How Fortune 500 Companies Can Speed Up Transitioning to a Remote Workforce
If you talk to global CxOs today, two of the biggest challenges they will highlight during these unprecedented times would be – (i) to enable business continuity with remote access, and (ii) accomplish security goals tied to user identity. Unlike small- and medium-sized businesses, Fortune 500 companies are mired with complex processes that may not allow them to move faster and make quick organizational changes during crises. With a large number of employees and systems in place, rapidly transitioning into a remote environment without visibility into authentication policies, access privileges, and security threats could potentially open them up to cyberattacks.
So, how do you swiftly enable remote access to meet sudden business requirements, and at the same time, secure your remote users? Can Fortune 500 companies move fast amidst bureaucracy and over-engineered processes?
Case in Point – a Fortune 25 Company Enabled Secure Remote Access, in No Time
To help other organizations that are facing similar headwinds, we thought we would share the story of how one of our customers – a Fortune 25 company – achieved this goal while transitioning their entire workforce on to a remote environment – in just about a week!
Security Needs, Challenges and Potential Gaps
Within a short period, the Fortune 25 customer’s IT and security teams needed to onboard almost 100,000 employees and contractors to a remote working environment. Because of the rapidly changing circumstances, they were unsure if they would be able to provide company-issued laptops with secure remote access.
Since they were looking for a quick approach, the strategy of authenticating users via a cloud single sign-on (SSO) was dropped – it would take them more time to move existing applications to the cloud and then build desired policies. Also, they would have to deal with two other challenges:
- Deploying authentication servers in the cloud could expose them to cyber threats, and
- User accounts and system compromises that may arise from unsecured endpoints
To enable remote access, the Fortune 500 company set up a Virtual Desktop Infrastructure (VDI) in the cloud, and identity store (e.g. Active Directory) to enable the remote users to access the VDI environment, authenticated via a federated system in place.
With not enough time, any potential risk gaps and attack paths needed to be immediately identified and secured. The top 3 beings:
- The Entry Point – To enable step-up authentication and secure remote users, the most suspicious connections should be identified using behavior and risk. These connections should then be either flagged from the rest; forcing them to use MFA (Multi-Factor Authentication), or blocked from accessing the resource.
- Access to Core Network – After the users are set up for remote access (e.g. allocated with a virtual desktop), they should have strong authentication as they logon to the actual domain, and also the same unified experience they had on the entry point – all these without the need to install or maintain MFA agents on user endpoints or the VDI.
- Protect Identity Store – Have stronger protection for the identity store that is now exposed to remote users, from anywhere. What if a remote user was taken over (e.g. by phishing) and the attacker gained access to privileged user credentials? What if the remote user was a stealthy administrator with escalated privileges on the domain controller (DC)? They wanted to have complete visibility and control over any access to the identity store, from the VDI environment.
Given the requirements of speed and minimal disruption to the network, we, at Preempt, had to address both the use cases that mattered to the customer – real-time security of the infrastructure and visibility and control of user activity. This would require no change to access control policy while keeping applications as they were. The customer would be able to allow remote access for all employees, meanwhile securing the remote users without additional overhead for IT and security teams.
By using AI and ML to detect threats across the kill-chain, Preempt can automatically trigger MFA only for suspicious behavior – distinguishing true threats from valid behavior. Using the Preempt platform, our customer was able to:
- Enable risk-based Conditional Access across multiple identity stores, while improving user experience
- Get faster time to value – deployed in less than a week!
- Benefit from simplicity in architecture – no agents on user endpoints
Are You Set Up For Remote Access?
Change is inevitable during unprecedented times and this includes how businesses manage their remote workforce. Many of these changes need to occur immediately. Whether you’re a large Fortune 25 company with 100,000+ users or medium business with fewer users, you must quickly and confidently enable remote access for all employees and secure your organization, while they work from home.
Posted by Roman Blachman on March 31, 2020 9:47 PM