Securing the New Remote Workforce

The unexpected impact of a VPN-centric workforce 

Recent change means the workforce isn’t interacting with the IT estate in the same way it was a few months ago. The perimeter in 2020 includes personal devices, home routers, smart TVs, and a myriad of connected devices within individuals’ home networks that now interconnect with corporate ones, thanks to our new work-from-home reality. 

IT teams have scrambled to swiftly turn an entire workforce remote in order to maintain operations, and in many cases, security best practices have been relaxed to ensure productivity continues. At the same time, bad actors have increased malicious activity in the hopes of exploiting organizations to access their most valuable assets during this vulnerable time.

Ultimately, it means the risk matrix, which represents the likelihood and impact of a breach, has shifted – and not for the better.   

How VPN can hurt while helping  

The rush to grant access to newly remote workers, the majority of which have never been remote before, resulted in IT teams scrambling to expand VPN SSL access. As our CTO PJ Kirner recently wrote, thousands of new devices, mixing professional and personal, are now passing through perimeter firewalls to access internal corporate networks. The challenge here is that viruses can and do propagate through VPN, which are ultimately a wide-open pipe onto your network (much like being plugged into a switch in your data center).   

One infected work device, VPNing in from home, can permit malware down the pipe and into the network, allowing viruses and malicious actors to traverse an organization and gain access to everything from legitimate workloads to sensitive, high-value applications.

The impact of those mission-critical systems going dark today is magnified by the modern business demand on those systems.   

Applying control where you have it 

The reality is that security teams have lost some control and visibility of end-user devices, but they must remember where they do still have control: network and cloud micro-segmentation.

Visibility is a key first step in micro-segmentation. It not only allows organizations to understand where their high-value, "crown jewel" assets and dependencies live, but it also allows for the quick creation of low-risk segmentation strategies. The execution of micro-segmentation to mitigate the increased risk of lateral movement must be independent of the underlying network fabric. Failing to decouple segmentation from the network results in a fragile network and leads to higher risk and longer time to deploy.  

Illumio’s Adaptive Security Platform allows IT teams to remedy this new risk by instituting elements of the Zero Trust framework, including application dependency mapping and segmentation of workloads in the data center to stop any lateral movement in the event of a breach.  

Regardless of what infrastructure your critical workloads reside on – physical, virtual, cloud or container – Illumio provides an easily actionable defense strategy. Identify your critical workloads, deploy in days, and gain the power of a real-time application map to define, test and institute micro-segmentation policy. 

In our new, primarily remote corporate environments, that same malware still travels from a compromised device through the VPN connection passing the perimeters firewall defenses. The difference is on the application side: high-value assets are segmented. Once a workload is compromised, the interconnectivity of that connected workload is reduced by as much as 95%, and the result is a limited blast radius from any breach.   

This means you can lock down a hundred critical workloads in days and shrink your risk profile instantly – rather than attempt to identify and manage potentially thousands of devices, many of which ultimately sit outside of the control of IT. 

To learn more about the benefits of micro-segmentation:

• Check out this overview of Illumio ASP.
• Get your copy of The Forrester Wave for Zero Trust.