Secure your remote users in 2010

As companies shave operational costs by hiring more remote workers, IT security teams should plan to protect sensitive data being used by a highly mobile workforce in 2010.

Economic conditions are forcing IT to postpone new projects and delay infrastructure upgrades, but studies have found that the sales force is usually the first to rebound in high-tech companies looking for a direct path to revenue.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Now is the time for security teams to start planning and budgeting on new approaches to secure the corporation's digital assets as the dynamics of the workforce shrinks or grows with the economy in 2010. Security teams in high-tech organizations can plan for increases in the number of remote sales users before the company adds new office workers and upgrades facilities.

There are a few technologies that security should be investigating for gradual deployments in the coming year to help mitigate the heightened risk of business disruption and data loss from a larger workforce of remote and mobile users in 2010.

Plan to ride the investments in new employee laptops to put Microsoft Windows 7 to the test. The shift from Windows XP to Windows 7 is inevitable for IT, so the organization may as well enlist the support of remote users to gain experience with Windows 7 security features. Windows 7 appears to provide a significantly stronger platform for applications than XP that may result in reducing the security burden. Understand the security features of Windows 7, trial secure configurations with remote workers and be prepared to use the knowledge gained to transition the rest of the workforce off XP when economic conditions allow.

Eric Ogren's weekly security columns:
How to use Internet security threat reports: Security threat reports help drive security vendor business, but they can also provide some useful information for IT security pros.

Two-factor authentication, vigilance foil password theft
:Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and develop new defenses.

Chip and PIN adoption serves lesson for U.S. payment industry: As payment processors offer plans for end-to-end encryption, the UK is finding success with chip and pin deployments. The U.S. payment industry should take notice, expert says.

Remote user virtual workspaces will protect browsers and VPN agents from malware on home computers and less secure public networks, such as those found in hotels and cafes. The sharp uptick in recognized attack volume reported in threat reports is significantly driven by malware disguised in browser active code, browser plug-ins and browser toolbar plug-ins. The best protection against these attacks is to isolate the business access software from the underlying operating system and applications. Enhancing the security of remote connectivity software should yield fewer calls to the IT service desk and fewer chances to lose regulated data. A compromise solution would be to re-examine Microsoft IE 8, which has some nice security enhancements for remote users.

Unified communications and collaboration (UCC) technology over the Web can keep a distributed team in touch while also shaving travel and telephone bill expenses. Security capabilities exist to assure that UCC communications are held with strongly authenticated users, conducted over secure sessions, and audited for compliance with security policies. Showing the corporation how UCC can be secured can lead to cost savings and improved responsiveness to remote users.

The demands on corporate security are going to increase as businesses come out of the economic doldrums, and the demands will start with remote users. Strong authentication, transparent data encryption and secure communications to corporate applications are the basics of securing a distributed workforce. Security teams should also be using this planning time to prepare for Windows 7 migrations and also perhaps enhance operations for remote users with virtual workspaces and UCC capability.


Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to eric@ogrengroup.com.

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close