Embed Size (px)
Citation preview
Webinar: Secure Remote Work Solutions
We will begin shortly. All participants are on mute.
To ask a question please use the Q&A and chat features
Speakers
Antonis Paravalos
Senior Network Engineer
Dimitris Kyriakidis
Technology Services
Manager
Fotis Pantazis
Solutions Architect
Agenda
Technology Issues
Situation & Going Forward
Telecommuting Solutions
Virtual Desktop Infrastructure Solutions
Digital Workspace
Q & A session
Imagine you walk into work one day
and realize that suddenly 80% of
your users need to work from
home.
ASAP
Why are we here?
…NOW WHAT?
Users Suddenly
Working From Home?Three areas you need to think about
Physical
Cultural
Technological
• Home office setup
• Quiet place
• Ergonomic considerations
• Maslow's Hierarchy of Needs
• Remote workingpolicies
• Communications Mechanisms
• Encourage Video calls
• Device Choices
• Tools andtechnology
• Capacity Planning
• Internet Bandwidth and Latency
• Remote Support
4
What TECHNOLOGY Issues Could There Be? (1/3)Home technology issues
Do the users know how to work from home?
Do they have a work
or home computer?
Can their computer even
run the apps that are
needed?
Have you implemented endpoint
scanning that might disqualify
users’ personal home
computers?
Do you already have a
VDI/RDS solution in
place?
Can their ISP’s neighborhood node handle the entire
neighborhood working from home at the same time?
6
What TECHNOLOGY Issues Could There Be? (2/3)Corporate technology issues
Can your VPN supportthe
number of new remote
workers?
Can your VDI/RDS/remote app platform
support the number of new remote
workers?
Does your corporate location have enough
bandwidth to support the increase in VPN
tunnels, VoIP, etc.?
Do you need to relax security
requirements to allow more types of
home workers?
What about remote support?All these new home workers will need help getting set up to work from home
Does your helpdesk have the capacity for this increase in call volume?
Where are your helpdesk workers going to work?
• If they will also work from home, can you forward calls to their homes?
• Will their support apps work from their homes?
Does your helpdesk have the ability for remote control / remote support?
What TECHNOLOGY Issues Could There Be? (3/3)Support technology issues
Situation & Going Forward
What we are seeing + reading What we are delivering NOW What we are hearing for LATER
• Consensus:
• Still adapting but newly expanded Attack
Surface is a consideration to deal with in
following period.
McKinsey:
Cybersecurity strategies for the
coronavirus crisis
“Work-from-home technologies,
heightened activity on customer-
facing networks, and greater use of
online services all present fresh
openings, which cyber-attackers have
been quick to exploit."
“CISOs may need to tolerate slightly higher risk in the short term by
granting waivers or temporarily
relaxing some controls." AND“Thatsaid, CISOs shouldn’t allow these exceptions to weaken an
organization’s risk posture permanently."
Situation & Going Forward
Questions:
1. Maintain? —Are you going to pull everyone
back in?
2. Consider:
• Will COVID-19 reappear
(endemic)? Possible (sources)
• WFH Success: Maybe keep
some capacity as standard
• Trends: Downturn, flexible
HR, BPO, etcetera
• New BCP requirements and
capacity <— Opportunity
Situation & Going Forward
Today +next weeks
Objective:
Get up to basic
capacity at a
reasonable
security level
How to achieve "Today" while not wasting"October"
October& Beyond
Objective:
Maintain (?)
new capacity,
get back risk
posture before
COVID-19
Telecommuting Solutions
Secure Remote Access
Solutions
Secure VPN Access02
HTML5 VPN Access03
One Time Password
Mechanism04
Traditional VPN Access01
Traditional VPN Access
Secure VPN Access with Fortinet
FortiClient
FortiClient Enterprise Management Server
Managing endpoints, such
as status, system, and
signature information.
Remotely deploying
FortiClient software.
Updating profiles for endpoint
users regardless of access
location (antivirus, web
filtering, VPN e.t.c)
Administering FortiClient
endpoint registrations
Secure VPN Access with Sophos
Secure VPN Access with Sophos
Sophos Central management platform
Sophos Intercept-X
ANTI-EXPLOIT
MACHINE LEARNING
ANTI-RANSOMWARE
MALWARE REMOVAL ROOT CAUSE ANALYSIS
Secure VPN Access with Sophos
Sophos RED
Secure VPN AccessPros and Cons
Ease of Configuration
Instant Delivery with a Virtual
Appliance
Needs employees effort for the
deployment
For easiest deployment needs a
corporate laptop
Pros Cons
Low Cost
It can combined with an endpoint in the
same client
HTML5 Remote Access
HTML5 Remote AccessPros and Cons
Ease of Configuration
Instant Delivery with a Virtual
Appliance
Only for specific protocols (HTTP/HTTPS,
Remote Desktop)
To use applications without Web
interface needs to gain remote desktop
access to employees workstation
Pros Cons
Ease of Deployment
Low Cost
One Time Password
Virtual Desktop Infrastructure
VDI can be used to
securely deliver any
windows/linux
desktop and
application to any
device.
