2019’s BYOD and BYOM will seem tame compared to the big comeback of 2022, as workers reap the benefits of working between the office and the home office. They will bring their favorite devices, software, and platforms, increasing corporate network vulnerabilities exponentially. And while working from home and sharing files, who defends the castle?
The #WFH VPN Vulnerability
For more than two decades, companies have relied on the encrypted connection provided by a Virtual Private Network (VPN) to allow employees to access corporate email and transmit data securely over the Internet while traveling. or working remotely.
Matthew Rakes, general manager, information technology and cybersecurity at Unity Aluminum, suggested that depending on how IT has set routing policies, a VPN might not mitigate all risk. “One of the issues you may encounter is that if someone has a compromised local network or device and they connect via VPN to the company, then that device now has traffic coming into your network.”
There is a degree of Big Brother that has been assumed to be acceptable when employees are on company property. “This is where I think we need to form user expectations to better understand that when you’re using a particular app, we’re going to be Big Brother, even if we’re going to be indifferent to the rest of your network,” Rakes said.
The term “Big Brother” often evokes the idea that evidence is gathered against the user. “I often think the best view of this is quite the opposite,” Rakes added. “We should actually be seen more as defenders of the castle.” A strong and secure IT department should first and foremost aim to protect employees and company data alike. “We should seek not only to protect data, but we should seek to help protect and defend the people who represent your business, and the best way to do that is to provide them with secure tools that help them know that ‘they don’t find themselves in a compromising situation,’ he said.
Rakes takes a long-term approach to adding technology to employee feedback. “We are looking at what solutions and technologies we can acquire now that alleviate our immediate pain, but will allow us to better transition to greater efficiency once people are back in the office.” Post-COVID, Unity Aluminum will continue to have a flexible remote work policy. “But we recognize that one of the many benefits of being in the office is collaboration,” Rakes said. “We use tools from Mersive, Cisco and Microsoft, which have helped us close the gap.”
Wherever possible, Rakes deploys a cloud-first model for IT and AV solutions. “It takes a lot of work out of IT when you don’t have to worry about security patches because Microsoft Azure already takes care of that for you,” he said.
Unity leverages a suite of Cisco technologies for its on-premises wired and wireless networks. “We use Cisco Identity Services and Cisco capabilities that work as an umbrella that can identify known hardware components and dynamically insert them onto the correct VLAN, regardless of the network they initially connect to,” Rakes said. By moving to a “zero trust” security model, “with Cisco Duo Security, you’re able to achieve dynamic resiliency, so when someone connects to a network, enters their credentials to authenticate on that network and then it says, ‘Oh hey, I know who that person is. I can dynamically put them on the right VLAN,’ he said.
When choosing AV solutions, Rakes looks to companies with a security-first approach. “One of the things we like about Mersive is how they handle communication from the Solstice client to a pod is different from a lot of other AV solutions,” Rakes said. “Mersive started from the following approach: ‘How can we secure the transmission of this traffic?’ then, “Now let’s make sure the audio-video protocols are working.”
[ How to Think About Network Security After COVID ]
Check and apply
When it comes to security and BYOD/BYOM devices, the biggest challenge is verifying and enforcing an organization’s security policy. “Assets owned by the organization can be standardized and managed remotely. This allows the organization to enforce security best practices on network devices,” said Paul Zielie, AV/IT Industry Consulting Solutions Architect, AVCoIP. “BYOx devices could introduce malware that, once inside organizations, can cause serious damage.”
The best way to mitigate risk is to require a security package running on BYOD hardware. “If employees want to use these devices on the organization’s network, require the security package to be running while logged in,” Zielie said. “You then use a port-level security protocol like 802.1x, which verifies that it’s running before data is transmitted.”
[ Shure on the Importance of Networked Audio Security ]
Next Generation Firewall
“It’s not realistic to add protective services to every device that can be added to a collaboration space, but there are still several steps AV/IT managers can take to enable safe, secure collaboration and productivity. and transparent,” said Nathan Holmes, training manager at Snap One. Separate remotely connectable collaboration zones from the rest of the corporate network, use a next-generation firewall solution with unified threat protection services, and ensure your IT team is up-to-date on security threats. cybersecurity and employing IT best practices are some easy first steps to securing your corporate networks while supporting a remote workforce.
AV/IT managers are accustomed to creating an Information Security (InfoSEC) plan for their respective companies, but these plans are usually based on most, if not all, of the employees residing in the hardware area of the network. controlled company. With the shift to BYOD and BYOM, the InfoSEC plan should include strategies for allowing employees to join the collaboration space via devices that may not be using protection services. To mitigate security threats to all devices, we recommend the following course of action: Developing and executing a comprehensive security policy that includes unified threat protection, provides every employee with the network equipment they need to work remotely, ensure devices include active information security services, actively manage and update these services, provide secure VPN access to every employee, and ensure there is a policy and specific procedures for connecting non-corporate equipment to the corporate network.”
“A modern collaboration platform must include a suite of security features to guard against a variety of risk scenarios,” said Brian Cockrell, Intel Unite Solution product owner and co-founder of Intel. Strong encryption must be in place. The Intel Unite solution uses end-to-end Transport Layer Security (TLS) encryption between a participant’s device and a room hub, whose connection to the server, on-premises or in the cloud, is also end-to-end TLS encrypted at the end. In addition to encryption, there should be safeguards against unauthorized access to sessions, such as a rotating PIN, and the ability for participants to lock a meeting, as well as kick unwanted participants. Other security features include keystroke lockout, protected guest access, and the ability to authorize individual use. Finally, content should not leave the organization’s network and usage data should be anonymous. These protections should be built into software that is easy to learn and use. Otherwise, obsolescence becomes the first protection. Good for security, but bad for collaboration. The Intel Unite solution is a good example of a collaboration platform that includes all of these features.
When a new collaboration platform is combined with peripherals and plug-ins, especially in BYOD, BYOM and remote environments, the result is a staggering number and variety of potential risks, some predictable, others new. Do your research and choose technology wisely. Has the software been endorsed by other users? Where does the data go and is it sufficiently protected? What data is collected and where is it stored? Once the risks and benefits are fully understood, weigh them against a risk profile and choose the tools that offer the best balance.”