Skip to main content

Closing Remote Support Security Gaps: People and Processes

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

IT Security is evolving at a rapid pace. From protecting their networks against malware, to meeting complex compliance regulations, to securing employees’ mobile devices and more, security professionals now have far wider remits to consider.

Traditionally, security professionals have focused on developing policies and best practices that can be applied across the business. But it’s extremely challenging to actually implement those policies not only across the business units, but also within the IT department itself.

How vulnerable is remote access technology?

Take remote access technology for example. This is an essential tool for remote working and there are typically policies in place around how workers can connect to corporate IT systems and data when not in the office. However, in many organisations, I have seen IT teams circumvent those policies and best practices in order to access computers remotely for troubleshooting purposes. One IT department in a financial services company was using ten different remote access tools within its team undermining the security policies set in place by its own department.

Limiting security gaps whilst increasing productivity

The fact is that the majority of security gaps are created by IT operations decisions that are focused on increasing productivity while keeping costs low. In this example, some team members were using basic or free tools that were “good enough” for troubleshooting systems, but created big security holes. Remote access is one of the most popular attack vectors for hackers. The 2013 Trustwave report stated that 47% of hacking-related attacks came through remote access pathways, a trend that isn’t slowing down. In recent malware attacks, hackers leveraged unsecured remote access channels to initially break into networks and plant the malware. Once a hacker gains a small foothold into your network, they have many tools to navigate to the systems and data they’re after. Consolidating remote access tools not only improved this IT team’s efficiency, it also greatly reduced their risk around remote access threats.
This is a really good example of how seemingly mundane IT operations decisions can lead to big problems. While investing in technology and solutions can be valuable, its money wasted if people and processes are not seriously considered. Humans are security’s weakest link – even when those humans are the IT experts. They will consistently find the easiest and least expensive way to accomplish a task, even if it’s not the most secure way. Security professionals and technology vendors need to recognize this and make it simple for people to follow security best practices. For example, sharing generic credentials and passwords is a major security gap because they’re often easy for hackers to guess, and you can’t track who is doing what in that system. But users are going to continue to share licenses to keep costs down. To combat this, vendors can offer ways for users to share licenses while using unique multi-factor logins.

Getting the security basics right

Basic password hygiene and multifactor authentication is a good place to start, particularly for any remote access tools used by employees, outsourcers or vendors. Next is to set granular permissions for who can access what systems and when. If admins or vendors have unfettered access to your entire network, compromising their logins becomes a lucrative target for hackers. This also reduces the risk of insider threats as employees are limited to the systems on which they need to work. Finally you must monitor audit logs and set up alerts for unexpected activity, such as a vendor accessing a server in the middle of the night.
Centralising remote access on one approved tool, implementing multi-factor authentication, and monitoring access for potential attacks are all simple steps that IT teams can take to impede hackers. But again, if the security team isn’t enforcing policies, there isn’t an urgency for IT support teams, outsourcers and vendors to upgrade their remote access practices.
Enterprise IT is changing rapidly. Several years from now, we’ll continue to see the growth of cloud services, as well as shifting IT functions to third parties and outsourcers. Maintaining visibility and control of this distributed network of people and systems will be the main challenge for IT over the next few years.
In particular, vendor and third party access control are two areas that CISOs will have to consider more carefully in future. The responsibility for any issues that occur through those third parties remains with the company, so the CISO should have insight into all providers and their activities. Auditing those activities and processes so that the CISO can see that security policies are being followed is essential.

Stuart Facey
Stuart Facey is the Vice President of EMEA at Bomgar, responsible for delivering Bomgar’s Privileged Access Management, Identity management & security solutions across the EMEA region.