By effect of covid-19, remote work has become something common or even a professional standard.
Organizations are beginning to question how to manage access to the company's IT system. These recent months have demonstrated how important it is to organize on the computer level so as not to be surprised by an opportunistic attack that will turn everything upside down. But that's not all, with telecommuting, how to protect information systems changes. Employees from their homes should be protected. Because their safety is also the security of the company in a certain sense. "The widespread use of telework linked to the Covid-19 pandemic is leading many organizations to question how employees access the company's information system (IS).
This article will also interest you: Coronavirus-proof computer networks
Indeed, the current upheaval calls into question a historically highly perimeter security model that allowed to see and control extremely well what was happening within the walls of the company. Without anyone in the office, employees' access and controls must be readjusted so that they can all work in good conditions and the operational impact is as low as possible. explains Louis Vieille-Cessay, Head of Forward Sales, Security Solutions, Risks – Governance – France, BeLux – Micro Focus
This adaptation of security policies will be addressed on three major points:
– Control and monitoring of access
– Securing sensitive data
– Remote access to the information system
The goal is to be able to manage all access and at the same time ensure continuity of service. That's why you have to ask yourself the right questions:
Who can do what?
Who do we trust and who should we do it?
Who can access what?
How do I ensure access?
How do you control everything?
In short, a few questions that need to be asked in order to have a start of a security protocol.
Beyond all this, come the following problem, that of authentication. In practice several ways to supplement the password is revealed:
– Smart cards
– Single-use SMS
– Cryptographic keys
– Biometric technology
"These different systems now allow companies to think differently about securing and accessing their network, services and applications, while maintaining a trusted perimeter to ensure that Employee X is the X employee. The current trend is to have continuous control over a user's identity and regularly double-check it according to the perceived risk in their computer activity. This concept is currently popularized by market participants under the label "Zero-Trust." Note Louis Vieille-Cessay. "The establishment of a control barrier. Computer security is like physical security. If it is good to have a super lock to close the door of your home and to know who has given the keys, it is necessary to anticipate that an intruder may try to force it, or steal these keys. He adds.
All of these considerations are generally based on experience. For example, during containment, several cyberattacks have unfortunately succeeded, taking advantage of certain security vulnerabilities that could have been avoided. Almost all industries felt the problem. But this is likely to make it easier to understand computer security. Organizations can now better understand and invest in cybersecurity than they used to. But awareness alone is not enough and having the latest means of protection cannot be effective in the sense of a well-defined organisation beforehand. "While it's good to have a state-of-the-art lock, it's also important to have an effective monitoring system. This trend is evident in many organizations. Today, there is a race for human competence for the SoC (Security Operations Center), but also on rapid detection and remediation technologies, ever finer. The quick and effective solution is often to outsource certain SOC functions to players who are familiar with the implementation processes and who have operational expertise. concludes our expert.
Now access an unlimited number of passwords: