Among security practitioners and leaders globally there is a common conversation happening. “Is now the time to rework our infrastructure and practices to be more secure, in the middle of all this uncertainty. Do we react, and just make it work? Or do we consider the threats we are knowingly introducing and accept that risk? And how do we do this during a pandemic?” Honestly, those are very fair questions to ask. But that conversation has to happen and it has to happen now. Let’s explore why now, right now, is the time for this transition to begin and dive into the opportunities that we are presented with by this crisis.
Thanks to an unseen adversary, a microscopic enemy, the month of April was one of the most tumultuous in modern history. In less than 30 days the world’s previously well understood and defined enterprise architectures had no choice but to abandon their somewhat secure enclaves and open the gates to their employees to enable a work from home model. For almost every business in every vertical, the majority of their workforce was effectively shoved out of the door, told to power on whatever machine they had at home, regardless of its security posture, and find some way to connect to the company infrastructure at all costs. With reckless abandon and in a compressed time frame 30 years of enterprise perimeters were shredded as tens of thousands of holes were “poked” into them. Each and every new access, laptop, PC, VPN, user, account, and home network are new potential compromise points for these infrastructures and there has been literally no other option than to basically allow those uncontrolled and insecure assets to connect into the enterprise because if that did not occur, the company, and potentially the economy, collapses under its own weight.
And how have enterprises handled all of this transition? By strategically and thoughtfully maneuvering users and assets into secure long term programmatic future state solution sets? No. Most have simply fired up more VPN’s (which are known to be insecure), and by using RDP as a main protocol and access means to “manage” those rogue assets. Which of course further complicates the issues around the transition. Already, Cyber-security firms and researchers are noting that the number of brute-force attacks targeting RDP endpoints has risen sharply since the onset of the coronavirus (COVID-19) pandemic.
According to one report, RDP brute-force attacks increased last month by 41%. Even more telling researchers have found an increase in the sales of stolen RDP credentials on so-called “RDP shops.” Those credentials will be used by other gangs and criminals to help them access a company’s network, and potentially install ransomware on company assets. For most enterprises, the way they have adapted to this crisis is by some form of direct access.
While this is the simplest method, it is also the least secure remote access method. This is problematic for a few reasons. First, those protocols are essentially exposed to the internet and are a ripe target for brute-forcing, credential spraying and ultimately some of those credentials will be used as part of a spear-phishing campaign. Second, those remote services likely allow unmanaged devices direct access inside the corporate network, and because of the way the unmanaged systems work they provide little visibility into the new hosts that are connecting to these services. Finally, those assets are home devices and are unmanaged in that they likely have no patch management, out of date anti-virus, excessive privileges, administrative controls, and operable external device connectivity. A recipe for disaster is brewing.
Unfortunately, this is how things “have” to be for now. You must react and you must respond to keep the business alive. That requires you to make things work and accept those risks, but it shouldn’t be that way for long. It can’t be that way. This won’t be just a blip in time either, this is indicative of what is to come. And this virus will continue to have an impact on your enterprise even as things “normalize”. Employees are already saying they are more worried about working in an office, 49% as opposed to 21%, as this has played out. It’s likely those employees won’t rush back to the company network for a variety of reasons. If that’s the reality then it’s even clearer to understand that now you have an opportunity to change the way you approach this problem and move progressively towards a more secure, but more remote future.
Awingu enables the change needed for a secure remote workforce
Awingu sees the change that is coming. And we have built our solution to align and to enable that future, but we have built our solution differently than those other outdated approaches. We see the value of the strategy that is helping enable the future state of enterprises and make it possible by keeping the user off of the active internet and protected inside of a secure container. By doing this we can help easily enforce tenets of Zero Trust like password management, patch management, using remote workspace solutions, browser isolation, and a host of other secure remote workforce solutions all at once.
Example: BlackBerry Digital Workplace
Let’s have a look at how Awingu & BlackBerry created the ‘BlackBerry Digital Workplace’: a BlackBerry bundle that contains Cylance Protect, BlackBerry Desktop, and Awingu for a very attractive price. This bundle provides secure and controlled access to VDI’s, remote desktops, Server Based Computing, intranets, file servers, … inside a managed container (BlackBerry Desktop). The container happens to be a Chromium-based browser that is optimized to run Awingu. The bundle also pushes Cylance Protect – a next-generation ML-based malware protection solution – to the local device. When Cylance Protect is not running on the device, there is no access possible to the container (BlackBerry Desktop) and as such also no access into Awingu. Perfect to roll-out Bring Your Own Laptop or to give contractors (and B2B customers) secure access to your business applications and files.