Last night, did you have a dream that your second-grade teacher Mrs. McKinnock was telling you about the key elements of remote access security through the medium of interpretive dance? Talk about the twilight zone! Remote access security is the very subject of this blog piece! What are the chances?
So, let’s get this synchronicity stuffed and mounted with some cool elements of remote access security that you should know.
Hold Up, What Does Remote Access Even Mean?
Remote access makes pictures like this possible
When you’re lounging around at home using your WiFi to connect to your work’s intranet, that’s remote access. When the IT guy on the Denver team troubleshoots your desktop computer in Austin, that’s remote access. When you’re sitting in a hotel room with your tablet, sharing files with five different teams in three different countries, that’s remote access.
Some Quick and Dirty Definitions
Remote access: Data, files, a network, or whatever accessed from a place that is located elsewhere.
Internet: A global, interconnected public network accessible by anyone with an internet connection.
Intranet: A private network accessible to authorized users only.
The ability to access stuff remotely has changed the way work works – hurrah for digital nomads and their beards of joy! But at the same time, remote access is another data breach waiting to happen. But cheer up, because here are four key elements of remote access security to comfort you.
Key Element 1: The Principle of Least Privilege
The principle of least privilege is just a fancy way of saying, “If you don’t need it for your job, you don’t get access to it.” It’s a concept that restricts things like data, network access, or admin privileges to the people that perform certain job functions or are of particular seniority. You get to choose. But, because it reduces access to the minimum number of people possible, it reduces the risk of a data breach through human errors or cyberattacks.
The principle of least privilege is at play when you can access some, but not all, of those HR files; when your data loss prevention protocol restricts file sharing; or when it’s just your IT lead who has the ability to lock or wipe remote devices.
Key Element 2: Protection of Remote Devices
So, your herd of engineers uses their nifty little iPads to do engineering stuff out on the road. That’s a whole ton of risk right there. Remote devices, and the super-secret data contained therein, have a tendency to get left in Starbucks or stolen and stripped for parts. How are you gonna protect that device and its data?
Physical protection comes down to four mini-elements:
- An acceptable/responsible use policy that says, “You take a device on the road, don’t leave it in Starbucks.” Make device security a requirement for use.
- The beauty of remote lock and wipe. Device wanders off? Panic not – your IT lead can lock down the device and wipe the data.
- Properly configured MDM, including blocking access to insecure WiFi.
- Look after your spares, people. When you offboard homeworker Dane, Dane’s laptop becomes a liability until you go get that bad boy and keep it somewhere safe. (Ahem. We do this.)
Key Element 3: ID Management
Proper ID management is essential because it prevents the wrong people from accessing your business network/files/stuff, and it’s tackled in different ways. You’re looking at things like:
- A unique user identifier that’s created for each person. That unique identifier is then provisioned according to that person’s identity, role, and access permissions.
- User authentication: Hmm, is that person who they say they are? In two-factor authentication, users are verified through something they know – such as a password or username – and something they have, e.g., a phone for a code or a pinky finger for a biometric print.
- Cloud single sign-on: This allows you to access a ton of cloud applications using a single login and allows IT admins to centrally control who gets access to what. This simplifies ID management from the user’s side because only a weirdo wants to remember a gazillion passwords rather than just one. Bye-bye password fatigue too.
Key Element 4: All the Encryption
When you email your coworker Kiera a file containing Grandma’s oh-so-secret Scorched Skunkers recipe, it’ll travel pinball-style from your email client to your SMTP server to Kiera’s POP3 or IMAP server, and then to Kiera’s email client via a ton of other servers. While it’s en route, it’s vulnerable. And that’s why God invented encryption.
Encryption turns data into gibberish, making emails and files unreadable to anyone who hasn’t got the magic de-encryption key. This means Grandma’s recipe will be gibberized on its journey, and then de-gibberized and unencrypted once it reaches Kiera’s mailbox. Encryption reduces the risk of unauthorized access so that Grandma’s recipe is protected.
Remote Access Security Is a Win for Everyone
Securing remote access isn’t just about making sure the bad stuff doesn’t happen. It helps the good stuff happen. When remote access is super-secure, you can feel confident to hire from anywhere. Bigger/cheaper talent pool, anyone? You’re also well on the way to nailing some cool compliance frameworks like SOC 2 or SEC, and that means y’all can play with the big-dollar contracts. It’s kind of a business asset. Didn’t think you’d want to talk about remote access security today? Now you do! Give us a call. We’re here to help.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!