BYOD and BYOM of 2019 will seem tame compared to The Big Return of 2022, as workers enjoy the benefits of working between the office and home office. They will bring their favorite devices, software and platforms, exponentially increasing the vulnerabilities of the business network. And while you work from home and share files, who defends the castle?
The #WFH VPN vulnerability
For more than two decades, businesses have relied on the encrypted connection provided by a virtual private network (VPN) to enable employees to access corporate email and securely transmit data over the Internet while traveling or working from remote locations. .
Matthew Rakes, Managing Director, Information Technology and Cybersecurity at Aluminum Unit (opens in a new tab), suggested that depending on how well the IT department has defined route policies, a VPN may not mitigate all risks. “One of the issues you can run into is if someone has a compromised local network or device and connects via VPN to the company, then that device now has traffic flowing into your network.”
There is a degree of Big Brother that has been assumed acceptable when employees are in corporate ownership. “This is where I think we need to train user expectations so that they better understand that when they use a particular app, we’re going to be Big Brother, even if we’re not going to mess with the rest of their network,” Rakes said.
The term “Big Brother” often conjures up the idea that evidence is being gathered against the user. “I often think the best view of this is the opposite,” Rakes added. “Actually, we should be seen more as defenders of the castle.” A strong and secure IT department must first and foremost aim to protect employees and company data alike. “We must seek not only to protect data, but we must also seek to help protect and defend the people who represent your company, and the best way to do this is by providing them with secure tools that help them know that they are not in a compromising situation” , said.
Rakes is taking a long-term approach to adding technologies as employees return. “We’re looking at what solutions and technologies we can acquire now that will ease our immediate pain, but allow us to better transition to greater efficiency once people return to the office.” Post-COVID, Unity Aluminum will continue to have a flexible remote work policy. “But we recognize that one of the many benefits of being in the office is collaboration,” Rakes said. “We leveraged tools from Mersive, Cisco, and Microsoft, which helped us bridge the gap.”
Whenever possible, Rakes implements a cloud-based model for IT and AV solutions. “That takes a lot of responsibility off IT departments when you don’t have to worry about security patches because Microsoft Azure already takes care of that for you,” he said.
Unity leverages a suite of Cisco technologies for your local wired and wireless networks. “We use Cisco identity services and Cisco capabilities that work as an umbrella that can identify known pieces of hardware and dynamically insert them into the correct VLAN, regardless of the network they initially connect to,” Rakes said. Moving toward a “zero trust” security model, “with Cisco Duo Security, you can achieve dynamic resiliency, so that when someone connects to a network, they enter their credentials to authenticate to that network, then say, ‘Oh, hi. , I know who this person is. I can dynamically put them on the right VLAN,'” he said.
When choosing AV solutions, Rakes looks for companies that put security first. “One of the things we like about Mersive is that the way they handle communication from the Solstice client to a pod is different than a lot of other AV solutions,” Rakes said. “Mersive went from the first approach to ‘How do we secure the transmission of that traffic?’ and then, ‘Now let’s make sure the audio and video protocols work.’”
[ How to Think About Network Security After COVID (opens in new tab) ]
Verify and enforce
When it comes to security and BYOD/BYOM devices, the primary challenge is verifying and enforcing an organization’s security policy. “Assets owned by the organization can be standardized and managed remotely. This allows the organization to apply security best practices to network devices,” Paul Zielie, AVCoIP Industry Consulting Solutions Architect, AV/IT. (opens in a new tab), saying. “BYOX devices could bring malware, which once inside organizations, can cause serious damage.”
The best way to mitigate risk is to require a security suite to run on BYOD hardware. “If employees want to use these devices on the organization’s network, the security suite needs to be running while connected,” Zielie said. “Then it uses a port-level security protocol like 802.1x, which verifies that it’s running before data is transmitted.”
[ Shure on the Importance of Networked Audio Security (opens in new tab) ]
“It’s not realistic to add protection services to every device that can be added to a collaboration space, but there are still several steps AV/IT administrators can take to enable seamless and secure collaboration and productivity,” said Nathan. Holmes, Senior Manager of Training at Snap One (opens in a new tab). Segregate remote pluggable collaboration areas from the rest of the corporate network, employ a next-generation firewall solution with unified threat protection services, and ensure your IT team is up-to-date on cybersecurity threats and employs best practices are some easy first steps to protecting your corporate networks while supporting a remote workforce.
AV/IT managers are used to creating an information security (InfoSEC) plan for their respective businesses, but these plans are typically based on most, if not all, employees residing within the area of network hardware controlled corporate. With the shift to BYOD and BYOM, the InfoSEC plan must include strategies that allow employees to join the collaboration space through devices that may not employ protection services. To mitigate security threats for all devices, we recommend the following course of action: Developing and enforcing a comprehensive security policy that includes unified threat protection provides every employee with the network equipment they need to work safely. remotely, ensure devices include active information security actively manages and updates these services, provides secure VPN access for each employee, and ensures there is a specific policy and procedure for connecting non-company-owned equipment to the corporate network “.
“A modern collaboration platform must include a set of security features to protect against a variety of risk scenarios,” said Brian Cockrell, Intel Unite solution product owner and co-founder of Intel. Strong encryption must be implemented. Intel Union (opens in a new tab) The solution uses end-to-end TLS (Transport Layer Security) encryption between a participant’s device and a room hub, whose connection to the server (on-premises or in the cloud) is also encrypted with end-to-end TLS. extreme. In addition to encryption, there should be protections against unauthorized access to sessions, such as a rotating PIN and the ability for participants to lock a meeting, as well as kicking out unwanted participants. Other security features include keystroke lockout, protected guest access, and the ability to authorize use by one person. Finally, the content must not leave the organization’s network and the usage data must be anonymous. These protections must be built into software that is easy to learn and use. Otherwise, disuse becomes the main protection. Good for security, but bad for collaboration. The Intel Unite solution is a good example of a collaboration platform that includes all of these features.
When a new collaboration platform is combined with peripherals and plug-ins, especially in BYOD, BYOM, and remote environments, the result is a staggering number and variety of potential risks, some predictable, some novel. Research and choose technology wisely. Has the software been reviewed by other users? Where does the data go? Are they sufficiently protected? What data is collected and where is it stored? Once the risks and benefits are fully understood, weigh them against a risk profile and choose the tools that provide the best balance.”