Regional Vice President & Country Manager (Canada), Palo Alto Networks
Companies dealing with a remote workforce in difficult circumstances have tools to make it easier and more secure for employees.
The COVID-19 pandemic forced a mass migration of the workforce from the office to the home, putting cybersecurity at the forefront for organizations managing employees remotely.
Statistics Canada reported that about 40% of Canadian employees began working from home because of the pandemic in late March, amounting to 6.7 million workers when you include the 1.8 million who were already working from home.
The cumulative number is a big chunk of the country’s working population. With close to five million suddenly setting up shop at home because of shelter-in-place orders, IT personnel have had to ensure their corporate networks can maintain the same level of security with employees’ personal devices.
“Visibility and control become factors with remote workforces, so having endpoint protection, cloud management for both public clouds and applications, and the right policies in place to protect data and users is important,” says Ivan Orsanic, Regional Vice President and Country Manager at Palo Alto Networks.
Enabling access from anywhere
To adapt to a remote workforce and make the transition feel seamless for employees — and to have minimal impact on users — companies need to approach the issue from a few different angles. Orsanic points to Palo Alto Networks’ Prisma Access as a good start — a cloud-delivered secure access service edge (SASE) platform that allows users to securely access the internet from anywhere.
Such a tool works well with the company’s GlobalProtect “Always On” virtual private network (VPN) connection to enable secure and direct access for mobile users connecting with their personal devices, Orsanic adds. This way, an organization would be able to see and control all application traffic to ward off threats and protect all data.
This is done on a per-user basis, rather than only per IP address. A next-generation firewall can filter in good connections, though it would still look for anything out of the ordinary to prevent data loss.
“Organizations can still utilize their existing networking infrastructure, like public or private clouds, and virtual or physical firewalls, for instance,” says Orsanic. “This flexibility doesn’t restrict organizations to adhere to what we think is best but allows for them to utilize our products to optimize their network and security posture as they expand their remote workforces.”
Maintaining visibility to ensure security
With access and expansion done, Orsanic points to Palo Alto Networks’ Cortex XSOAR product as a way to set up a virtual security operation centre, giving a company complete visibility into all key security metrics. “It empowers your team to virtually collaborate on investigations in real-time and to automate and standardize any security processes to save time and reduce human error,” he says.
Along with scouring for outside threats, it can also let IT personnel know if those within the organization are following best practices. Orsanic cites a hypothetical example of users who might disconnect from VPNs to improve bandwidth as one form of outright avoidance.
“If user activity is low and there’s limited visibility on the activities, then chances are the user is finding ways around the processes that have been put in place,” he says. “Endpoint management and security tools also shed light on user activities, while data loss prevention (DLP) services can inform and manage user behaviour around critical data.”
How to Secure Your Mobile Workforce
There’s a shift happening in mobile workforce remote access. Before, mobile users would connect to the internal data centre using a remote access VPN, which acted as a gateway. This allowed users located beyond the perimeter firewall to access resources within the data centre. Now that applications have shifted to the cloud, remote access VPN no longer makes sense for network optimization.
Traditional Approach to Remote Access VPN Has Challenges
Usability: Connectivity can be confusing and challenging.
Performance: Distance degrades performance and mobile users can potentially be very far from their organization’s headquarters. When the application is in the cloud, this distance increases even more.
Security: You can’t be sure how mobile workforces are connected — and protected — at any given time.
A Better Solution: It’s All in the Cloud
- Accommodates global scope and scale
- Provides access to all applications
- Connects users from any device
- Provides consistent security
- Improves user experience