication and productivity.
- Internet Connectivity
Risks: Employees are using home networks and routers, many of which will lack the security standards implemented in an office setting. Routers may not be updated, and may even be without a password. Inadequate bandwidth may also harm productivity, and latency could stymie communication. A VPN may be in place, but a computer could be connected to secure ethernet and untrusted Wi-Fi at the same time, inadvertently creating a bridge.
- File Sharing and Storing
Risks: Sensitive documents must continue to exchange hands, and therefore travel across multiple networks. Securing and encrypting information as it moves is a must.
- Additional Devices
Risks: Working from home expands the Bring Your Own Device (BYOD) landscape. Smart TV’s, personal computers, tablets, and smart home devices become complements to the approved device list. Vulnerabilities in these devices introduce new risks to an enterprise.
- Remote IT Support:
Risks: Technology problems require a more sophisticated approach to IT support, with remote-in capabilities on devices. IT staff must learn and adapt to a shift in requirements.
Qmulos provides you a way to monitor security and privacy controls whether your workforce is in the office or at home on their couches. We combine real-time monitoring of your systems’ machine data enhanced with the context and workflows of an Integrated Risk Management (IRM) tool.
No matter what technologies your team uses or what networks they are operating from, Q-products ensure you are able to keep track of security gaps and anticipate where to implement enhanced security measures.
Mapping NIST controls to Telework
As identified in NIST SP 800-46
|NIST 800-53 Controls||Implications for remote work/telework/BYOD|
|AC-2, Account Management||This control involves managing single-factor or multi-factor authentication for remote access users, such as passwords, digital certificates, and/or hardware authentication tokens.|
|AC-17, Remote Access||This entire control is dedicated to documenting remote access requirements, authorizing remote access prior to allowing connections, monitoring and controlling remote access, encrypting remote access connections, etc|
|AC-19, Access Control for Mobile Devices||This control includes requirements for organization-controlled mobile devices and authorization to connect mobile devices to organizational systems, such as through remote access.|
|AC-20, Use of External Information Systems||This control involves the use of external information systems, such as personally owned client devices (BYOD) and third-party-controlled client devices, that may process, store, or transmit organization-controlled data on behalf of the organization.|
|CA-9, Internal System Connections||This involves connections between a system and system components, including mobile devices and laptops.|
|CP-9, Information System Backup||Telework devices need to havetheir data backed up either locally or remotely.|
|IA-2, Identification and Authentication (Organizational Users)||This control involves using single-factor or multi-factor authentication for remote access users, such as passwords, digital certificates, and/or hardware authentication tokens.|
|IA-3, Device Identification and Authentication||Mutual authentication is recommended whenever feasible to verify the legitimacy of a remote access server before providing authentication credentials to it.|
|IA-11, Re-Authentication||Many organizations require teleworkers to reauthenticate periodically during long remote access sessions, such as after each eight hours of a session or after 30 minutes of idle time. This helps organizations confirm that the person using remote access is aauthorized to do so.|
|RA-3, Risk Assessment||A risk assessment should be performed as part of selecting a remote access method (tunneling, application portals, remote desktop access, direct application access).|
|SC-7, Boundary Protection||This control involves segmenting a network (e.g., using subnetworks) to keep publicly accessible components off internal networks, and monitoring and controlling communications at key boundary points.|
|SC-8, Transmission Confidentiality and Integrity||The various remote access methods discussed in this publication protect the confidentiality and integrity of transmissions through use of cryptography.|