Advertisment

Lock arms with IT to secure SaaS applications via cloud access security brokers

In an interaction with DQ Channels, Diwakar Dayal, Managing Director, Tenable India talked about new cybersecurity challenges and guidelines.

author-image
Ankit Parashar
Updated On
New Update
Insider Threats

A large number of companies and employees are spending time for an extended period remotely logging into computer network systems to continue their work activities from home.  During this time, it is important to be aware of new cybersecurity challenges, threats and how can organizations manage and secure their IT infrastructure. In an interaction with DQ Channels, Diwakar Dayal, Managing Director, Tenable India talked about new cybersecurity challenges and guidelines to overcome these challenges.

Advertisment

Diwakar Dayal, Managing Director, Tenable India

What are the new cybersecurity challenges posed by the work-at-home shift? What businesses must do to overcome these challenges?     

Remote-work has been around for years, due to the availability of digital communications and collaboration tools. However, this trend has accelerated exponentially over the past few weeks to curb the spread of the virus. The sudden shift to a remote-work model overnight means that employees now have to merge personal technology with work devices, contributing to an expanded attack surface. This can be challenging for security teams who now have to manage this attack surface that is distributed beyond the confines of the enterprise network.

Advertisment

Some practical guidance to overcome these challenges include:

  • Lock arms with IT to secure software-as-a-service (SaaS) applications via cloud access security brokers for configuration, security, and data loss prevention.
  • Reduce access to infrastructure-as-a-service (IaaS) providers by using jump boxes, which provide the ability to access and manage devices in a separate security zone, and reach the critical systems.
  • Mitigate risk by adding IT systems management onto the laptops, to facilitate controlling software updates and patching.
  • Use vulnerability detection agents to gain off-network visibility for connected devices at home as well.
  • Have a business continuity plan that analyzes business, financial and operational impacts. Document where critical assets are and who has access to them and maintain an inventory of their devices.
Advertisment

Today, the majority of the workforce is operating from home. What are the potential insider threats posed by the remote workforce?

The types of insider threats remain the same regardless of location. These insiders, be it employees, partners, or contractors, may either accidentally or intentionally do something to harm the network, compromise resources, or leak private data.

To mitigate these threats, the onus lies on organizations to strengthen their security approach. The foundation of a good cybersecurity program is one where organizations practice good cyber hygiene, such as continuously monitoring and maintaining their systems, enforcing multi-factor authentication, and using encryption.

Advertisment

How can organizations manage and secure the expanded attack surface?

As working from home becomes the new normal, security teams need to revisit their security policies and redesign their digital infrastructure. Here are a few things to consider:

  • Run IT operations like a service. This will help organizations simplify, streamline, and standardize the working experience, irrespective of the location of employees or the devices they’re using.
  • Use cloud-based services to not only foster agility but allow organizations to focus more resources on core business competencies.
  • Create separate virtual private networks (VPNs) for different departments to facilitate access only to employees who need or are authorized to use such data or resources. Single sign-on (SSO) identity management facilitates ease of use and ongoing maintenance, while multifactor authentication provides a much-needed layer of additional security.
  • Consider using SaaS solutions such as Google Docs, Slack, and more to foster collaboration.
  • Communicate regularly with relevant stakeholders to identify ways to improve productivity and security. Keep track of the evolving threat landscape to adapt and respond quickly.
Advertisment

What is Tenable’s role in ensuring cybersecurity gaps don’t emerge in such an uncertain working environment?

The reality is, bad actors won’t stop looking for ways to leverage a new trend or situation. In recent weeks, they’ve created bespoke COVID-19 related scams or spread misinformation on fake remedies on social media sites.

Apart from being available to our customers 24 x 7 to help navigate this new normal, our Tenable Research team is working around the clock to publish the latest research on cyberattacks, phishing attempts, and other opportunistic behaviors so that our customers can stay informed.

Advertisment

Since the health crisis unfolded, Tenable has also developed resources to educate organizations on securing their remote workforce.

As the COVID-19 crisis continues, organizations need to ramp up efforts to mitigate cyber risks. How Tenable can help businesses?

In addition to organizing webinars and conducting research on the latest threats, we have extended our customers’ Tenable.io licenses for free, through June 15. For Tenable.sc and Nessus Professional customers, we are offering a free Tenable.io license with unlimited agent scanning through June 15.

Our customers can also interact with our principal engineers weekly through video conferencing sessions. These sessions are free and include tips and best practices to reduce their cyber exposure gap.

Advertisment