Blog Series: Supporting the Secure Workforce — Cloud Services

Harnessing the Ubiquity, Speed and Scale of Cloud Services

In Part I of our 3-part blog series – Supporting the Secure Remote Workforce: A Prescriptive Approach on How to Respond to the Rapid Surge of Telework and IT Services, we described the three components that agencies should manage and secure in a remote telework scenario. To recap, these are Cloud Services, Endpoints & Identities, Cybersecurity & Enterprise Infrastructure. In this blog we will expand on how we can harness cloud services to enable the secure workforce.

Enabling Secure Cloud Access and VPN Services with Cloud Security Services/CASB

One of the security design patterns in CISA’s guidance utilizes cloud security services, more commonly known as cloud access security brokers (CASB). The CASB serves as a policy enforcement point and management entity, for users’ traffic destined for cloud service providers. Since a majority of user network traffic can be optimized with direct-to-cloud connectivity, a CASB serves as a practical solution for teleworkers.
CASB augments or adequately replaces the security stack typically found in traditional data centers or TIC. And because CASB’s core competency is “brokering” connectivity to thousands of cloud services, CASBs have established optimized network routing and technology integrations which further improves remote workers’ user experiences. Many CASBs have expanded their security capabilities to include secure web gateway functionality, network threat protection, IaaS compliance, VPN services, etc. Agencies should consider these new cloud security capabilities to consolidate their cybersecurity tools and simplify operations.

CARES Act – a $2 trillion stimulus package passed by Congress that calls for rapid expansion of citizen services and corresponding technologies to alleviate the stress to existing IT infrastructure services.
“How do we scale to support a growing need for online digital services?”

Other Cloud Services to Support the Digital Services and the Remote Workforce

Improving Citizen Services and Enterprise IAM with Identity as a Service (IDaaS)

With stimulus funding tied to increasing use of digital citizen services, agencies may need to rapidly develop and deploy citizen-facing web applications and resources that can benefit from highly scalable and secure cloud-based identity services. One practical use case is to quickly provision identity services in the cloud to augment, enhance or expand the existing identity & access management solution for agencies. Think of all the business processes, applications and enrollments that agencies may need to enable in order to provide citizen services.

This same identity services platform can also serve as a logical policy enforcement point for an agency’s remote users. Policy enforcements need to expand beyond traditional network access control points – especially for remote telework scenarios – to include user authentication. IT can centralize the authentication and authorization using cloud services allowing for ease of access, improved availability and scale. Consider the paradigm of the user’s identity as the new perimeter, where policies for multi-factor authentication, single sign-on, and adaptive access can be applied.

Secure Communications and Collaboration

Cloud-based communications and collaboration tools have become an essential part of our daily work and social life. With all the negative publicity you hear regarding the security and privacy of some web conferencing tools, it is essential to recognize that there are practical applications for more consumer-focused web-conferencing tools vs. enterprise communications tools. For agency remote teleworkers, the need for secure, enterprise unified communications and collaboration (UC&C) is essential. Security characteristics of an enterprise UC&C include 256-bit end-to-end encryption, compliance features such as archiving, enterprise integration, and administrative controls. Enterprise features such as 1:1 and group messaging, audio and video conferencing, and file sharing, and screen sharing are essential for users to remain productive. Common use cases for secure UC&C might be conducting emergency response, cyber incident response, sharing sensitive information containing PII or PHI, or highly sensitive/classified information.

Whether it’s for identity service, secure collaboration, email or other remote services, we can expect increasing demand for more cloud use cases due to the ease of use, scale and rapid deployment of cloud services. It’s important to understand how best to govern the use of cloud services, while providing a frictionless experience for your remote teleworkers and consumers of your cloud services.

Blog Series: Supporting the Secure Workforce — Cyber Resilience

Manage and Secure the Endpoints – Protect the Enterprise

“Down to just essential personnel working onsite, how do I support this rapid surge of remote teleworkers and IT services?”

Surge Readiness of People, Process and Technology

This is a common theme we hear a lot from our customers. Operational efficiency is critical to successfully address this surge. We see this firsthand with the growing adoption and use of cloud services. When enabling the secure remote teleworker, besides the cloud service, there are two other critical control points for policies and management: the endpoint and the enterprise cyber infrastructure. These two critical control points are inherently intertwined where configuration settings, controls, and policies are applied and continuously feed information to each other to adapt and improve overall security posture.

How Secure are Your Endpoints? The Need to Protect Against Peripheral-Based Threats

Threats to our endpoints continues to evolve. Whereas anti-virus/ malware technology used to be adequate for endpoint security, threat actors are using signature-less, file-less or zero-day attacks on our endpoints essentially making traditional anti-virus/malware tools less effective. As a result, endpoint security has evolved to include endpoint detection and response (EDR), and more broadly endpoint protection platforms (EPP). Many of these solutions use machine learning and utilize the cloud for speed, scale and operational efficiencies. We strongly recommend the use of EDR/EPP as a first line of defense for your endpoints. Specifically, for remote teleworkers utilizing a cloud-based EDR solution can improve IT operational efficiencies with easier updates, threat detection and response.

