Advantages of Distributed Workforce and Data under the COVID-19 Pandemic

[harlan4096]

Coronavirus Outbreak Threatens to Destabilize European Data Routing Infrastructure

As the COVID-19 pandemic engulf Europe, more and more cities have come under lockdown in desperate effort to stem the contagion. On Wednesday, Mette Frederiksen, Denmark’s PM has announced during a press conference that Copenhagen, along with all major city will observe lockdown measures, effective on Monday.

Denmark is the second European country after Italy to impose draconian measures after the number of confirmed cases has peaked at 514 (updated on 12.03.2020).

Following in the footsteps of Italy, Denmark has effectively shut down schools, kindergartens, universities, museums, and most shops, apart from those selling emergency supplies (food and hygiene items) and pharmacies.

In consequence, corporations operating in Danish territory, as well as local business owners, have unanimously decided to suspend office attendance, endorsing all remote work requests for the duration of the COVID-19 pandemic.

To ensure business continuity, staff working from home have received special instructions on how to access company assets: VPN, for secure connections, online data-sharing tools, such as OneDrive for documents and spreadsheets, and miscellaneous virtual workspaces.

Despite most customer-facing businesses being prepared for the Work-from-Home Exodus”, the data flood has taken a great toll on both ISPs and system administrators curating the organizational physical and logical data-transmission and handling resources.

In a bid to compensate for the increased data load, Internet service providers have already begun expanding the infrastructure and upgrading the software as necessary.

Distributed Workforce & Data Integrity Are Feasible

As outlined in Heimdal™ Security’s article on remote work planning and enforcement, upscaling is feasible. Still, we are left with two major issues: workforce distribution and the impact on business continuity and global revenue. The second issue refers to how data transmission is handled by individual endpoints.

Relying mostly on VPNs for data retrieval and/or modifications, sysadmins can easily become overwhelmed by the sheer number of data ‘contamination’ instances.

As we speak, connections resolved by VPN solution are marked as liabilities, since the service can no longer ensure confidentiality due to massive data surge.

One of the implications would be the fabrication of a ‘recognizable’ footprint, which can (and will be) used by malicious actors to intercept the information while in transit.

To circumvent this issue, sysadmins have begun reconfiguring the company-owned VPN services, in an attempt to accommodate all the requests. At this point, redesigning the network infrastructure could prove an exercise in futility, as it would mean committing considerable resources.

VPN technology has many benefits in terms of data privacy; however, when applied to such a large scale, it will inevitably lead to transmission breakdown and even data loss in some cases.

Naturally, with the VPN overwhelmed, the connection between the endpoint and the company’s server(s) becomes unreliable, increasing the risk of data leak via traffic sniffing or other types of malicious eavesdropping techniques.

DNS over VPN

At Heimdal™ Security, we believe that privacy should complement data security and that you need not sacrifice one for the other. Our studies reveal that both issues related to data integrity can be solved should system administrators chose to employ locally-deployed DNS over VPN.

Strictly speaking from a technical standpoint, connections resolved through ‘endpoint DNS’ are, by far, more secure compared to the one mediated by a VPN solution.

For some time now, cybersecurity experts have discussed the possibility of having all the traffic requests routed through a secure, company-owned cloud. This will not only decreased latency in sending data but will also increase the detection rate of malicious code hiding in random (background) traffic.

Thor Foresight Enterprise, Heimdal™ Security’s DNS filtering solution, addresses this very issue: although DNS and subnet masks are predefined, which precludes the use of VPN-type tunneling, this ensures that no malicious package evades detection, by blocking the connection to the Command & Control servers employed in malware dissemination.

In all regards, DNS outperforms company-owned and curated VPNs since it effectively adds an extra layer of security to your existing cybersecurity infrastructure.

DNS over VPN just one of the measures required to ensure business continuity during the COVID-19 pandemic.

Curating User Rights

Another ‘continuity’ vector that must be addressed is directly related to how businesses or rather system administrators handle users’ rights. Even if most of your staff work from home, the risk of insider threat remains the same if they retain admin-type rights. Unfortunately, there are cases where companies would grant employees admin rights during this work from home bout.

The reasons are not hard to comprehend: either the sysadmin hasn’t moved past the ‘close-contact’ rights management (admin has to manually input credentials into each endpoint) or the automated solution has major design flaws (semi-automatic responses, lack of rapid de-escalation actions, limited upscaling capabilities, etc.).

Insider threats can occur from anywhere in the world – we have moved passed the scenario whereupon ‘the bad guy’ has to be in contact with your endpoint for data exfiltration or to cripple the entire network.

Everything can be done remotely and the incursion can leave very little ‘fingerprints’ behind, this being the main reason why the digital forensics process has become so cumbersome, to the point that the investigator can do nothing but rubber-stamp the case.

Business owners, especially those operating SMBs, will try to ‘cut corners’ by using ‘home-bred’ solutions. In-house admin rights management solutions can behave in anomalous ways when handling requests mediated by external resolvers.

In other words, the solution can work like the proverbial Swiss watch when the endpoints are connected to the internal networks but can encounter various issues during these off-premises sessions.

These shortcomings can be solved by deploying a fully automated and remote admin rights management solution.

Thor AdminPrivilege™ can help your sysadmins review, manage, and adjust the users’ right from anywhere in the world and is fully compatible with any device running Microsoft Windows or Mac OSX.

Data integrity can be achieved through DNS over VPN, while workforce distribution can become a feasible ‘battleplan’ with the proper remote admin rights management solution.
...

Continue Reading