The problem:
As a society, we are in uncharted waters. Who would have thought just a few weeks ago that we would have a halt to the global economy? It is unclear how long this will last, but we as business and government must persist and find a way forward.
The good news is we have seen traditional environments leverage remote access tools (i.e., Webex, Zoom, GoToMeeting) along with high bandwidth that is available at the residential level to make this practical. This has made it much easier to gain access to e-medical services, remote schooling, and other daily needs while under quarantine. This is encouraging, and such innovation and embracing current technology will likely transform how we operate as businesses, government, and consumers. The future is bright in many ways during this time.
Running IT infrastructure has always had some notion of remote administration or access due to the nature of where the infrastructure sits. Due to our competitive, fast-paced, global society, organizations must keep applications running with minimal downtime. There are efficiencies to be gained by remote administration, and in the short term, this is an absolute requirement. If this is the “new normal” how do we ensure that infrastructure is secure and critical administrative actions are conducted according to company policies or procedures? Just as important, if unexpected actions or compromises are identified, can we be certain continuity of services and availability of infrastructure meets expectations?
The Setup:
Many technologies can be considered. Breaches and threats come from phishing, malware exploits, privilege escalation, malicious code. The list of threats is never ending. Which may cause organizations to become paralyzed in their determination of where to begin. The concepts I propose for consideration are in my mind, are identifiable and quick wins for organizations to see benefit. This is in no way a complete list, and a layered approach to security must be considered. There is no question as a community, we need to collaborate on reference architectures to ensure the best path forward. In the spirit of starting to find a path forward, I will suggest a few concepts below as a starting point. It is undeniable that cybersecurity is a critical concern, but some may ask why is it more urgent now than any other time? Quite simply this is when we will see a dramatic increase in attacks to our public sector and commercial assets. If you are a bad actor, there is no better time than in a chaotic period such as this to catch organizations off guard, infiltrate, and exfiltrate valuable data, and gain control to monetize it.
What to do:
A few items to consider are as follows:
Data–at–rest always has and will continue to be a primary target in any organization. There is not a breach report published that doesn’t outline the primary objective as being the “data.” Are you protecting critical data from being easily accessed, compromised, or exfiltrated? Even worse, what if a bad actor was to encrypt the data and hold it ransom in your own data center? Have you considered a data encryption strategy for protecting said data?
There has never been a more critical time to be vigilant in ensuring systems are meeting industry standards for compliance. If an “event” occurs, you will be held accountable by your leadership, board of directors, or others for not being consistent. Do you have a plan to assess your current state of compliance and how you will stay in a compliant state? Have you considered an approach that involves automating standards such as HIPAA, NIST, GDPR, and many others that you may be deficient in by having your staff operating remotely? Can you honestly maintain this without an automated strategy?
Lastly, but undoubtedly critical, is the ongoing issue of privileged user access. What happens to your business or government agency when core infrastructure or services are not available? Does it make sense to consider rules on what actions can or cannot take place during this period of remote access? Have you implemented two–factor authentication to mitigate the compromise of credentials? What about the concept of secondary approval, where a second person authorizes a critical operation? The impact of not concerning yourselves with unexpected outages of infrastructure could impact brand and trust by customers, critical citizenry services, and put productivity at significant risk.
In closing:
Make no mistake, the adversary is very eager to take advantage of our current situation. They will not rest while the rest of us are in a state of anxiety about our 401k, jobs, and self-quarantine. These are trying times, and I am confident we will find our way. But, let’s not let our current circumstances create the opportunity for conflicting interests to disrupt our way of life even further!
Our team at HyTrust takes our mission to maintain the integrity of critical infrastructure seriously. We welcome the opportunity to review your situation and support your goals of a secure, and highly available enterprise. For more information – www.hytrust.com