We're building value and opportunity by investing in cybersecurity, analytics, digital solutions, engineering and science, and consulting. Our culture of innovation empowers employees as creative thinkers, bringing unparalleled value for our clients and for any problem we try to tackle.
Empower People to Change the World®
Abstract
In their pandemic-spurred rush to empower remote work, organizations are failing to adequately consider and address cloud security risks. Read on to learn what you need to consider to enable cloud-based remote access both swiftly and securely.
In the grand history of cybersecurity, it’s quite possible that 2020 will come to be known as The Year That Organizations Underestimated the Risks of Moving to the Cloud.
It’s the year that a global pandemic has abruptly forced many organizations to require most, if not all, of their employees to work remotely full time. To accommodate this shift, many of those same organizations are rushing their transitions to a cloud-based, remote-access-enabled IT infrastructure.
As they make haste to completely transform their IT underpinnings, some enterprises will cut corners, or fail to track down the expert advice needed to correctly implement security controls for their newly expanded remote working models. Poorly secured cloud infrastructures and remote access software expand the attack surface and invite foul play. Thus, the rules of cause and effect dictate, the outcome of these hasty cloud migrations will not be pretty.
Your Checklist of What to Consider for a Swift AND Secure Move to the Cloud
The thing is, regardless of whether you’re just getting started, or halfway through an ongoing transition, it is possible to move to the cloud both safely and swiftly, even on an enterprise scale. It just takes some serious know-how. Here‘s what you need to consider to get started.
Half-Baked Cloud: A Remote Access Security Issue Likely to Proliferate
Booz Allen’s intelligence teams have determined that virtual desktop infrastructure (VDI) will likely be in particularly high demand as organizations consider their options for accommodating suddenly enlarged remote workforces. Organizations accustomed to having most or all employees working in a physically controlled environment may just now be familiarizing themselves with the practice of data loss prevention (DLP). Because insider threats can cause organizations to lose control of proprietary data from anywhere, increasing use of VDI raises security questions that must be answered to ensure information safety. Rush the implementation of an unfamiliar configuration and you might as well be handing cyber attackers the keys to your enterprise.
Remote Access May Invite Intruders
Organizations that are unaccustomed to a remote delivery model may not have existing technologies or policies in place to ensure properly secured access to organizational resources. For the first time, many organizations are implementing remote access using cloud-based technologies such as RDP, remote access service (RAS), and VPN. These technologies have their security-relevant peculiarities, and thus require a higher level of cloud control. While cloud implementation offers the flexibility and scalability necessary to keep customer-facing applications updated, organizations should work with trusted cloud infrastructure providers to understand where security concerns arise and what can be done to sew up loopholes. Here are a few tips along those lines:
Conclusion
Improper security controls, hasty cloud migrations, and remote access implementation render an organization extremely vulnerable to cyber attacks. Simplifying operations through consistent cloud management can accelerate a fully integrated system and help reduce migration errors. Regular monitoring of the cloud system for exposure and intrusion will also help detect suspicious activities and keep cybercriminals at bay. Learn more about hasty cloud migrations, remote access implementation, and other threat trends on Booz Allen’s Cyber Threat Trends and Threat Landscape page.