Another threat vector that is emerging are rogue peripheral device attacks. Unlike threats that capitalize on vulnerabilities in the operating system or applications, rogue device attacks operate at the physical layer, beneath traditional detection mechanisms. Often appearing as trusted devices to the operating system (i.e. USB hubs, keyboards, mice, etc.), they can bypass device policies and pose a hidden threat to endpoints. Recently, this BadUSB attack concealed as a fake Best Buy gift card shipped to a hospitality customer contained malware. This threat can be more acute in remote telework scenarios with the vast number of consumer peripherals and lack of IT visibility.

The image below is of a compromised mouse which contains a wireless controller that captures and transmits data to external sites. Supply chain hacks such as these have become more prevalent and agencies need a way to protect against them.

Ensure Productivity with Comprehensive Endpoint Visibility and Control

Real-time visibility, control and compliance of endpoints — especially in remote telework scenarios — is critical for operational effectiveness. A performant, functional and secure endpoint is crucial for agency teleworkers to remain productive and deliver on the agency’s mission. Proactively monitoring, measuring performance and remediating at scale is a critical element of the secure, remote workforce.

Monitor and Maintain Cyber and Enterprise Infrastructure Resiliency

This brings us to the last logical control point of our approach and arguably the most critical component: our agency’s cyber and enterprise infrastructure. IT services, policies, technologies and staff all emanate from our agency’s own premises. This still holds true even as we support a secure remote workforce.

The Principles of Zero Trust

The Interim Telework Guidance speaks well to the need for establishing good cybersecurity hygiene for teleworkers and cyber infrastructure. Specifically, doing standard practices like backup & recovery, vulnerability assessments, auditing and inventory should be standard operating procedures. Merlin has developed a Zero Trust Security model that contains foundational and critical security principles that support a secure remote workforce. These are based on the core tenets of: Identity, Workload and Network Security.

Having comprehensive telemetry and appropriate policy control points to secure the remote workforce is enabled through this zero trust security model.

Adapt, Automate, Detect, Respond

With the expanded threat landscape brought by the remote workforce, it is important to ensure that your cyber defense tools can adapt to the changing environment. Machine learning/AI-based solutions can effectively detect and protect your network against known and unknown threats. Furthermore, it’s important to ensure that your solution can integrate with the control points we discussed, whether they reside in the cloud, endpoints, or infrastructure.

With limited staff and growing demand on IT, orchestration and automation are even more relevant. Turning rudimentary, manual processes into automated workflows saves time for IT. An extensible platform with an open API framework provides quick and seamless integration into enterprise security tools, business systems and corresponding workflows.

At Merlin, we partner with market leaders and innovators in cybersecurity to bring you mission-ready solutions. We have a comprehensive approach to delivering an end-to-end security framework based on zero trust security principles to secure you remote workforce. Reach out to us for a briefing or demo of any of the solution capabilities described in our blog series.

Blog Series: Supporting the Secure Workforce — Teleworker Spotlight

A Prescriptive Approach on How to Respond to the Rapid Surge of Telework and IT Services

DHS CISA recently published an Interim Telework Guidance to support federal civilian agencies as they deal with the surge in teleworking. The guidance was issued to help agencies leverage existing resources to secure their networks and comes on the heels of the pandemic crisis as agencies face challenges with insufficient capacity and legacy infrastructure.

The DHS guidance specifically addresses the scenario of remote users connecting to agency-sanctioned cloud services. While this interim guidance is temporary and does not represent a particular TIC 3.0 use case, it will be integrated into the TIC 3.0 remote user use case. Importantly, it provides a blueprint for constructing resilient and flexible infrastructure ready to support what perhaps will become a “new normal” of ubiquitous cloud services supporting a remote workforce and digital citizen services.

Cloud Services, Network Challenges and Recommended Approach

It’s no surprise that cloud is the main focus of the guidance as many agencies have moved IT services to the cloud (i.e. email, collaboration, CRM). With the sudden surge of remote teleworkers, agencies’ network bandwidth, VPN devices and cybersecurity stacks are strained. This comes as a result of traffic hair pinning where remote workers’ traffic is routed through centralized trusted Internet connections. Legacy network architecture in the federal government is not optimized for the shift to a user-centric/direct-to-cloud network model.

With the telework guidance, CISA recognizes the need for agencies to support a more user-centric, direct-to-cloud network architecture. They provide guidance on how to effectively secure the network traffic specifically for remote teleworkers connecting to cloud services. Utilizing policy enforcement points and management services, remote users can securely connect to agency-approved cloud services without the need for hair pinning.

Components of a Secure Remote Workforce

What constitutes a secure telework environment? First, it helps to understand a couple of the constructs that CISA illustrates in their guidance, and defines more broadly in TIC 3.0 documentation: Policy Enforcement Point and Management Entity.

A Policy Enforcement Point is a security device, tool, function or application that enforces security policies through technical capabilities. Essentially, it’s a logical insertion point for control manifested through policies. A Management Entity is a notional concept of an entity that oversees and controls the protections for data. It can be represented through organization, network device, tool, function or application. Basically, the management entity becomes an aggregation point for policies information such that IT has control and the ability to analyze and make intelligent decisions.

With an understanding of these two constructs, we can logically think about the secure telework scenario along these three key components: Endpoints & Identities, Cloud Services, Enterprise Cyber Infrastructure.

These three components serve as our management entities and logical insertion points for policy enforcement. In this blog series, we will discuss technologies, application of technology, and how we can align to the security best practices in CISA’s guidance.