In this lock-down period we have all seen a massive growth in virtual private network (VPN) access to our systems. Many of us has seen big changes in the workforce due to furlough and layoffs. I talked about these issues in a recent Osirium webinar.
In general, VPN access is more risky than office based access, and there are some uncomfortable truths about humans and credentials:
The three principles above are a separation of people from credentials, a mapping of peoples identities to roles and the prevention of lateral movement through an IT infrastructure. Simply put, these principles solve all the risks associate with VPN access.
In these lockdown times, teams haven't got the time or budget for complexity or long deployment times. Once you have your access sorted, you have time to breathe. Here's what to do to build fundamental security into what you have. Here's an example "before" diagram, where your users arrive at the VPN, and can then get to where they need (and everywhere else):
Here's the "after" diagram with the users getting to the VPN, and then using Privileged Access Management (PAM) as a gateway to create an Identity to Role mapping:
You'll see there are two secure ways into the corporate network: the VPN and direct web access. In both cases you get the identity to role mapping. The web route is particularly suited to third party access - since this way you won't need to provision them with VPN accounts.
We've presented here a fast route to good security, if you'd like to know more about this or other ways to protect your valuable IT infrastructure, please get in touch.