With the future of work upon us, a spotlight has been cast on the operating systems powering our devices and the applications that we use the most – from instant messaging and video conferencing to basic functions like email.
As a result of the sudden shift to remote work, many organizations have implemented new collaboration and other technologies to make remote working environments easier to navigate for their employees. The added abilities are incredible in contributing to the remote working experience, but it’s important that business leaders understand that any new technology, specific ones that were rolled out company-wide quickly, can expand the organization’s attack surface significantly without proper security processes and policies in place.
The numbers don’t lie; 60% of data breaches in the past two years can be traced back to a missing operating system patch or application patch. It’s generally understood that quickly and effectively deploying patches for standard operating systems that come out of Patch Tuesday each month is part of any sound cyber strategy. But what about other third-party applications? How do organizations implement the right processes to ensure that remote endpoints are as quickly patched as they are when on-prem? What steps and considerations should they be taking and making?
Visibility is key
It may sound simple, but it is difficult to manage and secure assets that you can’t see. For this reason, it’s incredibly important that organizations provide their IT and SecOps teams with real-time visibility into all enterprise endpoints, including operating systems and the applications running on each machine.
By doing so, IT has a clear picture of the systems with software and applications that need to be updated, as well as those that are already updated and secured. This task of inventory control eases the burden of the IT team’s duties by allowing them to focus their attention on the areas that need it.
While realizing this source of truth can be difficult with employees remote, depending on a company’s existing infrastructure and practices, the future of work points to remote workforces being a reality. So it’s on businesses to take the steps necessary to achieve the visibility required to provide the best service to employees as possible, and do so in a manner that takes proper security into account.
VPNs and cloud-native
With organizations forced to adapt at high speed to an increased number of remote employees, most have had to rapidly adapt to this change by moving access to corporate assets through VPNs. While these are incredible tools for providing a secure pipeline back to the organization, most VPNs by design are not built to withstand entire workforces connecting to them, and many IT teams are being forced to deploy security patches and other updates through them all due to legacy security on-premise architecture.
Situations like this have the potential to exacerbate the VPN bandwidth issues that companies are facing because the practice of pushing updates through them simply isn’t scalable.
To provide an example, the average Windows 10 patch package this year is over 400MB in size. For a company with just 1500 endpoints, this amounts to 1 terabyte of data traversing a VPN. Even for small and midsized companies, they’re facing gigabits per second of bandwidth, which could jump to a terabyte easily if there are critical updates to be made.
The bottom line? While VPNs are a long term solution to allow employees to securely connect back to the business, they’re also a short-term fix for the business’ security patching and configuration needs. Organizations should weigh these short-term security benefits against the long term ones that come with a digital transformation to the cloud. By making the strategic decision to embrace cloud-native tools, businesses can scale their IT and security processes across the organization with ease, whether employees are remote or not.
Proactive patching and security configurations
Regardless of how many endpoints you have under management, the operating systems you’re running, or the third-party applications employees use to do their jobs, it is increasingly important that every company has the processes in place to ensure the security of its endpoints and ultimately its assets.
Research shows that adversaries are weaponizing new critical vulnerabilities within 7 days on average, and zero-day vulnerabilities are already weaponized at the moment of disclosure. Yet companies are known to take weeks, and in some cases months, to deploy patches.
Because of this, a 24/72 threshold for endpoint hardening should be the goal of every IT and SecOps team around the world. By eliminating zero-day exploits within 24 hours and other critical vulnerabilities within 72 hours, organizations prevent weaponization, better protect their assets and ultimately reduce their exploitable attack surface.
Achieving this goal comes down to organizations taking the steps necessary to gain real-time visibility into their assets and having the right infrastructure to deploy updates and configurations in a timely manner. When these two requirements are met, businesses are able to most effectively protect their employee systems and the assets that are accessible through them.