Cloud Hosting

While many organizationsalready have telecommute policies and solutions in place, they are mostcommonly for either fully-remote workers or for employees who typically work inthe office but need flexibility for unusual situations. The current environmentmost companies now face may put their remote workplace capabilities to thetest.

This is most pronounced whenconsidering security controls, cyber-hygiene, and reducing risk exposure that amore remote workforce creates. Are organizations prepared for such adistributed workforce and the potential risks that come with it?

When it comes to ITadministration teams, outsourced IT, and third-party vendors who might haveprivileged access to systems and infrastructure, they need secure, granularaccess to critical infrastructure resources regardless of location and withoutthe hassles of a virtual private network (VPN). Ideally, how privileged usersaccess these systems shouldnt be different, regardless of whether they are inan on-premise data center or accessing remotely.

Ditch the VPN

Last year it was reportedthat Citrix was breached through a password spraying attack that also sought toleverage VPN access. ARS Technica also reported last year that energy companies have specifically become targets of attacks thatuse password spraying and VPN hacking.

Unlike a VPN that generallygives users visibility to the entire network, organizations should only grantaccess to resources on a per-resource basis. This gives privileged internal ITadmins access to only as much infrastructure as necessary, while limitingaccess by an outsourced team to only the servers and network hardware their rolerequires.

Privileged users shouldauthenticate through Active Directory, LDAP, or whatever the authoritativeidentity store is, or grant granular, federated privileged access to resourcesfor business partners and third-party vendors.

Guard against cyber-attacksby combining risk-level with role-based access controls, user context and MFAto enable intelligent, automated and real-time decisions for grantingprivileged access to users who are remotely accessing servers, on passwordcheckout or when using a shared account to log into remote systems.

Secure Privileged Accessfor On-Site and Remote Administration

Here are six ways anyorganization can create consistency in their privileged access management (PAM)approaches to secure remote access to data center and cloud-basedinfrastructures through a cloud-based service or on-premises deployment.

Nate Yocom is Chief Technology Officer at Centrify

Link:
COVID-19 puts corporate WFH capabilities to the test - SC Magazine