Working from home has changed the IT infrastructure landscape, introducing new security challenges. While the weary and wary IT staff may not have to walk down the hallway to help someone connect to the printer, Felix the cat sitting on the armchair isn’t going to be of much help changing the password on the Wi-Fi router. Enterprises encounter additional remote work risks as employees use home networks with substandard security protocols. These same employees also introduce new devices and shadow IT without proper vetting from company security leaders. Meetings and calls are now virtual, often via 3rd party solutions. And document signing, as well as file sharing and storing, are all online.
The move to a remote workforce extends an enterprise’s IT landscape by introducing new networks, devices and applications. Consequently, there are new risks. To address these enhanced remote work risks, IT security personnel need an effective and efficient security control monitoring solution. Specifically, they need something that collects real time machine generated events from both the enterprise and home networks.
Cue Qmulos.
Q-Compliance’s unique Splunk-based architecture enables real time monitoring and alerting of potential security and compliance issues, providing true insight into your risk posture across the extended enterprise. With hundreds of out-of-the-box analytics built around the NIST 800-53 controls, Q-Compliance enables you to continuously monitor security controls related to common teleworking technology risk areas.
Common Remote Work Risks
Use the table at the end of this article to identify controls related to the following common risks an extended, teleworking enterprise may face.
Remote Access to Servers
Risks: Keeping business moving, from PowerPoints to executing contracts, means remote workers must connect to central servers in order to access and share business sensitive information. Without proper access controls and customized permissions, unintended access may be granted.
Video and Teleconferencing
Risks: These communication tools are frequently 3rd party solution providers, and therefore may not be authorized solutions for the sharing sensitive information. Nevertheless, they become an essential means for communication and productivity.
Internet Connectivity
Risks: Employees are using home networks and routers, many of which will lack the security standards implemented in an office setting. Routers may not be updated, and may even be without a password. Additionally, inadequate bandwidth may also harm productivity, and latency could stymie communication. A VPN may be in place, but a computer could be connected to secure ethernet and untrusted Wi-Fi at the same time, inadvertently creating a bridge.
File Sharing and Storing
Risks: Sensitive documents must continue exchanging hands, and therefore travel across multiple networks. Thus, securing and encrypting information as it moves is a must.
Additional Devices
Risks: Working from home expands the Bring Your Own Device (BYOD) landscape. Smart TV’s, personal computers, tablets, and smart home devices become complements to the approved device list. Meanwhile, vulnerabilities in these devices introduce new risks to an enterprise.
Remote IT Support:
Risks: Technology problems require a more sophisticated approach to IT support, with remote-in capabilities on devices. Therefore, IT staff must learn and adapt to a shift in requirements.
Qmulos provides a way to monitor security controls whether your workforce is in the office or on their couches. Qmulos enhances real-time monitoring of your systems’ machine data with the context and workflows of an Integrated Risk Management (IRM) tool.
Despite these remote work risks, it doesn’t matter what technologies your team uses or what networks they are operating from. Q-products ensure you are able to track security gaps and anticipate where to implement enhanced security measures. Be proactive in addressing your new remote work risks with Qmulos.
Mapping NIST controls to Telework
As identified in NIST SP 800-46
| NIST 800-53 Controls | Implications for remote work/telework/BYOD |
| AC-2, Account Management | This control involves managing single-factor or multi-factor authentication for remote access users. For example, passwords, digital certificates, and/or hardware authentication tokens. |
| AC-17, Remote Access | This entire control is dedicated to documenting remote access requirements, authorizing remote access prior to allowing connections, monitoring and controlling remote access, encrypting remote access connections, etc |
| AC-19, Access Control for Mobile Devices | This control includes requirements for organization-controlled mobile devices and authorization to connect mobile devices to organizational systems, such as through remote access. |
| AC-20, Use of External Information Systems | This control involves the use of external information systems, such as personally owned client devices (BYOD) and third-party-controlled client devices. For instance, systems that may process, store, or transmit organization-controlled data on behalf of the organization. |
| CA-9, Internal System Connections | This involves connections between a system and system components, including mobile devices and laptops. |
| CP-9, Information System Backup | Telework devices need to have their data backed up either locally or remotely. |
| IA-2, Identification and Authentication (Organizational Users) | This control involves using single-factor or multi-factor authentication for remote access users. For example, passwords, digital certificates, and/or hardware authentication tokens. |
| IA-3, Device Identification and Authentication | Mutual authentication is recommended whenever feasible to verify the legitimacy of a remote access server before providing authentication credentials to it. |
| IA-11, Re-Authentication | Many organizations require teleworkers to reauthenticate periodically during long remote access sessions, such as after each eight hours of a session or after 30 minutes of idle time. This helps organizations confirm that the person using remote access is authorized to do so. |
| RA-3, Risk Assessment | A risk assessment should be performed as part of selecting a remote access method (tunneling, application portals, remote desktop access, direct application access). |
| SC-7, Boundary Protection | This control involves segmenting a network (e.g., using subnetworks) to keep publicly accessible components off internal networks. Additionally, monitoring and controlling communications at key boundary points. |
| SC-8, Transmission Confidentiality and Integrity | The various remote access methods protect the confidentiality and integrity of transmissions through use of cryptography. |
Sources: NIST Special Publication 800-53, NIST Special Publication 800-46
