概述
我们的客户是化学品, 安全卫生公司总部设在美国, 但是随着全球业务的发展. 就像许多北美大小公司一样, the business had to rapidly shift to a work-from-home strategy as the COVID-19 pandemic became a significant concern in March 2020.
Background
While the company takes security very seriously and implemented several significant internal investments to protect against threats in its internal environment, the remote workforce presents a new challenge with a much larger target and new potential weaknesses. 这场前所未有的大流行病是未知的领域, 而且该公司并没有为一些很少有人能预料到的事情做计划.
一旦实现了新的远程框架, the company’s internal audit department became concerned about how data was accessed, 员工们用的是什么设备啊, 云访问是如何管理的,用户来自哪里. 作为一个全球性组织, the company had different levels of security depending on the geographic location of the employee. 但现在几乎每个人都在家工作, 公司如何知道资产是安全的? Did IT make the necessary changes to accommodate all of the people working from home?
项目
The company selected RSM to perform a remote workforce security assessment to better understand its vulnerabilities and shape ongoing remote security planning efforts. 客户需要快速, 超越典型安全测试的全面分析, 更深入地了解新的远程工作结构的关键领域.
The assessment began with a series of interviews with leaders from IT and security to understand and review all of the ways the organization’s network and data is accessed. 我们了解到人们使用各种方法来获取信息, 根据他们的工作和任务,有些人使用VPN, 还有一些人在他们的个人设备上使用虚拟桌面, while some don’t interact with the security perimeter at all through the SaaS cloud infrastructure.
在远程环境中访问控制是首要考虑的问题, RSM团队评估了用户访问数据的方式以及数据是否真正安全. We found that multifactor authentication was not utilized everywhere; it was only in what the company deemed as critical applications. 如果那些具有基本凭据的系统遭到破坏, 由于未启用数据丢失防护,它们可用于访问敏感数据. That is a risk regardless of the remote workforce; the new, larger target just amplifies it.
像很多公司一样, this organization had developed a strong on-premises network perimeter over the years. 然而, 随着远程工作的大规模转变, it now has thousands of network perimeters to protect—the endpoints in each employee’s home environment. 随着经济的快速转型, 该公司没有在远程端点上配置相同级别的安全, 因为它总是依赖于内部的外围控制. 幸运的是, the company’s security stance was prepared to monitor and patch endpoints without devices needing to be connected to the VPN.
然而, 我们发现,当一个端点没有连接到VPN时, 未激活Web过滤功能. 尽管他们确实安装了杀毒软件, machines could still access potentially malicious websites and bring harmful malware back to the network without it being detected or quarantined.
除了, the assessment discovered that endpoints are not automatically isolated on the network if they are compromised. While the company is proficient and follows established processes for detecting security events, 需要手动处理从网络中删除端点. 取决于事件的严重程度, infected devices may be able to infect other devices on the network before the security team can remove the device from the network. 我们的团队提出了消除手动过程的策略, including implementing security orchestration processes and automation platforms to remove problematic machines based on specific use cases such as ransomware to minimize interrupting an employee’s work day.
How data travels is also a key consideration for any company, especially in a remote framework. The assessment found that the company allows USB devices to transfer data between machines, 所有员工最初都有权访问,必要时可撤销访问. Contractors and business partners could not write to removable drives, but internal users could. 我们建议改变政策, 拒绝所有人访问可移动驱动器, 并根据需要添加读或写权限. It’s much easier for a company to grant and then manage access than to take it away.
该公司对其虚拟桌面基础设施也有类似的立场. Employees could copy and paste data to personal devices—everyone was allowed this level of access except for contractors and third parties. Once again, we recommended a zero-trust approach, granting access only to employees that require it. 在这种情况下,数据更容易控制、跟踪并最终确保安全.
Large companies use a wide variety of software and operating systems; within this organization, 我们发现其中一些已经过时,不再得到供应商的支持. If devices with these systems are removed from the network, they are subject to being compromised. 虽然该公司确实有一个升级计划, 不受支持的应用程序本身就存在安全漏洞, 在这样一个活跃的威胁环境中,这些被放大了.
The assessment found that the company did a good job of ensuring intellectual property is encrypted prior to sending data to a third party. 然而, it found a process flaw where a particular set of employees could transmit data without it being encrypted. The company was in the progress of rolling out a new data encryption system and was integrating a fix for that vulnerability into that process.
结果
When navigating an unknown business landscape during a pandemic and balancing continuity with employee safety, new vulnerabilities are understandable—but they must be diagnosed and addressed in a timely manner. 在远程劳动力安全评估之后, the company better understood its security posture in the new work-from-home environment, with critical insights into what was working and what areas needed immediate attention.
对于许多公司来说,一个更加远程的员工队伍是一个现实, and the assessment gave the company the knowledge to successfully adjust security measures to protect company networks and data, 并满足新的流程和持续的需求.
