BLOG

Work from home / remote access securely

Current Scenario

Personal computers and the high-speed internet have made it possible for many people to work from their home instead of their offices.

Working from home brings joy of escaping from the issues of long commute for the employee besides family members being close by and enterprise feels relatively lesser maintenance costs of the infrastructure. With high speed network connectivity, employees also prefer to work from home partly, feeling to improve the work-life balance. Technically two different scenarios come to the forefront here.

Currently, the organizations are mostly using passwords with two factor authentication (2FA) by using e-mail, SMS to provide better security to the accounts. But these are also vulnerable to attacks.

  • Working with organization provided laptop
  • Working with personal laptop

In both the cases, employees have to access the enterprise network for the required resources. Either it could be the enterprise private network or the cloud network.

The organizations are currently spending lot of money on subscription-based VPNs to connect to the organization network. And there are many challenges in monitoring the laptop's health status used by the employee in a periodic timeline.


Challenges

IT team invests more time on employee system configuration with user rights, installation and firewall configuration many more, causing additional efforts on the organization. When employee logs from an untrusted network, be it home Wi-Fi or public Wi-Fi, there are risks associated with the personal devices linked on the same network.

A few security risks with the concept of remote working are listed below:

  • Vulnerabilities from different browsers
  • Untrusted software usage
  • Carefree usage of enterprise computers for personal indulgence
  • Social and networking activities

In order to mitigate various risks, the enterprises must implement adequate security policies & solutions to make a win-win situation for both the employee and the employer. Ensurity offers its’ solutions to address the above challenges.


Ensurity Solutions

  • For enterprise provided laptops: Secure user account authentication with ThinC-AUTH
  • For personal laptops of User: Secure remote connections to organization with ThinC-COMPUTE

ThinC-AUTH

  • ThinC-AUTH is a FIDO2 certified biometric security key. The Security Key is designed, developed and realized with ‘Privacy & Security’ as core and is built using powerful & trusted embedded hardware components and with fingerprint module. ThinC-AUTH is Microsoft approved Security Key for passwordless login.

  • ThinC-AUTH security keys are built with state-of-the-art biometric touch sensor from a leading OEM. Biometric fingerprints obtained from sensor are completely encrypted, securely stored and confined to the device. Fast touch biometric engine quickly matches & recognizes enrolled fingerprints to unlock ThinC-AUTH. Fingerprints and digital identity remain private on device and protected by advanced encryption.

  • ThinC-AUTH security keys provide the benefit of fast login and a strong protection against phishing, account takeover as well as many other online attacks. Simply plug the key into a USB-A port; and according to the login procedure, touch the fingerprint sensor on the key to complete the login process and gain access to the account.

  • ThinC-AUTH security keys are compatible with the latest version of major web browsers where WebAuthn is integrated, and works seamlessly on many online services like Microsoft, Google, Dropbox, GitHub, Twitter and many more.

  • In addition, enterprise users comprehend the benefit of secure, simple and seamless passwordless login with Single Sign-On (SSO) to Azure AD-connected apps and services.

ThinC-COMPUTE

  • ThinC-COMPUTE transforms any PC into a Trusted Computer to access enterprise network – which will be compliant with enterprise policy guidelines, no matter how strict.

  • When enterprises requiring employees to work from home and connecting remotely to the enterprise networks & servers using sanitized operating systems. Personal laptops are typically of high-risk potential because of the complexity of internet browsing practices in an insecure work environment. ThinC-COMPUTE sets aside the personal hard drive and loads the enterprise’s sanitized OS in read-only mode, thus utilizing only the compute power of the Laptop, yet through a sanitized environment.

  • Malware/Virus cannot be installed on the read-only operating system. Even the temporarily content on the RAM will be flushed out when the device is rebooted. With appropriate server binding, VPN access and network & firewall configuration, enterprises can limit the sources of malware and viruses.

