Feb 26, 2021

5 steps for better data security in the post-pandemic world

Ivanti
Cybersecurity
covid-19
Russ Mohr
7 min
 2020, meant it was one the busiest year on record for security teams as they fought off bad actors and adapted to new employee behaviours
2020, meant it was one the busiest year on record for security teams as they fought off bad actors and adapted to new employee behaviours...

When the pandemic began, organisations believed remote working would be temporary, but as two weeks became six, and six weeks became six months and most of us remained at home. As we begin 2021, it has become too clear to many businesses that remote work is here to stay. In fact, Research from MobileIron (acquired by Ivanti) found that 80% of the global workforce never wish to return to the office full-time.

Cybercriminals have never struggled to find new ways to infiltrate organisations, and the mass exodus from the office created even more opportunities for them to exploit. They quickly caught onto the fact that as mobility became essential and workforces were dispersed around the world, it was people, together with their devices and a hodgepodge of home networks, that would make up the new enterprise perimeter. 

Cybercriminals adapted to this new reality and began to target remote workers, and the cost was colossal. Conservatively, 80% of organisations around the world experienced phishing attacks in 2020, and in the third quarter alone, the average ransom payment increased over 31% from the previous quarter, all while the global cost of cybercrime exceeded 1 trillion dollars. 

Before the pandemic, the cardinal sin most companies committed was inaction. Organisations had simply never prepared to accommodate remote work on such a large scale. In IT, we often spent time pondering different business continuity questions like, “What if there is a fire - where I am storing my data? What about a flood, hurricane?” As a result, localised disaster plans were implemented, but no one planned for the prolonged exodus of the worker. 

Fortunately, there are steps companies can take today to begin operating securely with a dispersed workforce, but to do this securely it’s important to consider a Zero Trust framework. By 2025, Zero Trust access and architecture will be the norm. Whether on-prem, in the cloud, or at the edge, security will no longer be determined by where you sit or which network you are connected to.

Zero Trust is predicated on the notion that we must assume bad actors are on our network, no matter what security controls or technologies we have in place. So, we take a ‘never trust, always verify’ approach to security. If you haven’t begun this journey yet, here are 5 steps that will help put your organisation squarely on the Zero Trust path:

1. Understand and validate the device being used to access the network

Your company may encounter several device ownership models: corporate-owned, BYOD, edge devices, on-prem and cloud, all of which need some sort of access to business data for productivity. Whether or not there are threats that exist on a device must be weighed prior to allowing any device to access a company resource.

A platform that allows for the provisioning of any device, including corporate-issued and employee-owned, is vital. This will allow IT teams to have maximum visibility over all endpoints that are being used to access business data.

2. Tighten security beyond usernames and passwords

Instead of relying on insufficient and often forgotten passwords and usernames, companies should strive to use more secure tech such as digital certificates that combine with biometric capabilities like facial recognition. This not only removes the burden and the responsibility for an employee to consistently supply and memorise strong passwords, but it also improves the user experience by unlocking Single-Sign-On capabilities. 

Eliminating passwords should be tightly coupled with the ability to establish a contextual relationship between the user and the data that they are accessing. It simply isn’t good enough to grant access after the correct username and password is entered. According to Verizon’s 2020 Data Breach Investigations Report, compromised passwords are responsible for 81% of all hacking-related data breaches. Limiting simple passwords access, while governing the capabilities that are granted to users by default needs to be squarely in your company’s crosshairs. 

IT staff should also be armed with the ability to look at contextual attributes like “Where is the employee connecting from?” “From which type of device, and is it compromised?” “Which network they are connecting from, is it secure?” "What’s the time and location?” For example, if an employee logs in from London, and then tries to log in from New York or Singapore directly after, that should raise an alarm. Only by consistently examining key security attributes that are continuously collected from the user and device can we establish a Zero Trust relationship.  

