Risky Business: Securing remote access in the era of hybrid work

In the epic 1983 Tom Cruise movie, Risky Business, the tagline is “There’s a time for playing it safe and a time for risky business.” Today, in a world that requires secure remote access? capabilities more than ever before, this is definitely the time to play it safe.????

In the post-pandemic world, the landscape of how employees, business partners, supply-chain vendors, auditors, and other folks work with your organization – and access sensitive systems and data from outside the ‘walls’ of your organization – has dramatically changed. The need for remote access has surged, and the different types of remote access needed have increased significantly: This has created a larger attack surface and generates considerably more risk for businesses.??

The biggest challenge for many customers is that the preexisting remote access technologies – whether Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) – have not significantly advanced to protect against today’s threats. You can see the significant impact that these gaps and vulnerabilities create:????

• The Ponemon Institute 2024 Cost of a Data Breach report stated that compromised credential attacks are costly for organizations, accounting for an average USD 4.81 million per breach.?

• 3 in 5 ransomware attacks targeted remote access tools in 2023, as reported by cybersecurity insurance firm At-Bay?

• And, also in 2023, phishing attacks increased by 67%, primarily targeting remote workers?

?

Now, while it’s one thing to have Tom Cruise jubilantly slide through the living room in his socks on the movie screen, it’s entirely a different matter when a bad actor slides jubilantly into your organization through an outdated and insecure remote access method.??

Silly summer analogies aside, it’s time to take steps to de-risk your business by investing in secure remote access technologies so you can play it safe(r).???

?

? Secure remote access is essential to Identity Security maturity??

The need for remote access is not going away. Remote staff need immediate privileged access to systems to keep operations running. IT teams handle technical troubleshooting, configuration, patches and upgrades, development, testing, and more—all remotely. Meanwhile, business users, business partners, and supply chain vendors need continuous access to applications, databases, and workflow tools to support your business.?

Managing this onslaught of remote user requirements is challenging for IT and security teams who are already overwhelmed by an increasingly complex and siloed landscape. Processes that create a unique identity for each user on each system will soon become untenable. On the flip side, a system that encourages shared identities, privileged accounts, and passwords makes it impossible to enforce principles of least privilege and zero-trust best practices. This approach is also unable to provide the tracking of individual privileged behavior that auditors and compliance regulations require.?

Traditional approaches to remote access are flawed??

VPNs and RDP approaches are seriously flawed and drag along numerous vulnerabilities and challenges.??

Challenges with VPNs?

VPNs have been used by businesses for decades to enable remote access. At one point, VPN was the most secure and advanced option available to businesses that needed to support a remote access model. There are, however, a few big issues presented by VPNs:?

• Security Risks: VPNs grant excessive access, increasing data breach risks and enabling lateral movement for attackers once they are ‘inside’ your organization. On top of this, inadequate password management and a lack of access controls lead to unauthorized access and a lack of accountability.? ?

• Operational Issues: When VPNs undergo maintenance, the organization is vulnerable, and business can come to a standstill and lose revenue.?VPNs also need to be set up, which delays provisioning, and they need to be maintained, which can increase costs.? ?

• Governance issues: VPNs often lack granular controls, providing all-or-nothing access to the entire network. They do not offer detailed management of individual users, devices, or applications, leading to potential security risks. Additionally, VPNs typically lack contextual access, comprehensive monitoring, and adaptive policies. ? ?

Challenges with RDP?

RDP is a network communications protocol that was developed by Microsoft. It allows users to connect to another computer from a remote location.?All current Windows operating systems come with a built-in RDP server, and Microsoft also uses RDP in its Azure cloud-computing solution to allow users to access virtual computers.? Other operating systems also provide RDP support for remote access.??

• Security Vulnerabilities – RDP has many known security issues and vulnerabilities, such as:?

• Weak credentials make RDP vulnerable to brute force attacks?

• RDP uses port 3389, which exposes networks further to cyber threats???

?

Ditch your VPN, chuck out RDP: De-risk your business with these best practices?

The perils of VPNs and RDP are clear – and they are more than a little alarming. This begs the question, “What should I be looking for in a remote access solution?”? By following the following best practices, you can put yourself on a smoother path and play it safe.??

