SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Three ways to protect your business in the cloud
Fri, 24th Apr 2020
FYI, this story is more than a year old

As governments around the world issued directives that individuals need to stay home and isolate amid the current COVID-19 pandemic, organisations scrambled to set up the infrastructures to protect the business and its employees. Now that organisations have made headway in their remote working practices, with some even considering its permanency, they are now presented with a new challenge – protecting the business in the cloud.

The cloud is still unfamiliar territory for many. Most employees working from home find themselves using a multitude of devices, applications and networks, increasing the complexity of managing – and protecting – user access within businesses. While employees just want to work efficiently, IT needs to ensure the proper controls are in place to protect the company.

For IT leaders and businesses managers needing to effectively manage their remote workforce, here are the three ways to protect your business in the cloud:

1.    Make access control a priority 

A modern BYO-anything workforce means more access points, hidden apps and hurdles to secure across the organisation. Even as cyberthreats rise, employees expect technology to be fast, convenient and easy to use. Businesses must prioritise an access solution that secures the organisation while helping employees stay productive wherever they are.
 
Knowing the apps used within your organisation and understanding user access behaviour is important to spot issues before they become a bigger problem. However, having complete control over user access can sometimes be difficult and hidden from view thanks to Shadow IT – those undocumented apps that employees bring into the business. If you can vet and track these on work devices, you can prevent potential fraudulent or malicious software being installed.

Additionally, the assignment of specific permissions and privileges for employees based on their particular role protects sensitive information and ensures a need-to-know protocol is enforced. Using a single sign on (SSO) access solution such as LastPass will ensure employees are not maintaining multiple passwords, and securely connects them to the work applications in which they are assigned, without the need to type a password.

2.    Establish strong access policies

An effective strategy in maintaining security is to encourage good password hygiene practices within your business. This is particularly important with a remote workforce, when every employee logging in is outside of the traditional corporate perimeter. According to FireEye's latest M-Trends report, median dwell time for non-ransomware breaches in APAC is 94 days. So, when staff are empowered with best practice knowledge, they too can take steps in mitigating potential risks.

Some ways to do this include preventing password reuse through generating and storing of unique, random and strong passwords and automating password storage by capturing and storing passwords for new services, whether they're managed by IT or not.  Additionally, using multifactor authentication wherever possible with services like LastPass MFA is critical to protecting the business, and if there is need to share a password, use an encrypted format to discourage insecure methods like text, email or written notes.

3.    Get employees on and off systems fast

Organisations need to give employees convenient, secure access to the tools they need to do their jobs, with the appropriate level of permissions - so when they onboard or offboard with the organisation, there is complete visibility of their whole working journey.

Using one centralised admin dashboard will provide a unified view of employee access across the organisation. Similarly, integrating with your existing user directory to automatically provision new employees, with the right privileges to the right resources will help jump start their productivity. Lastly, have a kill switch to immediately and completely turn off access privileges when an employee leaves.

Through these key methods, managing the security of your remote workforce should prove less daunting and help to ensure greater preparedness for the future of work.