In their pandemic-spurred rush to empower remote work, organizations are failing to adequately consider and address cloud security risks. Read on to learn what you need to consider to enable cloud-based remote access both swiftly and securely.
Attackers target unsecure cloud environments
In the grand history of cybersecurity, it’s quite possible that 2020 will come to be known as The Year That Organizations Underestimated the Risks of Moving to the Cloud.
It’s the year that a global pandemic has abruptly forced many organizations to require most, if not all, of their employees to work remotely full time. To accommodate this shift, many of those same organizations are rushing their transitions to a cloud-based, remote-access-enabled IT infrastructure.
As they make haste to completely transform their IT underpinnings, some enterprises will cut corners, or fail to track down the expert advice needed to correctly implement security controls for their newly expanded remote working models. Poorly secured cloud infrastructures and remote access software expand the attack surface and invite foul play. Thus, the rules of cause and effect dictate, the outcome of these hasty cloud migrations will not be pretty.
Your Checklist of What to Consider for a Swift AND Secure Move to the Cloud
The thing is, regardless of whether you’re just getting started, or halfway through an ongoing transition, it is possible to move to the cloud both safely and swiftly, even on an enterprise scale. It just takes some serious know-how. Here‘s what you need to consider to get started.
Transition Purposefully: Set the tone at the top, with regular executive communications regarding the security implications of digital transformations. Explicitly state that security is not to be ignored or sacrificed.
Engage Cloud Vendors in Security Planning: Network managers responsible for implementing digital transformations should work closely with their cloud service provider (CSP) to understand the security tools and configuration options that are available through the CSP.
Weigh Remote Access Options: Avoid the temptation to simply “switch on” remote access through remote desktop protocol (RDP), virtual private networks (VPN), or other tools. Compare multiple remote access management options and vendors and choose one that provides a level of security and accountability appropriate for the enterprise network environment.
Increase Monitoring for Exposure and Intrusion: Monitor the internet for signs that systems have been publicly exposed. Keep a close eye on internal logs and intrusion detection systems as well, looking for unexpected changes in system or user behavior. Detecting and responding to these signals quickly can prevent, interrupt, or contain a potential security incident.
Secure the Perimeter: Utilize a centrally managed security broker or network edge authentication system. User access should require robust, auditable authentication, ideally with strong, token-based multi-factor authentication (MFA). Network edge devices, such as laptops and phones with remote network access, are exposed to constant attacks, so they should be kept up to date and prioritized in the vulnerability management process.
Half-Baked Cloud: A Remote Access Security Issue Likely to Proliferate
Booz Allen’s intelligence teams have determined that virtual desktop infrastructure (VDI) will likely be in particularly high demand as organizations consider their options for accommodating suddenly enlarged remote workforces. Organizations accustomed to having most or all employees working in a physically controlled environment may just now be familiarizing themselves with the practice of data loss prevention (DLP). Because insider threats can cause organizations to lose control of proprietary data from anywhere, increasing use of VDI raises security questions that must be answered to ensure information safety. Rush the implementation of an unfamiliar configuration and you might as well be handing cyber attackers the keys to your enterprise.
Remote Access May Invite Intruders
Organizations that are unaccustomed to a remote delivery model may not have existing technologies or policies in place to ensure properly secured access to organizational resources. For the first time, many organizations are implementing remote access using cloud-based technologies such as RDP, remote access service (RAS), and VPN. These technologies have their security-relevant peculiarities, and thus require a higher level of cloud control. While cloud implementation offers the flexibility and scalability necessary to keep customer-facing applications updated, organizations should work with trusted cloud infrastructure providers to understand where security concerns arise and what can be done to sew up loopholes. Here are a few tips along those lines:
Remote Desktop Protocols: Systems exposing the RDP service should be secured behind a remote desktop gateway, VPN, or other authenticated network boundaries. Accounts that can log into the RDP service should also be restricted to those with a business need and proper authentication controls. If possible, privileged accounts should not be able to log in directly through RDP.
Remote Access Service: Free tools will be especially popular for obvious reasons, but they pose known security risks, including the possibility that an unauthorized party could use them to access the enterprise network. Multiple threat actor campaigns have used these legitimate tools to maliciously access targeted systems. Organizations should restrict the use of unapproved remote access tools, and authorized tools should be verified using an organization-managed authentication system.
Virtual Private Network: Organizations deploying VPNs for the first time should select a reputable service with appropriate capacity, employ a rigorous authentication scheme, and seriously consider requiring multi-factor authentication, if possible. Login attempts should be logged and monitored for anomalous activity.
Conclusion
Improper security controls, hasty cloud migrations, and remote access implementation render an organization extremely vulnerable to cyber attacks. Simplifying operations through consistent cloud management can accelerate a fully integrated system and help reduce migration errors. Regular monitoring of the cloud system for exposure and intrusion will also help detect suspicious activities and keep cybercriminals at bay. Learn more about hasty cloud migrations, remote access implementation, and other threat trends on Booz Allen’s Cyber Threat Trends and Threat Landscape page.
