概述
Our client is a chemical, safety and hygiene company headquartered in the 美国, but with operations worldwide. Like many 北美n companies of all sizes, 随着2020年3月COVID-19大流行成为一个重大问题,该公司不得不迅速转向在家工作战略.
Background
虽然该公司非常重视安全,并实施了几项重大的内部投资,以防止其内部环境中的威胁, 远程工作人员提出了一个新的挑战,目标范围更大,也有新的潜在弱点. The unprecedented pandemic is uncharted territory, and the company had not planned for something few could have anticipated.
Once the new remote framework was implemented, 该公司的内部审计部门开始关注数据被访问的方式, what devices employees were using, how cloud access was governed and what locations the users were coming from. As a global organization, 该公司根据员工所在的地理位置设置了不同的安全级别. But now that almost everyone is working from home, how does the company know that assets remain secure? IT部门是否做了必要的改变以适应所有在家工作的人?
项目
该公司选择RSM来执行远程劳动力安全评估,以更好地了解其漏洞并制定正在进行的远程安全规划工作. The client needed quick, comprehensive analysis beyond typical security testing, with more insight into key areas of the new remote work structure.
评估开始于对IT和安全部门领导的一系列访谈,以了解和审查访问组织网络和数据的所有方式. We learned that people use various methods to access information, depending on their job and task—some use the VPN, and others use virtual desktops on their personal devices, 而有些则完全不通过SaaS云基础设施与安全边界进行交互.
With access controls as a top-of-mind concern in a remote environment, the RSM team evaluated how users accessed data and whether it was truly secure. We found that multifactor authentication was not utilized everywhere; it was only in what the company deemed as critical applications. If those systems with basic credentials are compromised, they can be used to access sensitive data as data loss prevention was not enabled. That is a risk regardless of the remote workforce; the new, larger target just amplifies it.
像很多公司一样, 多年来,该组织开发了一个强大的本地网络边界. 然而, with the scale of the shift to remote work, 它现在有数千个网络边界需要保护——每个员工家庭环境中的端点. With the rapid transition, the company did not have the same level of security configured on remote endpoints, because it always relied on on-premises perimeter controls. 幸运的是, 该公司的安全立场是在设备不需要连接到VPN的情况下监控和修补端点.
然而, we discovered that when an endpoint is not connected to the VPN, web filtering capabilities were not activated. Even though they did have antivirus software in place, 机器仍然可以访问潜在的恶意网站,并将有害的恶意软件带回网络,而不会被检测或隔离.
除了, 评估发现,如果端点受到威胁,它们不会在网络上自动隔离. 当公司精通并遵循既定的检测安全事件的流程时, a manual process is required to remove the endpoint from the network. Depending on the severity of an incident, 在安全团队将设备从网络中移除之前,受感染的设备可能会感染网络上的其他设备. Our team suggested strategies to eliminate that manual process, 包括实现安全编排流程和自动化平台,以根据特定用例(如勒索软件)删除有问题的机器,以最大限度地减少对员工工作日的干扰.
数据如何传输也是任何公司的一个关键考虑因素,尤其是在远程框架中. 评估发现,该公司允许USB设备在机器之间传输数据, with all employees receiving access initially and revoking access if necessary. 承包商和商业伙伴不能写入可移动驱动器,但内部用户可以. We suggested a change in policy, denying everyone access to removable drives, and adding read or write permissions as necessary. It’s much easier for a company to grant and then manage access than to take it away.
The company had a similar stance with its virtual desktop infrastructure. 员工可以复制和粘贴数据到个人设备上——除了承包商和第三方,每个人都有这种权限. 我们再次建议采用零信任方法,只向需要访问权限的员工授予访问权限. In this scenario, data is easier to control, trace and ultimately secure.
Large companies use a wide variety of software and operating systems; within this organization, we uncovered that some were out of date and no longer supported by vendors. 如果带有这些系统的设备从网络中移除,它们就会受到威胁. While the company did have an upgrade plan in place, unsupported applications inherently present security vulnerabilities, and these are amplified in such an active threat environment.
评估发现,在将数据发送给第三方之前,该公司在确保知识产权加密方面做得很好. 然而, 它发现了一个流程缺陷,即一组特定的员工可以在不加密的情况下传输数据. 该公司正在推出一种新的数据加密系统,并将针对该漏洞的修复程序集成到该过程中.
结果
在大流行期间应对未知的业务环境,并在连续性与员工安全之间取得平衡, 新的漏洞是可以理解的,但必须及时诊断和处理. After the remote workforce security assessment, 该公司更好地了解了其在新的在家工作环境中的安全状况, 对哪些方面正在发挥作用以及哪些方面需要立即关注具有批判性的见解.
A more remote-focused workforce is a reality for many companies moving forward, 该评估为公司提供了成功调整安全措施以保护公司网络和数据的知识, and meet new processes and ongoing demands.
