On Friday we wrote a blog post that talked about remote work and security from a workers perspective. We included a checklist. In this post, we want to develop that idea and talk about it more generally from a company and IT strategy perspective. We’ll start with some pictures to illustrate some of the issues.
The content of this post is also in this google slides presentation.
A Basic Network
Consider a basic network for a classic “small” company.
When the laptop or phone at the bottom come out (as when work is not on premise), everything falls apart. Identity won’t work. Access to files won’t work. Access to internal systems won’t work. In short, in a classic pre-cloud IT model without an explicit VPN strategy, many things don’t work.
A More Realistic Company Network
Most companies have more of a hybrid network.
In this network:
- The Apps / Servicse in the lower right are still accessible (presumably SaaS based services)
- The work in the cloud (AWS) is still accessible. Developers and IT admins can reach it. Though the VPN based “peering” is no longer very useful.
- HQ is basically hard to reach without VPN
- Corp Data is hard to reach without VPN
- Security tools running in HQ or CorpData don’t see regular user traffic
Tools That May Not Work
Some tools we put in place for security, simply will not work the same way without adaptation.
- Identity (Active Directory)
- Intrusion Detection (IDS)
- Data Loss Prevention (DLP)
- Group Policy
- Enterprise Hosted Anything
Building a VPN now to restore connectivity to specific internal systems may solve certain problems. It will come with oversight and will not get you back to where you started in terms of the corp network and full connectivity.
Its a little late to start talking about business continuity strategy, but anywhere that it is possible to leverage cloud based services using a shared identify (SSO) system is going to be the most resilient to specific cloud or network issues.
Therefore, we advocate that companies bite the bullet and use cloud based resources wherever possible.
- VPN - If you can, offer this as widely as possible
- Immediate Security Guide - Write down what you expect (See checklist)
- Support Channel - Your users will need help
- Communications (Standardize on Zoom/Slack, etc.)
- File Sharing (Standardize on OneDrive/Dropbox/etc.)
- Identify business processes
- Prioritize business processes
- Cloud alternatives
- Start & adapt monitoring
- Nail down patching (Auto updates)
- Review investments
- Is support working?
- Cloud based services
- Operationalize monitoring
- Playbook for support
It is time to quickly embrace the cloud and SaaS based services.
Use a risk based approach to prioritize.
Want to stay up to date with the lastest from Jemurai?
Sign up for our monthly newsletter!