To get the best from DevOps, tackle your open source strategy in two dimensions: horizontal and then vertical. Consider this advice on tools and approaches that work
Remote work security: 5 best practices
Experts share five smart security practices for remote workforces – to help you manage risks wisely during a historically difficult time
4. Consider SaaS tools to ease your VPN burden – with caveats
If your organization is already a significant user of cloud-based services, that will be helpful, according to Wilson from SAS, particularly in terms of reducing infrastructure burdens when everyone is working from home.
“The biggest thing to keep in mind is that, as the industry shifts to software as a service, there is less need for your employees to be directly connected to your network through a traditional VPN connection,” Wilson says. “This is good for lessening the load on overwhelmed VPN endpoints.”
This comes with a potential tradeoff, though, from a monitoring and visibility standpoint.
“[This] may be bad news if you rely on the visibility gained through traditional network security tools or proxy solutions. Making sure your security technologies remain effective on or off of the network is essential. Teams need to ensure they remain in control of web filtering, patching and AV updates for systems that may be off of the network for weeks at a time.”
In addition to core security technologies, work to retain visibility as much as possible, even as your teams become far more distributed.
“IT leaders should ensure that there’s appropriate visibility from a security monitoring perspective, whether it’s new laptops out in the field for the first time, or cloud infrastructure that delivers critical services,” says Matt Wilson, chief information security advisor at BTB Security. “The next step is to make an assessment of how data access has changed, and consider how users might get creative as they look to accomplish work tasks in different ways, [such as] non-sanctioned usage of cloud services.
5. Audit your current tech stacks
Now is probably not the time to be introducing a bunch of new tools into your organization, unless they’re essential to keeping a suddenly remote staff productive, says Gamblin from Kenna Security. But it is a fine time to evaluate what’s already in your IT portfolio.
“You want your technology and security stack to be as stable as possible during these times so introducing new and untested tools right now is likely not advisable,” Gamblin says. “It is, however, a good time to go back and do an audit of your technology stack to make sure everything is operating as it should, and that you are collecting the right amount of logs and data you may need for troubleshooting or an investigation.”
The current situation brings the phrase “stress test” to mind. In particular, look for weaknesses that result from people and technology moving (abruptly, in many cases) off of your network.
“Do both your incident response plan and logging strategies continue to be effective for systems off of the network?” Wilson from SAS asks. “Take time to analyze the efficacy of your overall security program to make sure off-network devices are accounted for and properly scoped into your plan.”
[ How can automation free up staff time for innovation? Get the free eBook: Managing IT with Automation. ]