Posts Tagged ‘employee security’

This is part two in a series of questions related to employee provisioning and VPNs. Earlier this week, we addressed how enterprises can ensure that their provisioning processes benefit their overall security postures. 

Question: Provisioning’s security holes become particularly apparent when remote mobile access users leave a company and enterprises try to apply a one-size-fits-all de-provisioning approach. In today’s mobile, global, 24-hour business world, what de-provisioning tactics are necessary to mitigate security risks during employee transitions?

Joerg Hirschmann: The best de-provisioning approach will be one that does not rely on a singular component to keep up with an organization’s changing needs. For instance, a provisioning process should go beyond the ordinary capability of disabling an account; instead, an organization should use the scalable method of PKI (certificate based authentication), which offers an additional option to withdraw remote access permission by revoking the user’s certificate. Similar offerings are available through One-Time-Password tools, which can also disable specific tokens, for example.

At the end of the day, the quality of the automated process will dictate how effective provisioning and de-provisioning will be.

Stay tuned for more on employee provisioning and VPNs next week. If you have any questions that you would like answered, as related to VPNs, remote access, network security and the likesend them to editor@vpnhaus.com. 

Joerg Hirschmann is CTO at NCP Engineering GmbH

Today’s post kicks off a Q&A series with Joerg Hirschmann, CTO at NCP engineering GmbH. These questions and answers, which we will post over the next few weeks, are related to employee provisioning and VPNs.

Question: While user provisioning can enable efficient employee on-boarding, poor provisioning can result in expensive and irrevocable data leaks. How can enterprises make sure their provisioning is a benefit, not a detriment, to their overall security postures? 

Joerg Hirschmann: VPN user provisioning should be as automated as much as possible to rule out manual flaws, which are often caused by workload, unplanned absences, etc.  However, if not designed properly, even the best automated processes can allow security leaks to disrupt the corporate networks.

Normally, the provisioning process does not originate from the IT department; rather, it is initiated by HR once the decision is made to sign on/off staff or to provide access for external partners (temporary or permanent). Processes will have to be defined accordingly so that these kinds of personnel decisions will find their way into relative data records, which are then processed by IT. Therefore, a remote access solution must provide relevant interfaces to get synchronized with the appropriate databases.

The more time this information needs to be delivered to the relevant system, the bigger the security risks are going to be. It goes without saying that the processes defined need to be thoroughly tested and approved.

Stay tuned for more on employee provisioning and VPNs this week. If you have any questions that you would like answered, send them to editor@vpnhaus.com. 

Joerg Hirschmann is CTO at NCP Engineering GmbH

Dark ReadingHalf Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Midsize Insider  – IT Security Threats: The Predictive Problem 
SearchCloudApplications Mobile cloud trends: Apps let enterprises handle the risks of cloud computing
TabTimes  Study: Forget corporate deployments, BYOD will drive business adoption of Windows 8 tablets

Among many key takeaways from last week’s Interop NY conference, the top-of-mind concern for CIOs, security professionals and other IT stakeholders remains mitigating the security risks associated with BYOD. While organizations that attended the conference recognize that supporting mobile devices in the workplace is inevitable, many admit to lacking the proper infrastructure to secure their mobile users. In fact, a recent industry survey reveals that only 16% of IT shops currently have a BYOD policy in place, increasing organizations’ risk to exposure as a result.

Is the concern revealed at Interop justified? Yes, but it’s certainly manageable. In fact, Rainer Enders, CTO, Americas for NCP engineering,has advocated for remote access solutions that allow businesses to manage the devices their employees are bringing in. Earlier this year, Rainer spoke with Ericka Chickowski, of Dark Reading, on this very topic. Here’s an excerpt from her piece:

According to Enders, too few organizations factor risk into their cost considerations, making it one of the most costly hidden costs if proper precautions aren’t taken.

“In my mind, the biggest hidden cost lies in the worst case scenario–when bigger issues arise like a lawsuit or a major security breach,” he says. “It really comes down to the standard security question about what are the assets. What do I need to protect from a company point of view. My legal situation–how is my IP sufficiently protected. I think that is where the main costs are: This is something that is often overlooked. Companies don’t really do a good job at assessing this kind of risk.”

As such, Enders suggests that organizations start implementing risk assessment formulas into their dollars and cents estimates for mobile costs in a BYOD model. There are other tangible costs that are often overlooked as well, many of which have to do with managing a more diverse infrastructure and enforcing security and privacy policies that will eventually reduce risks.

To read Erica’s full piece, see here: BYOD: How to Calculate Hidden Security Costs.

Today, we join Joe the CIO as he ponders technology investment costs. In particular, Joe can’t help but wonder if there are some expenses related to a recent remote access project that he overlooked — or worse, ignored. This predicament might sound familiar to anyone who oversees technology purchasing. In fact, many don’t realize the majority of accrued expenses pertain to operations and personnel, not hardware and software investments. In Joe’s case, realizing this helped him optimize and ensure the efficiency of his remote access technology, with help from NCP engineering. Want to learn how? Check out this video.