How to Improve Your Remote Access Security Solution with Reduced Risk
With more users accessing corporate data from various locations and with larger volumes of data residing beyond the range of traditional perimeter defenses, the need for remote access security has never been as pressing as it is today. In this post, we talk about the importance of implementing remote access security, the risks it is designed to mitigate, and other benefits this type of security control brings to the table.
Remote Access Security Importance
A decade ago, if a person went to work, that usually meant going to the office. That also usually meant using office PCs as well as software applications and files installed/stored on those stationary endpoint devices. This changed gradually as people started to discover the benefits of working remotely and leveraging cloud-based applications.
Fast forward to today, working remotely—whether full time or part-time—as well as using cloud-based applications has now become the norm, driven in a large part by the COVID-induced lockdowns as well as company-initiated measures to keep employees safe from the virus. When a person goes to work today, it may often mean performing work-related tasks at home and accessing corporate files, applications, and even virtual desktops remotely, often from a bring your own device (BYOD) endpoint.
To provide users remote access to files and applications hosted on company servers (whether in on-premises datacenters or in public clouds), typically businesses employ technologies such as remote desktop protocol (RDP), virtual private networks (VPNs), or, in the case of Software-as-a-Service (SaaS) applications, hypertext transfer protocol (HTTP).
Regardless of what remote access technology/protocol a business employs, the act of performing remote access alone exposes users and company data to certain risks.
The Risks
The moment users start accessing digital assets outside your perimeter defenses (much less do so through unmanaged devices) the number of risks can become practically innumerable. Here are some of the risks users get subjected to when performing remote access:
- Permissible Virtual Private Network. Traditionally, VPNs were used only by IT staff. That meant the level of access these tools were configured for were relatively elevated compared to regular users. Unfortunately, when those regular users were given remote access through these VPNs, those configurations and even the firewall rules for VPNs remained largely unchanged. This gave users privileged access to resources and systems that were beyond the scope of their role. Naturally, if a threat actor somehow managed to take over a user’s VPN account, that person would also acquire those same elevated privileges.
- Vulnerable remote devices. Most users lack the awareness and skill to secure their own devices. That’s perfectly fine if they’re using a company-managed, office-based workstation. Security staff can take care of patching, hardening, and securing those devices. However, the devices remote users typically employ for work are BYOD devices (e.g., their home PC or personal laptop), which don’t receive that kind of treatment and are thus exposed to a wide range of threats such as malware, unauthorized access, misuse by a family member, etc.
- Limited visibility in remote devices. In order for cybersecurity staff to monitor or enforce controls on user endpoint devices, those devices must be managed, i.e., registered into the company systems management software, a mobile device management system, or any similar solution. This gives security staff the visibility they need. Unfortunately, remote users’ devices are often unmanaged. Thus, if they’re compromised, security staff have no way of knowing or resolving the issue.
- Mixing personal and work passwords. People have this tendency to reuse passwords. This practice makes remote users highly vulnerable to credential stuffing, an attack vector used to break into user accounts by entering passwords stolen from previous data breaches or hacking incidents. That’s because a threat actor may, for example, log in to a legitimate user’s RDP account using that user’s stolen password. Purely office-based users aren’t as exposed to these attacks since a threat actor has to be in front of that user’s office PC to break into that user’s work account.
- Easier conditions for phishing attacks. Phishing attacks can occur even if users are working from the office. But at least there, there are usually multiple layers of security. There’s always a good chance one of them—a URL-filtering solution, a cybersecurity platform, or even a security operations center (SOC) team—can stop a phishing attack in its tracks. At home or in a coffee shop, users aren’t covered by the same level of protection.
Despite the risks of carrying out remote access, remote work is here to stay. It is therefore important for organizations to adopt security controls to ensure that those remote access sessions don’t put their digital assets in harm’s way.
Security Technologies to Ensure Safe Remote Access
As with other areas of cyber security, there’s no silver bullet for securing remote access. Rather, an effective remote access security strategy should involve multiple layers of protection. Some of the controls you can employ are the following:
- VPN. While virtual private networks, or VPNs, aren’t perfect and can be problematic from a user experience (UX) standpoint, many organizations already have them. That’s because they’ve long been the go-to tools for remote access by IT teams. Thus, if your organization already has a VPN in place, it’s a quick win for establishing remote access security. A VPN uses tunneling and/or encryption technologies to secure connections and can come in handy when users are on an insecure network such as public Wi-Fi.
