Antonio Madoglio Director Systems Engineering › Italy & Malta of Fortinet, expresses the position of the cybersecurity company on virtual workplace and firewall.
In June of this year Fortinet conducted a smart working survey involving workers in 17 different countries, including Italy, representing almost all industrial sectors and PA.
It emerged that almost two thirds of the companies interviewed had to move rapidly remotely over half of their workforce. In addition, most respondents said that change was a challenge for their company: 83% said that change was moderately, very, very challenging. While only 3% of respondents said they had not experienced any difficulties in this transition phase.
The transformation of the remote working environment, the increased dependence on the use of personal devices and the overall influx of workers outside the company network have led to increased exposure to cyber threats, including phishing and business compromised emails (BEC), supported campaigns 60% of companies have revealed an increase in attempts to violate cybersecurity in the switch to smart working, while 34% have reported actual breaches in their networks.
Defense strategies must be adapted taking into account the extension of the network perimeter within the domestic walls: as expected in recent months, there will be a transition to smart working in the long term. Almost 30% of companies expect more than half of employees to continue working full-time at a distance even after the pandemic. Almost all companies plan to invest more to ensure remote work in the long term. Almost 60% of companies in the next 24 months will spend more than $250,000 on smart working investments.
With a peak of employees remotely connecting to the corporate network and an increase in attempts to breach and cyber attacks, companies have stated that the most challenging aspects of this transition are secure connections, business continuity and access to business-critical applications. At the time of the survey, companies had already invested in innovative technologies following the pandemic. Almost half of the companies have invested further in VPN and cloud security, while almost 40% have been more focused on hiring qualified IT professionals or network access control (NAC).
Most companies interviewed intend to make unplanned updates of existing systems in the future to ensure safety. Many of them also plan to implement new technologies that are not yet in use. Only 40% of organizations had a business continuity plan before the pandemic. Yet, as a result of Covid-19 and the rapid transition to smart working, 32% have invested further in this area.
Survey data reveal that there are several areas that could be further improved to ensure a secure remote connection. These areas include:
Multi-factor Authentication (MFA): The survey revealed that 65% of companies had VPN solutions before the pandemic, but only 37% had Multi-factor Authentication (MFA). Although VPNs play an important role in securing a secure connection, they are only part of access security. Therefore, if they are not already present, it is good that companies take into account the integration of the MFA into their remote security strategies. Endpoint Security and Network Access Control (NAC): 76% and 72% of companies plan to update or adopt NAC solutions or endpoint detection and response (EDR) respectively shortly. As employees work remotely, companies must monitor the inflow of unreliable devices on their networks to allow this working mode, which is a further challenge to safety. By adopting NAC solutions, IT teams gain greater visibility and control over users and devices on their network. EDR solutions offer advanced real-time protection from endpoint threats both before and after the attack. Software-defined Wide-area Networking (SD-WAN) for the home environment: 64% of companies plan to update or adopt the SD-WAN, specifically for home offices. The critical advantage of extending SD-WAN secure features to individual smartworkers, especially super users, is that they can enjoy remote on-demand access and dynamically scalable performance regardless of the availability of the local network. Secure Access Service Edge (SASE): 17% of organizations invested in SASE before the pandemic and 16% later. However, 58% expect to invest in SASE to some extent in the future. Although SASE is an emerging business strategy, it is increasingly recognised as an opportunity to combine network and security functions with WAN capabilities to support the dynamic and secure access needs of today’s companies. Qualified security professionals: at the beginning of the pandemic, only 55% of companies had enough qualified IT personnel to ensure safe transition to distance work. And while 73% of companies have declared their intention to invest further in skilled IT workers over the next 24 months, the shortage of IT security professionals with skills could be a challenge.
Fortinet, the situation today and what measures it is good to take
With the sudden transition to smart working in widespread mode in the first months of the year, many people who were used to working in the company found themselves working from home, and in many cases with devices that were not controlled. Some employees had a VPN client, but many still had to be enabled to access from the outside. Things are changing now.
IT staff often have the tools to remotely access even after hours in secure mode, adopting software that prevents the PC from communicating outside the company: the infrastructure in this case is designed to work safely, both for the end point and for the end point. This approach, before only a few, is now adopted by many companies, of all sizes. Technology to ensure secure access to the company is a well-established practice. What has changed, in pandemic times from Covid-19, is that from one moment to the next, smart working has become a decisive part of our lives: we work from different devices, and it is good to take the correct precautions.
If your PC is also used for home purposes, for example for online gaming, it is important to have devices that allow you to create virtual environments, a sort of virtual operating bubbles. They are considered ‘virus-immune’ and other: they create an ideal environment, a real virtual workplace. In this case there are ad hoc software that are installed on devices and on PCs, which create a controlled environment. To give an example, you cannot enter a flash drive and exchange data, but only strictly necessary communications are allowed. According to Fortinet’s manager, this technology, on the company side, is implemented through firewalls/VPNs that verify the identity of the user through tokens or other methods based on digital certificate or biometric authentication techniques such as fingerprint or fingerprinting. Authentication with one-time password is very common, as is the case for example when accessing home banking applications.
According to Fortinet, the firewall in the company checks the identity of users, checks that the PC in use is enabled and sufficiently protected and restricts the access permissions to the internal infrastructure strictly necessary. All communications are encrypted, remain confidential. Verifications on the device in use (e.g. verification of the presence of an updated antivirus software) may also be required or the device may be prevented from communicating outside the company domain.
The implementation of remote access infrastructure is something that has been available for some time now, it is not a novelty of today. The novelty of the last few months is that those who already had this infrastructure had to upgrade it to allow access to the whole company, potentially tens, hundreds sometimes thousands of people at the same time.
Among the next generation firewall solutions, Fortinet proposes FortiGate, a VPN concentrator that welcomes encrypted communications from the outside, a scalable solution and available in a hundred models depending on how many people need access to Fortinet’s firewall has the ability to remotely identify users, posturally control the device, deliver strong authentication, including integrating authentication systems already in the company through our FortiAut
The Fortigate itself, thanks to SD-WAN techniques, is able to optimize the use of the available Internet band by dynamically choosing the best or most download line according to the application required.
To build such a structure, Madoglio concludes, we suggest customers to have Forticlient on board the PC. This is an application that allows you to open the encrypted channel to the company, verify vulnerabilities, impose rules for surfing the network, totally similar to those that the employee should respect if he were physically in the company. This increases the level of security of the virtual workplace, making the experience of smart working very similar to that in the office.