  • ThinC-COMPUTE can perform secure remote administration using sanitized OS packed with advanced admin tools required for the remote support team. With its AES-256 hardware-based encryption the data at rest is secure. The device is configurable for Auto-Lock / Self-Destruction timer in case of unauthorized authentication attempts. Designed in compliance with FIPS 140-2 Level 2 standards.

  • Optional encrypted partition for storing data during operations. Partition will be unlocked only against fingerprint authentication. Partition accessibility can be locked to the sanitized OS.

ThinC-AUTH

  • ThinC-AUTH is a FIDO2 certified biometric security key. The Security Key is designed, developed and realized with ‘Privacy & Security’ as core and is built using powerful & trusted embedded hardware components and with fingerprint module. ThinC-AUTH is Microsoft approved Security Key for passwordless login.

  • ThinC-AUTH security keys are built with state-of-the-art biometric touch sensor from a leading OEM. Biometric fingerprints obtained from sensor are completely encrypted, securely stored and confined to the device. Fast touch biometric engine quickly matches & recognizes enrolled fingerprints to unlock ThinC-AUTH. Fingerprints and digital identity remain private on device and protected by advanced encryption.

  • ThinC-AUTH security keys provide the benefit of fast login and a strong protection against phishing, account takeover as well as many other online attacks. Simply plug the key into a USB-A port; and according to the login procedure, touch the fingerprint sensor on the key to complete the login process and gain access to the account.

  • ThinC-AUTH security keys are compatible with the latest version of major web browsers where WebAuthn is integrated, and works seamlessly on many online services like Microsoft, Google, Dropbox, GitHub, Twitter and many more.

  • In addition, enterprise users comprehend the benefit of secure, simple and seamless passwordless login with Single Sign-On (SSO) to Azure AD-connected apps and services.

ThinC-COMPUTE

  • ThinC-COMPUTE transforms any PC into a Trusted Computer to access enterprise network – which will be compliant with enterprise policy guidelines, no matter how strict.

  • When enterprises requiring employees to work from home and connecting remotely to the enterprise networks & servers using sanitized operating systems. Personal laptops are typically of high-risk potential because of the complexity of internet browsing practices in an insecure work environment. ThinC-COMPUTE sets aside the personal hard drive and loads the enterprise’s sanitized OS in read-only mode, thus utilizing only the compute power of the Laptop, yet through a sanitized environment.

  • Malware/Virus cannot be installed on the read-only operating system. Even the temporarily content on the RAM will be flushed out when the device is rebooted. With appropriate server binding, VPN access and network & firewall configuration, enterprises can limit the sources of malware and viruses.

  • ThinC-COMPUTE can perform secure remote administration using sanitized OS packed with advanced admin tools required for the remote support team. With its AES-256 hardware-based encryption the data at rest is secure. The device is configurable for Auto-Lock / Self-Destruction timer in case of unauthorized authentication attempts. Designed in compliance with FIPS 140-2 Level 2 standards.

  • Optional encrypted partition for storing data during operations. Partition will be unlocked only against fingerprint authentication. Partition accessibility can be locked to the sanitized OS.

Conclusion

The concept of work from home / remote users is increasingly being adapted by enterprises for a strong reason of giving a fringe benefit to the employee’s and also as a concept of work-life balance, but it should not mean at the cost of the enterprise security. Ensurity brings variety of solutions suitable in this context, so that organization information is not at the risk while employees do their job from home/remote location.

It is well understood now that enterprises which implement strong MFA solution will mitigate 99.99% of phishing attacks and 40-50% of ransomware attacks.

Protect the organization’s resources access with the accurate hardware security key. ThinC-AUTH suitable for organization owned devices and ThinC-COMPUTE is suitable for personal devices which will be used to access the enterprise resources.

Ensurity has MFA (Multi-Factor Authentication) solutions which might suit to different use cases. Visit https://www.ensurity.com/ to know more about Ensurity and its products.

Speak to a security expert to find out how we can help you. Clik here