- Zero trust network access (ZTNA). One of the more advanced options for securing remote access, ZTNA is a collection of controls that restrict remote access to resources based on certain contexts (e.g., user identity, client device security, user location, etc.). Whenever access is granted, it’s governed by the principle of least privilege wherein access is limited only to resources (usually applications and/or data) needed to accomplish a specific task or perform a specific role.
- Multi-factor authentication (MFA). Strong, lengthy passwords are designed to thwart brute force attacks and other traditional attack vectors. Unfortunately, they don’t stand a chance against other attacks like credential stuffing and social engineering. To protect your remote users’ accounts from malicious account takeovers, you need to augment passwords with other factors of authentication such as biometrics, SMS, or time-based one-time passwords (OTPs), private keys, tokens, etc. This will prevent unauthorized remote access even if a password is compromised.
- Privileged access management (PAM). Due to the nature of their roles and responsibilities, privileged accounts such as those assigned to system administrators, superusers, etc., normally have greater access to systems, applications, and data. And so, because a compromised privileged account can have serious consequences, it’s important to employ PAM, especially in cases wherein privileged accounts perform remote access and are hence exposed to the threats we discussed earlier. A PAM is a set of controls that manage, monitor, and control privilege accounts, and it ensures a bad actor can’t cause significant damage if ever an account is compromised.
The Benefits
A properly implemented remote access security strategy can enhance your organization’s security posture greatly. Such a strategy can help because it:
- Delivers highly secure access from any device and location. Remote access security gives users the freedom to work from any device and location without putting corporate applications and data in danger.
- Guarantees safe internet browsing. Remote users practically live on the internet. It’s therefore important to ensure that the activities they perform there, whether work-related or otherwise, don’t put your digital assets at risk. Remote access security controls can help in that regard.
- Shields endpoints. Some remote access security tools are part of a more comprehensive security solution that also secures the endpoints themselves. While these tools might be a bit intrusive since they usually require agent software to be installed on the endpoint device, they can provide protection even to BYOD devices.
- Increases security awareness. A complete remote access security strategy should include user education. This enables users to appreciate the importance of adhering to secure access policies.
Remote Access Security Responsibilities
Although network teams traditionally oversee remote access solutions like firewalls and VPNs, in the modern day cybersecurity teams are more likely to lead and manage the policies, practices, and technology related to guaranteeing safe remote access.
Password sharing, unencrypted personal devices, a lack of cyber hygiene, software that violates an organization’s security rules, and little to no patching are all examples of security issues.
Implement Secure Remote Access with Parallels RAS
Parallels® Remote Application Server (RAS) is an easy-to-use, all-in-one virtual desktop infrastructure (VDI) solution that enables organizations to deliver applications and desktops remotely to any device, anywhere.
The centralized architecture provided by Parallels RAS allows virtualized applications and desktops as well as data to be hosted in a central location rather than installed and stored in endpoint devices, making it immune to risks associated with device theft or loss.
Despite this inherently secure architecture, Parallels security doesn’t end there. Parallels RAS is equipped with several security controls that establish remote access security. Some of those controls include the following:
- Encrypted connections. Connections between end-user devices and Parallels RAS servers are protected by Secure Sockets Layer / Transport Layer Security (SSL/TLS) and Federal Information Processing Standards (FIPS) 140-2 encryption protocols, which minimizes the risk of man-in-the-middle and other network-based attacks.
- Real-time monitoring and alerting. Parallels RAS provides IT administrators with detailed user-session visibility, enabling them to identify user actions on the network in real-time. This is supported by pre-configured notifications and alerts that go off when abnormal activity is detected.
- Advanced permission filtering. Parallels RAS also allows administrators to restrict access to several resources-based parameters, including user, group, media access control (MAC) address, internet protocol (IP) address, and gateway. This is in line with the least privileges principles we discussed earlier.
Are your remote desktop and application delivery sessions protected with remote access security?
With Parallels RAS, all sessions are highly secure.