The Problem with Managing Physical Desktops and Apps
Manage
image
Manage
Applications
Test Deliver Install Rollback
Remove
Image Infra Delivery Infra
Machines User
TOO COMPLEX TOO SLOW TOO MANY BREAKPOINTS
Easy desktop and application
management
VDI centralizes end users desktops and applications in the datacenter, so IT can efficiently provision new clients, centralize desktop management, and improve security and compliance and is based on 7 key pillars
Windows/Linux
Desktops and
Windows Apps
From a Single
Platform
Scale to
thousands of
users in minutes
Great User
Experience
From ANY device
Including
VOIP/webcams/
collaboration
tools
Smart DLP
Policies
(clipboard,
Printing,
File transfers,
Watermarking)
SDDC
Integration
Complete
Environment
and Bandwidth
Management
Flexible Delivery
On-premise
Hybrid
Cloud
Internal/External
Users
Digital Workspace
Device Choice
Flexible Workstyles
Apps Everywhere
Employee Productivity Demands are dissolving the Perimeter
COVID-19
Covid-19 forced companies to expand outside their perimeter within days , bypassing security.
Lack of Visibility Increases Complexity and Cyber-Threats
Device Choice
Flexible Workstyles
Apps Everywhere
Service Delivery Silos Exist in IT
• iTunes
• Apple ID
• App Store
• Corporate Email
• Corporate Files
• Gmail Account
• Google Play
• Corporate Email
• Corporate Files
• AD/Azure AD
• Office 365
• Update Service
• SCCM
• VDI (Citrix/VMWare)
• Physical Desktops
• Office 365
• Salesforce 1
• Concur
• Workday
• Slack
• Dropbox
• Docusign
Mobile Team Desktop Team LOB
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
Service Delivery Silos Exist in IT
• iTunes
• Apple ID
• App Store
• iWork
• iCloud
• Gmail Account
• Google Play
• G Suite
• Google Drive
• AD/Azure AD
• Office 365
• Update Service
• SCCM
• VDI
• Physical Desktops
• Office 365
• Salesforce 1
• Concur
• Workday
• Slack
• Dropbox
• Docusign
Mobile Team Desktop Team LOB
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
Digital Workspace Platform
Growing Gap Between Experience and Security
EXPERIENCE SECURITYChoice and Flexibility
Apps Everywhere
Cloud-Based Delivery
Siloed Solutions
Restrictive Policies
Perimeter-Based Security
Requirements for The Digital Workspace
WIN 10 / MAC / ChromebookiOS / Android Rugged/Connected Things
All AppsExperienceModern
ManagementInsights Automation
Traditional security - internal access
Static viewpoint on security
Domain Joined Username/PWInside the perimeter
(internal users)
Security
Traditional security - external access
Static viewpoint on security
Domain Joined Username/PW
Security
Multi-Factor
Authentication
Access to internal
resources using VPN
Non-Domain Joined
or
Devices compatible
with VPN Solution
VDI Security – internal/external access
Static viewpoint on security
Any Device / Any OS Username/PWVDI Session Protection
(DLP*)
Security
Multi-Factor
AuthenticationMicrosegmentation
*DLP ->copy paste,file transfers,printing,watermarking
Zero Trust Security
Multiple layers of trust to be constantly/frequently verified
Device Trust User Trust Transport/Session Trust Application Trust
Zero Trust Security
Data Trust
Visibility and Analytics
Automation and Orchestration
Achieving Zero Trust with Digital Workspace
Device Trust User Trust Transport/Session Trust Application Trust
Zero Trust Security
Data Trust
Device Management
Device Inventory
Device Compliance
Device Authentication
Passwordless
Authentication
Multi-Factor
Authentication
Conditional Access
Dynamic Risk Scoring
Micro Segmentation
Transport Encryption
VDI Session Protection
Per-App VPN
Single-Sign On
Isolation
Any Device Access
Protecting Data at Rest
DLP
Classification
Visibility and Analytics
Automation and Orchestration
Q & A
Thank you & Be Well!
