Network administrators have long been stretched thin in their attempts to maintain global endpoint security settings, configurations and patching. Now that most, if not all, of their organization’s employees are connecting remotely, the job has become even more difficult.
Once end users move beyond the relative safety of their office buildings, they’re essentially out in the wild. They might be using their own devices rather than standard issue machines to connect to the corporate network, and conforming to IT policies is probably not their highest priority right now. Perhaps their kids are playing on their devices, or maybe they are surfing the net in their downtime, taking corporate-maintained endpoints to new, potentially dangerous sites. And these are just some of the new complications IT administrators face on the end user side. It becomes even more complex when you consider the implications of widespread remote connectivity on network performance.
IT teams have to find and implement effective endpoint management solutions, even in far from ideal circumstances. This new norm, necessitated by COVID-19, is likely to persist long after the pandemic passes. How employees work and teams interact has fundamentally changed. As such, network administrators have no choice but to adapt.
Remote problems
Many tech companies have allowed some degree of remote work in recent years. But letting a select number of team members work from home a day or two per week is far from what companies are facing today. These situations are also less common than generally believed. According to a 2019 survey conducted by the U.S. Bureau of Labor Statistics, just seven percent of U.S. workers have access to a “flexible workplace” benefit (telework), and those who do are generally in management positions. This means that it is extremely rare for companies, let alone large enterprises, to have the entirety of their workforce connecting to the corporate network from remote locations all at the same time. Organizations simply did not build their infrastructure for situations like this.
As a result, myriad issues are surfacing. For example, in the rush to equip employees at home, laptops have been issued without security software or standard installs. It is highly likely that multiple vulnerabilities exist on an employee’s home network, and IT administrators are being inundated with requests from end users who are lost in an unfamiliar working environment. They can’t just swing by a workstation down the hall anymore to see what’s happening. Instead, IT administrators are left to wonder about things like whether an employee’s endpoints are configured correctly or if all endpoints received the latest patches. Are the right settings being applied? Is the Configuration Manager client working and installed correctly? How are systems performing? And administrators today are attempting to answer these and other questions from their own remote environments over a virtual private network (VPN).
Under normal circumstances, endpoint management software delivers patches and updates on a well-orchestrated schedule so that they don’t impact network performance or business operations, but these vital updates can take significantly longer over a VPN and the employee’s home internet. Some might not be able to be delivered at all. Because of the significant strain of content distribution over a VPN, many machines are not regularly maintained, updates and patches are not pushed, and this leaves networks vulnerable to outside threats.
Bad actors
Corporate networks are also facing new security threats as a result of the common work-from-home practices highlighted above. Such threats can increase an organization’s pain and financial loss exponentially.
Bad actors are well aware of the IT issues COVID-19 has brought to light. They understand these problems and pressure points; they know endpoints are likely behind on patches or updates. Machines not configured correctly? No problem. The current environment is a dream to someone eager to exploit any vulnerability.
So, what is a company to do?
The best defense is for network administrators to execute automated health checks for endpoint management, but these checks have to be delivered seamlessly without impacting the VPN. Just like companies can’t afford a breach, they can’t afford to negatively impact production traffic with time- and bandwidth-consuming scans and content delivery.
Automate to secure the remote workforce
The right automated software can ensure that these worries are resolved. Fortunately, intelligent software now exists that quickly finds, diagnoses and fixes problems without placing a strain on the network. Innovative cloud-based solutions can enable secure content distribution with incredible speed and scale, requiring nothing more than an internet connection. They can do this by harnessing split tunnel VPN architecture, making it possible for endpoints to get content directly from other internet-facing computers or from a content delivery network (CDN), such as Azure CDN.
These types of solutions enable organizations to rapidly respond to security breaches and vulnerabilities, patrol and enforce configuration management policy, and maintain windows operating system (OS) health. They also reduce help desk calls and speed resolution as well as keep applications and software healthy and running.
But organizations should be careful. Deploying a new solution in the midst of a pandemic can be a dicey proposition. First, the buyer must feel confident that a solution does what it claims to do. Any vendor should supply references upon request. Next, a solution has to be fast and easy to implement. IT staff are already underwater. They don’t need one more challenge thrown their way. A new solution will only be adopted if it makes their work simpler without demanding more of their time. Additionally, any new solution should minimize the impact on the end user or else the complaints will flood in. And finally, organizations should look for solutions that generate easy-to-understand reports that show what’s going on with endpoints at any given moment as a result of health checks.
With these factors in mind, enterprises can alleviate some of the negative by-products of shifting to a remote workforce, making them more secure and efficient both now and in the future.
As first published in Security Magazine.