3. Understand which applications are accessing your data

Just because a service like Salesforce.com is an established and reputable brand, doesn’t mean every app connecting to the service can be trusted. For example, there are many third-party apps designed to help Salesforce users. These apps can download and even share company data with other third-party cloud services. And of course, there is also the risk that an app can contain malware, which may share data with unknown parties or be used to compromise a device. 

Companies should only allow access to their data from apps they trust and that they can manage. Even for trusted apps, they should implement DLP (Data Loss Prevention) policies dictating how, and with whom, data can be shared. If an app, or even the user or device become untrusted, companies should have the ability to revoke access to a cloud service, remove or patch an untrusted app, and delete sensitive data from the device. 

4. Verify networks

It would also benefit organisations to implement polices dictating how data can be accessed from insecure networks, including common hotspots like a coffee shop or other open Wi-Fi networks. If users are accessing trivial or non-critical data that may be acceptable, but for access to more sensitive data, users will need to be on trusted networks. Companies should endeavour to ensure that employees are not inadvertently accessing rogue networks that may be a launching point for a MiTM attack. Companies should also consider requiring the use of a VPN connection to access company data, because they can be sure the Data-In-Motion is encrypted. 

By far the best and most secure user experience for remote workers can be provided by deploying a per-app VPN. A per-app- VPN is an encrypted split-tunnel that allows the mobile user to connect to company resources via a secure SSL connection and access personal apps and websites via the Public Internet. Only company-approved apps (as opposed to malware) access the secure tunnel and ultimately the protected corporate resource. 

5. Protect and remediate threats in real-time

Hackers and bad actors are increasingly targeting remote workers with mobile phishing attacks via SMS, messaging apps and email. Increasingly, social media is also an avenue for infiltration; Verizon’s 2020 Data Breach Investigations Report found 22% of breaches involved social media attacks. It’s vital to protect against phishing attempts, particularly with a remote workforce accessing data from a wide variety of devices that have many attack surfaces. To combat this, automation and machine learning (ML) can be utilised to detect threats and take proactive action to prevent users from opening malicious links before they cause irreparable damage. 

Understanding the threat posture of a device is therefore critical: Does the device have the ability to detect phishing URL’s, malware, zero-day exploits, and risky network conditions like MiTM attacks? In the case of mobile, is there a mobile threat detection solution in place? If it’s a desktop device, is endpoint protection deployed? It’s important to build comprehensive defences that look at all of the attack vectors, including device, network, application and phishing attacks. 

It’s important to detect threats, but companies must also be able to respond to threats as they emerge. A good solution should also allow you to mount a defence when suspicious activity is detected. You may wish to warn a user, or you may wish to block access to a company or cloud resource. You may even wish to remove data from an untrusted endpoint. Equally important is the ability to self-heal. 

Enable self-healing

Organisation’s need to provide their employees with tools they actually want to use, and that will aid their productivity. The last thing they want is employees waiting on hold with the helpdesk, which is why a comprehensive solution should have the capability to reprovision services once a threat has passed. A threat dashboard isn’t enough if you can’t respond to a threat quickly and get back to business when that threat is no longer active.  

The rise in cyberthreats in 2020, meant it was one the busiest year on record for security teams as they fought off bad actors and adapted to new employee behaviours. To mitigate these threats in 2021 and beyond, organisations should consider embracing these five steps on the path to Zero Trust security. Companies that do will have an easier time operating in the post pandemic, everywhere workplace and will be prepared for a secure and productive future, no matter what it may bring. 

By Russ Mohr, Ivanti

Share article

Jun 18, 2021

GfK and VMware: Innovating together on hybrid cloud

GfK
VMware
3 min
VMware has been walking GfK along its path through digital transformation to the cloud for over a decade.

GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.  

In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade. 

“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.

Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.

By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.

One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.

“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.

Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs. 

“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.

The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment. 

The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.

One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.

“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.

“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client. 

“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”

Share article