Thought leadership article: How to establish a comprehensive security posture for remote enterprise connectivity - TalkLPnews Skip to content

Thought leadership article: How to establish a comprehensive security posture for remote enterprise connectivity

  • Reading time 1 minute
Minnesota shoplifting bust narrowly thwarts potential mass-shooting planned by suspect: ‘Deathtoamerikka’
image

GUEST OPINION: Businesses are more connected than ever, with remote operations driving a large part of IT activities. As remote work becomes the norm, the importance of security has skyrocketed. In the context of future of work programs, 60 per cent of organisations are planning to deploy further network security in the next 18 months.[1] However, according to IDC, security and remote access technologies are considered the most challenging to integrate into new project deployments and initiatives.[2]

Sojung Lee, President – Asia-Pacific, TeamViewer, said, “There was a time when IT systems were safely tucked away behind company walls, accessible only from specific, secure locations. Now, the digital world has no borders. Employees, partners, and vendors collaborate constantly in a shared online space. While this offers great efficiency, it also introduces risks, and simple mistakes or overlooked settings can lead to significant security gaps.”

In a climate where 50% of businesses experienced an increase in cyberattacks in the past 12 months, a basic security plan won’t cut it anymore.[3] Today’s enterprises require a comprehensive, company-wide security strategy. To meet this growing demand, organisations should implement a six-layered structured framework to enhance their security posture:

Layer one: the commitments for security posture

A strong security posture begins with a clear corporate commitment. In fact, 81 per cent of businesses view connectivity programs as a top-priority investment, making these commitments all the more crucial.[4] This top-down approach includes:

  • keeping employees informed with the latest security updates
  • consistently training partners and vendors for a safer ecosystem
  • actively engaging with the wider security community and collaborating on briefings, forums, and with government entities.
Layer two: setting expectations

To secure operations, companies must set clear security standards. Most breaches can be traced back to either privacy lapses or access violations. At the heart of effective security lie two core principles: privacy, which protects employee and proprietary data; and access control, ensuring only authorised personnel manage vital systems.

Layer three: defining the actors

To establish effective security measures, it’s essential to recognise and understand the different actors involved. In organisational terms, these actors are grouped into:

  • Human: whether an employee, partner, or vendor, they interact with other people and systems, fitting into specific roles and departments.
  • Machine: encompassing computers, servers, and network devices, these are tools stakeholders use daily, which are vital for business and operational flows.
  • Bot: designed hardware/software with basic programming that emulates human or machine behaviours and uses automation to streamline tasks.

A robust security posture, especially in remote connectivity, begins by examining these actors. This internal review sets precise security expectations for each player.

Layer four: understanding the security risks in enterprise applications

Based on current trends in cyber and network security, there are four types of security risks for enterprise applications:

  • Inherent risks: arising from neglecting basic security practices, like not employing encryption, potentially compromising remote worker security.
  • Interdependent risks: stemming from exposed sensitive data. For instance, revealed login details can endanger a workstation. Security here is built on the safe exchange of such data.
  • Incidental risks: associated with communication intermediaries. For example, misconfigured firewalls or compromised virtual private network (VPN) gateways can weaken security.
  • Intrusive risks: centred on access. The more different access points available, the higher the risk. Missteps here echo concerns of the other risk types.

Layer five: the key security configuration objects

To effectively mitigate prominent security risks, several critical parameters must be intricately configured within the remote connectivity platform:

  • Identity: establish a unique identifier for each actor, ensuring clarity in communications and safeguarding actual identities.
  • Credential: verification mechanisms are essential. Implement processes like authentication checks and encrypted information exchange to ensure a secure connection between the involved parties.
  • Policy: implement rigorous access rules and determine permissions based on factors such as user location, time, and role. Regularly review and adjust these permissions to account for changes in user roles and other relevant factors. This constant review ensures that only authorised users can access systems and mitigates risks associated with a lack of off-boarding or outdated permissions.
  • Connectivity: secure every data exchange. Employ end-to-end encryption, akin to protocols used by secure websites, to ensure communication integrity.
  • Deployment: continual vigilance is key. Incorporate regular updates, encryption key rotations, and monitoring for any anomalies.
Layer six: the golden security rules

These rules provide guidance on how to arrive at the best possible security posture supporting any enterprise remote connectivity. With 87 per cent of organisations adopting digital-first strategies, these guidelines should be integrated as soon as a system is installed and user accounts are set up:[5]

  • Multi-factor authentication (MFA): use multiple authentication layers, such as two-factor authentication (2FA), for added security.
  • Ease of access: implement features like single sign-on (SSO) for streamlined daily operations without compromising security.
  • Allowed user list: create clear, specific rules about system access to ensure only authorised individuals gain entry.
  • Strong passwords: advocate for unique, lengthy passwords and promote periodic password updates.
  • Software updates: use automated procedures to ensure systems are always updated, reducing vulnerability.
  • Backup: schedule regular, automated data backups for recovery assurance.

Sojung Lee said, “For companies adopting remote connectivity, it’s important to establish a strong security framework from the beginning. Ensuring resilience against potential cyber threats is not just about technology; it’s about laying a comprehensive foundation that includes education, communication, and shared responsibility. This strategic approach will ensure that businesses can maximise the benefits of remote connectivity while safeguarding their operations.”

[1] https://www.teamviewer.com/en-au/campaign/idc-infobrief/

[2] https://www.teamviewer.com/en-au/campaign/idc-infobrief/ 

[3] https://www.teamviewer.com/en-au/campaign/idc-infobrief/ 

[4] https://www.teamviewer.com/en-au/campaign/idc-infobrief/

[5] https://www.teamviewer.com/en-au/campaign/idc-infobrief/

http://itwire.com/guest-articles/guest-opinion/thought-leadership-article-how-to-establish-a-comprehensive-security-posture-for-remote-enterprise-connectivity.html