Security and Compliance for a Decentralized Workforce
Information Security has been providing secure access to remote workers for decades. Working from home is not a new, pandemic driven phenomenon. It has been nurtured for years through various technological advances and applications. As a result, when March of 2020 rolled around, one of the few aspects the world was actually prepared for was the sudden push towards working remotely.
Companies like Citrix, VMware, Microsoft, and Amazon all saw massive growth in applications and systems that help facilitate remote connectivity, but none of these systems could be considered even close to “new”; they’ve all been around in one form or another for years.
VPN might be a term most recently associated with YouTube sponsorship and protecting your information from Big Brother, but it was created all the way back in the ‘90s as a method to connect remotely to your company’s resources. Today it is likely one of two or maybe three ways that most employees gain access to anything on-premise.
The list goes on:
Virtual Desktop Infrastructure saw early functionality as an option for deploying applications and computers into inhospitable conditions. It utilized robust and simplified end-user equipment, while simultaneously keeping the main infrastructure in an environmentally controlled datacenter.
Email has transitioned from onsite at a datacenter to remotely hosted to having been pulled all the way back to the source at corporations like Microsoft and Google.
Phone systems went from switchboards to Voice-over-IP to cloud-based and now can simply backend into your chosen chat program.
What does this history lesson show? It demonstrates how this technology has been growing and maturing for years. Technology and the security of information is an incredibly important aspect of any business and sending your whole workforce home for an undetermined amount of time and ensuring the security of devices should have been a daunting task, but for the most part, it was not.
Here at McKonly and Asbury, securing data and resources for our clients and employees is a critical aspect of our everyday work. We ensure security for our mobile users in a variety of ways. Employees can establish secure access to resources using the aforementioned VPN, but it is secure from brute-force password attacks by utilizing multi-factor authentication (MFA). Email is hosted in the cloud and also secured by MFA. Mobile devices are enrolled in an endpoint manager, and the data on them is secured, protected, and the devices are checked for compliance with company policies governing access. Remotely accessible desktops facilitate secure, lightweight access where necessary.
Our story is not atypical. As noted previously, this technology is not new; it is an unprecedented application, but the underlying framework has been there for some time.
Is it a coincidence that the built-in flexibility of the associated systems helped to negate any growing pains during the 2020 migration to remote work? Personally, I would respond with a resounding no. Decentralizing and recentralizing has always been a cyclical aspect of IT, and the pandemic caught it during a push towards decentralization. But business continuity planning has been integral to information security for some time, and Security Officers have been disaster planning since before we migrated to storing our critical information in ones and zeros. The pandemic was a disaster, and IT responded as such.
And it worked. Remotely.
McKonly & Asbury can assist your company with cybersecurity by performing a SOC for Cybersecurity engagement to identify whether effective processes and controls are in place and provide you with recommendations and a pathway to securing your environment from breaches and other cybersecurity events. We can answer any questions and help you determine if a SOC for Cybersecurity report would be useful for your company.