2.  Time it. Do you really need Global Admin rights all the time? No user account should have
                   elevated rights, they should all be standard users. And then, as required, the user can elevate
                   their account to obtain more permissions for a fixed time period.
               3.  Assume breach. The question is not will you be attacked, but when. Therefore, invest in
                   defense as well as detection to help limit the blast radius when a breach occurs.

            Secondly, for remote workers we assume their network is irrelevant (the network cannot be trusted) and
            therefore the remote employee can connect using any method such as broadband, mobile, local WiFI
            and even low-orbit satellites. The key is which device they will use to connect to resources, will the
            organization allow for any device to access all resources or only corporately issued devices to connect,
            or a more hybrid approach depending on the data being accessed. They may require a fully patched
            laptop  to  access  and  pay  invoices  but  are  allowed  to  use  their  personal  iPads  to  access  email,  for
            example. Policies can be created to cover countless possible combinations of home owned, corporately
            owned and corporately issued devices.

            The design process will follow four key steps:

               1.  Identity
                   The most important factor when creating a remote access strategy. How will your employees
                   authenticate? Traditionally, this has been against on-premises services such as Microsoft Active
                   Directory and more recently cloud-based solutions such as Microsoft Entra ID. Many
                   organizations have already implemented multi-factor authentication (MFA) which cuts down on
                   identity attacks by over 99%, but that is almost now a given. For the future we need to look at
                   removing passwords entirely (the biggest risk to becoming compromised) and look at more
                   modern ways of authenticating, such as Passkeys.
               2.  Device
                   Monitor and enforce device health across all the platforms you wish to manage including Bring
                   Your Own Device (BYOD), smartphones and even Internet of Things (IoT) devices.
               3.  Applications
                   An application policy can dictate, for example, which email apps are allowed to connect to the
                   email server, which can monitor Shadow IT, enforce Software-as-a-Service (SaaS) usage
                   policies and apply different access permissions depending on the device type.
               4.  Data
                   Discover, classify, label, encrypt and restrict access based on a policy. This includes unusual
                   data movement and mass storage events that could indicate data egress via USB storage
                   devices, by ransomware and by various cloud storage services.


            The biggest changes for enterprises will be moving to an identity-based perimeter, where nothing is
            explicitly trusted by default – zero trust! Companies will need to implement a wide-scale data security
            program to identify  and  control  access to sensitive  data,  limited to a zero  trust least  privileged  model.
            To be successful these enterprises will need the right employee skills to design, develop and deploy all
            elements of the strategy.











            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          215
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.