Coronavirus caution forces support for the largest number of remote workers in history
For most organizations, this outbreak has shifted supporting “work from home” to the top of the IT to-do list. As your HR department and executive team are undoubtedly asking, what does the IT organization need to do to support — and secure — a huge increase in the number of remote and mobile workers? Here are a few considerations that can help you rapidly scale your support for work-from-home employees:
If you are already a completely cloud-based company, then you are pretty well set (although you might want to make it easier for folks to discover apps and request access, and for IT to automate account provisioning, and provide Single Sign-on (SSO) to those apps). But what about the rest of businesses out there? Most are hybrid, supporting both on-premises apps and cloud apps. What options do they have?
One option is to provide a VPN connection. While this might seem like a quick solution, the fact remains you probably didn’t plan your VPN infrastructure to scale to the number of workers that you will find are working remotely all at once. Also, you need to consider the security exposure that leaves you with so many more remote folks with access to your entire corporate network. If you must use a VPN, at least consider implementing multi-factor authentication at the VPN.
A better solution is to provide access directly to the applications through an application gateway and limit access to only those employees that need it. This approach can eliminate the risk inherent in VPN solutions with secure, behind-the-firewall access to on-premises applications. And by using a cloud-based app gateway there is no hardware to install or maintain, no firewall rules to change, and no need to provide full network access for external users.
While adopting cloud apps made working from home or remotely easier than ever before, the growth in the number of associated accounts created many headaches for users who frequently forget their passwords or lock their accounts. And IT is burdened not only by correcting these mistakes but also with provisioning and deprovisioning the accounts manually across all of these apps.
With Single Sign-on (SSO), access to applications is simplified, as users log in once to a web portal to request access to all the resources and assigned applications needed to do their jobs. You can also install a lightweight Windows service that connects to your Active Directory or LDAP proxy, so on-premises user repositories can easily be used.
Let’s not forget that this large shift to remote work will be new for most workers. Many will find themselves forgetting their password or locking their Active Directory account. With a cloud-based password reset and account unlock solution workers can take advantage of self-service options to reset passwords or unlock accounts, thus reducing the burden on IT departments, as the volume of password-related help desk calls and tickets decreases.
Additionally, SSO solutions simplify partner collaboration by enabling one-click access to applications for partner employees. With SSO, partners securely access your applications according to their policies and processes. Finally, SSO also makes it easy to meet compliance requirements around data access. As users log in to a portal to use assigned apps, there is complete visibility into all access events, making it easy to run reports to prove compliance to auditors.
With so many employees working from home, you no longer have the control and context that a corporate network provides. To prevent identity-related breaches, companies need to implement additional security controls such as Multi-factor Authentication (MFA). The stronger security controls are, the more steps users need to take to gain access to the resources they need. This can ultimately impact both user productivity and overall happiness.
One solution that provides both security and great user experience is adaptive MFA. Unlike traditional MFA, adaptive MFA leverages device, network, location, and other contexts to assign risk to each access event and allow the creation of access policies that are only triggered when risk is deemed high. When used together, SSO and adaptive MFA enable companies to realize the advantages of SSO while minimizing the risk.
One of the problems with most MFA solutions is that they only allow you to skip the extra MFA steps when certain conditions are true, like when a user is working from the corporate network. If everyone is remote, you lose that trusted context that you can easily put into a rule. That is where a user behavior risk analytics solution comes into play. A risk-based machine learning system can observe and determine the “normal” behavior of a worker, like working from a home location during certain hours of the day, and deem that to be a lower risk requiring far less friction than say, a brand new location during the middle of the night which should prompt for more factors of authentication.
While COVID-19 might be the unfortunate trigger of an emergency response plan designed to support a temporarily remote workforce, the measures described here will reap long-term benefits in both productivity and security — especially if the new work culture becomes the norm.
A combination of a remote application gateway, SSO, and adaptive MFA can help you rapidly scale up your support for this influx of new remote and work-from-home workers. By eliminating friction for your end-users and reducing the burden on your IT administrators and help desk, you will help free up the time spent wringing our hands in worry to allow us all to be washing our hands more frequently — and still get our jobs done.