Survey Results Indicate Major Security Concerns with an At-Home Workforce
Hysolate recently polled industry leaders at the FS-ISAC Virtual Summit to get a better understanding of how organizations are addressing access to privileged environments today, and how comfortable they are with their current approaches, especially in the emphasized work-from-home paradigm we all find ourselves in. Survey respondents included over 100 security managers of diverse companies and seniority levels.
Privileged access workstation (PAW) conversations have become more mainstream over the last few years. According to our survey, we found that while only 27% of small organizations (<1,000 employees) have implemented PAW solutions. We’ve seen a much higher adoption rate of PAW solutions in medium (1,000-10,000 employees) and large (10K+ employees) enterprises, at 50% and 60% respectively.
When focusing on the medium-large enterprises, it is interesting to note that despite over half of the organizations already leveraging a PAW solution, more than 55% still expressed concerns about employees accessing privileged environments. That number increases dramatically to 69% when the results include employees accessing those privileged or sensitive environments from home.
These concerns were mostly highly emphasized when surveying large enterprises.In the 60% of large enterprises that already implemented a PAW solution, half of them still had overall concerns about how their employees accessed privileged or sensitive environments, with that number jumping to over 68% when considering work from home employees. However, in the 40% of large enterprises that do not have a PAW solution in place, over 71% expressed concern about how their employees accessed privileged or sensitive environments, with that number jumping to over 78% when considering work from home employees.
PAW and Remote Workers
Companies today are working to remediate concerns over cybersecurity while deploying a remote workforce. The recent COVID-19 situation has greatly exacerbated these issues as security boundaries virtually disappear with the use of home offices and untrusted networks and devices. In light of these trends, it is especially important to look at a PAW strategy for mitigating security concerns around the management and usage of privileged accounts. To alleviate cybersecurity concerns, a PAW can be used to mitigate many of the risks involving remote users.
PAWs can be used to create a limited environment where administration tools are restricted or critical files can be secured from user access. By cutting off general Internet access, the privileged system prevents users from ever visiting risky sites or downloading malicious files that may infect their machine. Even if malware does make it onto the system, it has no way to communicate back out with its command and control server. For physical risks, PAW hardware can be placed in a confined location where intruders would not be able to access the physical machine. There are numerous other ways PAWs can be beneficial and many of the benefits can be leveraged for home workers.
Corporate IT cannot control a home user’s work environment, but offering a PAW machine will limit user access and privileges directly in the work environment where sensitive data is stored. In addition to limited permissions, a VPN can be configured to protect and encrypt data from the PAW machine to the corporate network when users authenticate.
A PAW will not mitigate every cybersecurity concern, but it will reduce risk of data disclosure from home users with limited cybersecurity infrastructure. It might be an additional cost to provide PAWs to remote workers, but it saves money in the end by reducing risk and limiting sensitive data exposure. Users can be restricted to only specific digital assets, and privilege escalation attacks are stopped.