Hybrid and remote working have now been around for years and became the norm throughout the pandemic, writes Toby Skerritt, Product Manager at the platform Nerdio, pictured.
Today, you’d be harder pressed to find a job opportunity that asks you to work from the office five days a week than one that is completely remote. Indeed, research from Gartner found that almost half of polled employees continued to work remotely even after the pandemic ended.
Shocking as it was for some organisations to make that switch to a new setup back in 2020, over time, most have built out a strong and reliable hybrid working system, with employees settling into their routine and accepting the status quo. However, one aspect of remote working that many organisations still grapple with is cybersecurity. This is especially challenging to get right for businesses that often rely on third-party workers or contractors, who aren’t core, embedded parts of the organisation’s technology infrastructure. Let’s take a look at the security risks such organisations face and how to circumvent them using cloud technology solutions.
Hybrid working: a cyber challenge
Cybersecurity is an important concern for every organisation, regardless of the way they work. The reason why hybrid or remote working practices can be especially dangerous, however, is because they take devices and users outside of an organisation’s traditional management boundaries. As a result, the management of these devices can only be done across the internet, or using VPN connections. This in turn increases the management complexity and may lead to a nasty case of configuration drift, a condition where the device’s status is not audited or managed for extended periods of time, leaving it vulnerable to malware or cyber criminal activity. Additionally, remote devices are also at greater risk of access by unauthorised users for a variety of reasons.
Adding third-party workers to the mix
The security situation gets even more complicated when third-party workers and contractors enter the scene. Though they do not inherently pose a greater risk than full-time employees, the methods by which they access corporate data can increase the risks to an organisation. Contractors often use their own devices to access corporate data – devices which can often be unmanaged and could potentially be affected by malware, creating a perfect storm of cyber risk.
DaaS to the rescue
One of the best ways of protecting your organisation against these specific security issues is implementing Desktop-as-a-Service (DaaS) for every user, whether full- or part-time, contractor, or third-party employee. DaaS provides managed desktops to users across the internet. These desktops will normally exist within the corporate network, meaning they can be deployed and secured in the same way as other corporate devices. The same security policies can protect all corporate devices used to access sensitive data, resulting in more consistency and higher levels of security across the entire corporate network. Using DaaS, files and data remain within its secure infrastructure, rather than being accessed locally using the internet or via a VPN, meaning the risk of data leaks or compromises are significantly lowered, regardless of the user’s relationship with the company itself.
Things to bear in mind
While DaaS is an extremely helpful solution from a security perspective, there are a few things to remember while implementing it. The DaaS estate is only as secure as the policies you have in place to control it. Unsecured DaaS platforms remain just as vulnerable to compromise as corporate networks or personal devices left unprotected. However, DaaS comes with the benefit of allowing organisations to dictate policy and configuration settings for all users and devices. This means that all devices can be secured and protected against malware and bad actors in exactly the same way – that is, if your policies are set up correctly.
It is also beneficial to segregate your user types logically, creating dedicated environments or ‘pools’ per use case. This allows the specific policies which manage the individual pools to be tailored to the security and access requirements of the users. For example, it may be valuable to provide desktops to contractors on a dedicated, segregated network which provides limited access to company resources, ensuring that these users can only access the data which is required.
The bottom line
Desktop-as-a-Service is a useful and comprehensive tool for organisations looking to protect the totality of their staff from cyber criminal activity, allowing them to implement the same security policies across different devices. This can greatly reduce the threat remote workers and contractors pose and ensure that hybrid working setups function without putting the organisation at risk.
