What measures should be implemented to secure teleworking?

secure teleworking

Today, more than ever, the way organizations manage to secure teleworking has an impact on the overall security of information systems. Teleworking is no longer a project or a temporary exception; it is now strongly anchored in organizations’ practices and represents an additional challenge for IT departments: it is no longer a question of being able to secure the remote accesses of certain employees on a temporary basis, but rather of being able to secure the remote accesses to the information system of the entire staff, employees with multiple profiles, connecting from uncontrolled networks, sometimes even from personal computers.

How to secure teleworking?

There are many measures to implement in order to secure teleworking, some of which, because of their effectiveness, should be among the priorities of CISOs and CIOs when it comes to massively deploying teleworking to employees in their organization:

  • Strengthening the conditions of access to IS resources: a simple password is not enough, especially in a teleworking situation. SSO (Single Sign-On) mechanisms, allowing the use of multi-factor authentication, while guaranteeing user comfort, must be deployed on workstations. Therefore, it becomes very complicated for any third party to access information system resources when the workstation is turned off or locked.
  • Checking the workstation compliance: ensuring the identity of the person in front of the workstation is not enough, it is also required to check the compliance of the workstation itself. A good way to prevent the emergence of malware on a workstation is to automatically check for the presence of an antivirus, a firewall or updates before accessing resources. This type of verification drastically reduces the risk of malware and is a prerequisite for BYOPC (Bring your own PC to access the company’s resources).
  • Partitioning access to IS resources: within the same organization, the resources used by employees vary according to their department, hierarchical level, or business profile. By partitioning access to resources, it is possible to give each user access to only those resources that are necessary for his work (“least privilege principle”) and thus limit any potential spread of malware.
  • Tracing access to IS resources with great precision: although it is important to know who has connected to the IS, it is not enough to simply trace the users. An accurate traceability consists in knowing who has connected to which resources. With this level of information, any potential source of resource compromise or data leakage is more easily identified by CISOs and CIOs.

Thanks to these 4 measures, the attack surface and possible access doors to the information system are greatly reduced. They are a very solid basis for any organization wishing to secure teleworking.

ZTNA: the right solution

These measures, which may appear heterogeneous at first glance, can nevertheless be easily deployed by subscribing to a ZTNA (Zero Trust Network Access) cloud service solution such as Systancia Workroom Session. This solution allows to secure the telework of all the employees of an organization in just a few clicks.

Indeed, ZTNA is now considered as the preferred solution when it comes to providing secure remote access to selected applications of the information system. The Market Guide for Zero Trust Access, published in June 2020 by Gartner analysts Steve Riley, Neil MacDonald and Lawrence Orans, explains how ZTNA allows an accurate, adaptive, identity-based access and improves the flexibility, agility and scalability of access to applications. Since teleworking is now strongly established in the organizational processes of companies and administrations, it must be accompanied by a high level of security, with the purpose of achieving the same level of security whether the employee works from home or from the company office. For CISOs and CIOs, any measure that allows to secure teleworking effectively, with the least possible constraint for the user, must therefore be implemented in order to guarantee the global security of the information system, whose potential entry doors and risks are increasing.