Security Approaches Post Lockdown
It will not be easy to go out even when the lockdown period is over. The way this pandemic is evolving, will take us far away from what we consider normal, and that is for a while. In such a scenario, how shall we be resuming the day to day operations post lockdown? The role of the security team is now more important than ever because of the pandemic and remote work models, the perimeter of the organization has been modified drastically. Cyber attacks are on the rise, the need to manage many more devices, applications, etc. InfoSec is more important than ever. Most of the companies were able to pull off the remote working with all the struggle with technologies involved. In such a case what a CISO can do by keeping in mind how strategically breaking down the whole organisation infrastructure to cater to remote working conditions, categorizing and prioritizing things. Also looking at where the attacks could come from (having a clear threat model) and measure everything
Problem over the dimensions and effect of the COVID-19 pandemic is developing on a large scale, many organizations are preparing for the effective response and to keep their enterprise up and running. The CISO and CIO have crucial roles in making sure the companies can function flawlessly as pandemic containment measures are pushed. Both roles have to work together to have smooth and secure operations. The more these two roles talk to one another, the better. They need to be on the same page and should have a singular, encompassing plan.
Such pandemics can not only disrupt the business but it may also affect the culture of working in the organisations. It’s a CISOs’ responsibility to make sure their company employees can work from home safely, securely and flawlessly. In order to achieve that, here we are sharing some inputs to measure the pandemic response, maturity model.
We can concentrate on these areas:
Effectiveness of remote working
- While employees are working from home, it should be ensured that there is no disruption in IT services. Organisations to provide equipment, internet services may be something here on companies being able to recommend WFH equipment, best routers, ISPs in their area, etc. Some might even want to consider if they should provide that equipment or rent it out.
- Scaling the IT infrastructure for the remote working scenarios.
- Making Sure the VPN and other remote administration, communication tools that can handle a huge amount of traffic or use cloud broker service to offload the heavy lifting but choosing a partner that is scalable
- Move the trust from the network to devices and user management
- Prepare a plan for the help-desk support team who can help employees working from home. Make sure there is a sufficient help-desk support team capacity. In case of low capacity, consider outsourcing work within the cross-division such as security and the IT team can collaborate and work together. Infrastructure and IT team can work together on a few tasks.
- Enabling multi-factor authentications(MFA) on all the applications in use and third party services in the cloud
- Creation and use of digital workspaces to access all applications in one place.
- Infrastructure (servers, database, applications, networking devices, gateway proxies) must be able to handle a high amount of traffic load.
- SOC teams should monitor user account activities in order to find anomalies, insider threats, malware, etc.
Concentrating on Privacy of the users and the organisation data
- The IT team must be monitoring usage of approved and unapproved applications on user laptops.
- Strengthening Vulnerability management process
- Risk acceptance appetite for the vulnerabilities
- Implement audit procedures to monitor the changes in the process flows.
- Logging and monitoring of all the users and devices.
- Management of hardware and security of the hardware
- Ensure there are no single points of failure within the infrastructure.
- Plan for the backup decision-makers who can keep the business running in case of emergency.
- Prepare for additional resources that may require for employees to work remotely such as desktops, monitor, mouse and other hardware/software equipment.
IT and Security team must create robust guidelines on the following topics for remote workers:
- VPN issues
- Common login issues
- Changing password
- Crisis/Incident escalation matrix and key personnel
- Ticket generating for any technical issues
- How to use remote conferencing tools
- Guidelines on common issues
- Guidelines on security features usage
- Guidelines on usable features
Data centre disaster considerations
- Prepare a response plan and other alternative recoveries in case the data centre is compromised. During the pandemic, data centre staff cannot travel to work in order to fix problems.
- Infrastructure team should perform tabletop exercises for disaster recovery and business continuity management.
- We need to ensure a process is not held by a single person and we are not dependent on a key personnel only. Alternatives should be taken into consideration whether it’s a person, process or a technology.
- A detailed planning activity, where we need to identify which employees really need to come to work, even after the lockdown is lifted.
Cloud Security services
- Organisations have started considering cloud is the way to go in the future, when an organisation is thinking about considering the move what are the risks involved is a bigger challenge to address.
- Consider cloud security pragmatically but don’t compromise security. use trusted vendors
- Understanding the current environment and planning the move to relevant cloud services.
In the past few months, we have learnt, adapted and learnt the new way of working which opens the door for the new normal.