-Centralize and Secure Remote Access?

There’s good news! You can provide remote users with secure access, while providing centralized control and agentless session oversight, without using a VPN. Look for solutions that will allow you to minimize external device risks, and that will provide a centralized UI for easy access and session management. Solutions that provide agentless session recordings also enable improved security and support for compliance – without introducing an additional component for you to manage and maintain. ?

- Reduce Remote Access Vulnerabilities?

Consider a remote access solution that provides segmented, site-specific controls that can help you contain breaches – and prevent bad actors from landing and expanding. You’ll want to look for a solution that:??

• Restricts visibility to the essential credentials to establish a session?

• Enforces least privilege for credentials, servers, and applications?

• Supports multi-site architecture and segmented network access?

• Uses logical sites and associated secrets to contain breaches within isolated segments?

These capabilities will help reduce vulnerabilities compared to more outdated approaches, while centralizing access management and streamlining control.??

-Work Smarter, not Harder, Supporting Audit and Compliance?

Standing privileges should be a thing of the past, like the 1980s. Solutions that provide least privilege and access verification are the way to go. Additionally, look for solutions that leverage AI to help speed time to value and reduce complexity for your teams: Supporting auditing efforts in this way, where browser-based live session monitoring collects the auditable data, and AI is able to then analyze privileged sessions and flag unusual behavior, is a much more efficient way to gain visibility into what’s happening in your environment. Modern secure remote access solutions will allow your teams to work smarter, not harder (or more manually), to support compliance efforts and boost verified access.??

-Enable Secure Use of Remote Applications??

Securing applications on Windows desktops is still a major requirement for organizations. Ultimately, you want a solution that will enable users to only use certain applications (maintaining the concept of least privilege), even on target Windows desktops. The goal is to:??

• Share applications on specific machines without needing licenses for all users.?

• Reduce application deployment and lifecycle management burden.?

• Allow users on other operating systems to use Windows-specific software.?

By securing access to remote applications in this way, security teams are able to centralize applications (reducing license and maintenance costs), secure sensitive data on protected servers (simplifying updates and reducing risk), and simplify and streamline remote work with seamless application access.??

The Delinea Difference and Delinea Privileged Remote Access?

Delinea enables effective Identity-first security, delivered via a cloud-native, elastic and scalable platform. The platform provides:?

• Observability that provides end-to-end visibility to discover all identities, vault, and manage credentials across cloud and on-premises environments?

• Control with dynamic privilege to secure access and assets and reduce the attack surface?

• Adaptability using real-time adaptive security and identity-specific threat-detection analytics to respond to changes in the environment?

• A cloud-native environment to accelerate return on investment, lower total cost of ownership, provide continuous uptime, and support effortless upgrades?

?

Delinea Privileged Remote Access (PRA) is delivered on the Delinea Platform. PRA automates remote access management and helps you enhance security and ensure seamless usability when allowing remote users access to servers and other systems within your network. You can confidently embrace third-party vendors, contractors, and a remote workforce with the required level of security controls.??

When using PRA on the Delinea Platform, PRA is tightly coupled with Delinea Secret Server. PRA can leverage Secret Server’s robust vaulting and role-based access control capabilities to provide secure, integrated and centralized access for a remote workforce.??

Delinea Privileged Remote Access supports the ability to inject credentials (so that people don’t actually see the credentials), rotate credentials, and not rely on credentials access. Delinea Privileged Remote Access combined with Delinea Secret Server enhances security by providing VPN-less remote access with centralized control and agentless session oversight, while securely managing and vaulting privileged credentials. This integration creates greater efficiency for security teams, while reducing risk exposure and helping prevent lateral threats. In addition, AI-driven logging and live-session monitoring enables teams to support compliance requirements more quickly and easily than in the past.???

Put your (Delinea) socks on and slide on over to join our customers-only Secret Society webinar on September 5 to learn more about PRA and how it can be combined with Secret Server on the Delinea Platform to speed time to value, streamline Identity Security, and deliver more secure outcomes. ?