Hybrid cloud, VPN and VPS – what is it for:
A persistent recent trend regarding remote working involves the right approach to securing components of corporate systems and networks, such as hybrid cloud, VPN and VPS. A comprehensive approach to security measures is being taken to ensure the reliable and stable operation of companies’ IT infrastructures.
Over the past year, statistics show that the growth of access attempts through remote services of companies, in different countries, ranges from 40 to 130%. Many of them, only due to the number and sharply increased professionalism of cybercriminals (due to the use of services of free, dismissed at the beginning of the pandemic) achieve their goals. This amounts to tens and hundreds of millions of dollars per month on a global scale. And just from the leaked data to the press. And how many of the companies have just quietly settled with the extortionists? No one wants to ruin their reputation…
That is, you need a comprehensive plan for organizing a security and remote access strategy.
So, here’s a list of basic remote access security measures and general requirements:
1. Update the company’s security policy (for each employee, no matter where they work geographically or functionally);
2. Maximum use of cloud applications (no matter what the user has going on, even if he connects to send an urgent report over unprotected WiFi – the level of protection of the cloud is much higher than that of his home or even work laptop);
3. Be sure to use at least two-factor authentication (this point is probably annoying to all by how often it’s mentioned – which, however, doesn’t prevent most companies and users from ignoring it);
4. Also, mandatory use of a virtual private network (VPN will reduce the risks of connecting over insecure connections);
5. Proper understanding and use of strong and different passwords (the practice of using the same password reduces the security of accounts many times over);
6. Updates to operating systems and programs on users’ computers (just in case – you can install updates with a delay of 3-5 days if you don’t trust all updates indiscriminately, which, however, should be solved simply by a properly configured backup);
7. Monthly full automated software audits of clouds and employee remote access devices. This can be done in report mode with placement in a database for analysis. Which, however, is virtually no different from unauthorized auditing tools on the part of cybercriminals. The only difference is that they do it and many companies don’t. As a result, they know more about security breaches than they should;
8. Properly limited information personally on each company employee;
9. Hybrid cloud penetration audits with VPN and VPS loop resiliency tests. Better if at least once a quarter, outsourcing to cybersecurity specialists;
10. Ongoing literacy training. This is in the realm of digital hygiene and security among company employees (also, at least quarterly).
Of course, you could outline a couple dozen more narrowly tailored points for hybrid cloud, VPN and VPS. However, using this checklist to protect yourself will reduce the risks quite noticeably.
There are such new systems, at the implementation level – for example, the concept of Cisco access at the zero-trust level. Also extremely interesting perspectives on the use of APIs to authenticate both the user and the programs, and even processes…