As individuals responding to the global pandemic, we found ourselves developing new ways to cope, remain healthy, and stay connected. At HPE our approach was no different. We had to move quickly to ask all team members to work from their home offices[1], doubling our remote workforce from under 30,000 to over 60,000, within an accelerated timeframe that allowed only days for planning and execution.
As our partners and customers worked in parallel to design their own crises management plans, we all found ourselves in the same boat: we faced massive expansion of the attack surface of our IT environments, and that meant significant risks to business operations.
From a security perspective, we all needed to be concerned about:
Device sprawl. With a distributed workforce operating from home offices, businesses run the risk of confidential company documents, intellectual capital, and personal information being leaked via malware infiltrating the company network through unmanaged and unknown devices.
Collaboration risks. Companies that are primarily office-based may not have collaboration tools to support a geographically dispersed, remote workforce, so teams will adopt their own ad-hoc collaboration tools without the foresight to include adequate security.
Access Demand. When the switch is flipped, and employees are asked to work from their home offices, users can inundate the Help Desk and other support teams to gain access to VPNs and collaboration tools that enable them to stay productive. This can lead to shortcuts and mistakes that will eventually impact overall business productivity.
Workarounds. The sudden surge in VPN, VDI and similar remote access techniques is overwhelming many companies, which drives users to seek alternate processes and solutions that are not necessarily sanctioned by their organization. This introduces a high level of risk until the organization can develop and deliver prescribed policies and procedures, and put tools in place to handle an increased number of users.
Increased attacks. According to ComputerWeekly.com, the COVID-19 crisis could present the largest ever cyber-security threat. Examples of security breaches include phishing campaigns and email scams that may be tied to COVID-19 topics; Distributed Denial of Service (DDoS) attacks that could be aimed at healthcare providers to deny or delay service to remote healthcare workers; or, targeting vulnerabilities in VPN software and collaboration tools.
There are a number of best practices that are evolving in real-time, that involve balancing short-term crisis response with a more planful approach. Here are some actions you may want to consider to help mitigate security threats on the immediate front:
- Reassess remote access security policies. (such as BYOD policies) Are your current policies and controls sufficient for the new normal? Use this time as an opportunity to reassess VPN policies, Mobile Device Management (MDM), and how VDI can help you successfully manage your business during times of crisis.
- Strengthen your Network Access Control capabilities. HPE Aruba ClearPass can directly address your BYOD issues with a wide range of checks that determine if a device on the corporate network meets defined minimum security policies. If a device does not meet those standards, it can be placed on a high-risk network segment where its activity can be limited. This high-risk network segment isolates remote devices, and can “force” remediation such as applying patches and settings prior to allowing the device on the corporate network. HPE also offers professional services to help you understand your risks, set security policy, and rapidly deploy Aruba ClearPass.
- Adopt new security strategies and architectures. As you look to the future, consider where you may need to adopt a zero-trust model or more cloud-based monitoring systems for remote devices. HPE also offers Security Advisory and Professional Services that can help you fast-track these solutions on your journey to the new normal.
In conclusion
In a recent interview with CRN, HPE’s CEO Antonio Neri expressed his pride in the HPE technology and teams that are being call upon to help battle the coronavirus on the frontlines.
‘From enabling medical clinics to supporting telework and remote education to powering scientific research, we are focused on delivering for customers in bold new ways in these trying circumstances,’ says HPE CEO Antonio Neri, CRN, 3/19/2020.
This is truly a time when we can extend our hand and recommend our technology to make a difference in the lives of people in all walks of life, in all parts of the planet. To help you assess and address common challenges that could impact your successfully navigating these troubled waters, we have created a three-part Webinar series where HPE SME’s further explore how you can tackle potential security threats; provide advice to help you maintain productivity, now and in the future, and discuss how HPE is lending a hand to help healthcare and educational institutions address their immediate challenges.
Today, as countries start to slowly reopen for business, our customers and partners are at many different stages of crisis response and recovery. I remain inspired by their resilience as they grapple with the challenges and risks of business continuity planning, and adapting to their new normal during social distancing and shelter-in-place mandates.
We will all emerge from this time as changed, in a world that has evolved into a “new normal”. But we will be stronger and wiser, too. In the interim, please do not hesitate to reach out to us. HPE is here to help.
Wishing you health and safety.
Fred
For more information on Business Continuity solutions from HPE, please visit our website @Here to help.
Featured articles
- Nine steps to the new normal via HPE's Enterprise.nxt
- Security checklist for working from home via HPE's Enterprise.nxt
- Want to know the future of technology? Sign up for weekly insights and resources
[1] A smaller number of volunteer team members, performing mission-critical roles, remain on site with customers, including those helping set up pop-up hospitals and healthcare facilities.
Fred_Kohout
Fred Kohout serves as Vice President of Product Marketing at Hewlett Packard Enterprise (HPE). Mr. Kohout joined HPE through the acquisition of Cray, where he was the SVP and CMO.
