When VPN Is Not Enough To Protect Apps

Ensuring enterprise security in a remote working world.

Recent research indicates that global cyber-attacks have gone up six times during the ongoing healthcare situation, and hacking and phishing attempts have gone up by 37% over the last month. 1) India too has reported an increased number of cyber-attacks ranging from hackers hijacking online conferencing platforms to fake IDs attempting to divert public donations from government portals and relief fund destinations. 2) According to a PWC report, a number of Indian organizations have reported an almost 100% increase in cyber-attack attempts. PWC has recommended "robust preventive and detective technical measures" to prevent such attacks as teams continue to work remotely, often on insecure connections. 3) The truth is that the security landscape is growing increasingly complex with cybercriminals also leveraging emerging technology to hack into enterprise servers. And a large portion of the workforce accessing enterprise applications remotely from a multitude of devices is a cyber criminal’s dream come true. Older “bolted on” security measures are incapable of mapping an evolving threat landscape or even adequately protecting the multitude of endpoints in a remote working scenario.  

One of the oldest and most trusted security measures enterprises adopt for their remote staff is that of the Virtual Private Network (VPN).  But in addition to adding to network complexity VPNs are not a hundred per cent effective when it comes to protecting end devices. Many offer only a single layer of protection and leave home networks unsecured, consequently providing an access point for malicious elements. UK's National Cyber Security Centre (NCSC), and the US Department of Homeland Security (DHS) have recently issued advisories for organizations working remotely using tools like VPNs, based on a significant uptick in a number of cyber-attacks that exploit publicly known vulnerabilities in remote working tools and software like VPNs.4  As the world adapts to working remotely, organizations must implement comprehensive digital workspace solutions that are consumer simple but enterprise secure. It should be able to offer a superlative employee experience while delivering and managing any apps on any device by integrating access control, application management and multi-platform endpoint management. Some of the key security features that a digital workspace enables include: 

Conditional access: With this, the enterprise can combine features like policy enforcement, identity management and enterprise mobility management to restrict access to data and applications. It can also be used to apply conditional access to mobile apps and ensure that enterprise assets can only be accessed by compliant users.  

Multifactor authentication: A digital workspace must impose multifactor authentication across devices and applications and even support third-party authentication services.  

Automated compliance monitoring: With this, organizations can ensure controlled access to data based on pre-determined factors ranging from the strength of authentication to network or location and remediate policy violations through customizable warnings or remote device wipe. 

Data loss prevention: This allows administrators to set compliance policies for each application in order to prevent data loss. Controls can range from email attachment rules, restrictions on copy/paste, dynamic watermarking and more.   

Enterprise mobility management: Organizations should have the ability to remotely lock or wipe specific applications or containerized data on a device if it’s lost or stolen, locate a missing device, and obtain real‐time device information such as OS version, last update, location, and more.  

Single sign‐on (SSO): This is enabled with a Secure Application Token System (SATS) and an identity management solution.  A one‐touch mobile SSO allows users to access desktop, mobile, and cloud applications without passwords or complex PIN challenges. 

Smart card support: Common Access Card (CAC) and Personal Identity Verification (PIV) cards are still standard authentication methods and should be supported across devices 

Network Security: A comprehensive digital workspace solution must also ensure foolproof security for the network. It should allow for micro‐segmentation, detailed network controls enable unit‐ level trust and flexible security policies that can extend to a network interface. Zero trust environments, self-defending perimeters for each workload, policy alignment with logical groups and matrix of policies on centralized, choke‐point firewalls are must-have capabilities of a robust digital workspace platform.  

The definition of workplace is undergoing a sea change at the moment. As the remote working trend establishes itself as the new normal, and the risk landscape evolves further, it is crucial for enterprises to radically transform their approach to security and consider intrinsic security models that leverage emerging technologies like AI and ML. Like with everything else in the world right now, safety first must be the overarching mantra for enterprises going forward.


Around The World