Remote Workforce is NOT the New Norm, but “Secure Work Anywhere” Should Be

Jonathan Leach, Principal, Cyber Risk Services, Coalfire

Secure Work Anywhere (SWA) is a new term for an old idea that is quickly becoming an industry standard. The overall principles of SWA are not new, but the risks associated with increased rates of workers connecting from potentially unsecure networks highlight the importance of those principles now more than ever. Although your workers may not always be remote, they should always be secure.

The US Secret Service has warned that COVID-19 email scams are on the rise, Google has discovered dramatic increases in detected phishing sites, and stimulus package fraud emails and websites have been popping up like weeds. Cyber criminals are taking advantage of the COVID-19 crisis amid the public’s fear, panic, and uncertainty, inciting ‘Crimes of Opportunity’ by hosting and/or sending convincing-looking websites and emails with increased success rates.

Securing your workforce starts with treating users, laptops, and all other remote work hardware (desktops, cell phones, tablets, etc.) and software (applications, systems, programs, etc.) as potential vulnerabilities. Generally speaking, workers who are issued laptops are able to connect to an organization’s network and work remotely with little to no loss of functionality . However, few organizations have the necessary security controls in place to even minimally enforce the same security controls used on-site, and fewer still restrict user access while off-site or remote.

The 5 key tenets of SWA are :

  1. Secure the endpoint (laptop/phone/tablet/remote desktop)
  2. Identify and authorize all user access
  3. Secure connection to necessary and specific job-related data
  4. Restrict access until identity is confirmed, user authorized, and a secure connection is established
  5. Limit access and permissions using the Principle of Least Privilege

To ensure the same security controls are enforced whether on or off the corporate network. organizations need to enforce endpoint-based security policies for malware and virus detection . Endpoint device virus and malware tools, detection patterns, and definitions should be automatically updated upon connection to a network and required to be up-to-date prior to connecting to the corporate network.

Organizations should identify employees (and their administrator accounts) by using unique usernames with complex passwords along with multi-factor authentication. Multifactor Authentication (MFA) should be required to establish a secure network connection, and is swiftly accomplished with easy-to-use, integrated applications . Additional MFA tools from separate providers/manufacturers should also be used to further secure and restrict access to an organization’s most critical data. A secure network connection can be established using a Virtual Private Network (VPN) in combination with role-based access controls (RBAC) and/or a software defined perimeter (SDP) that allows organizations to limit users’ access to data, applications, etc., based on “need to know” while preventing access and visibility to everything else.

Enforcing these foundational security principles for all workers with the ability to access the corporate network will ensure that the same (if not stricter) security controls are enforced whether a user is connected to the corporate network or their neighbor’s unprotected Wi-Fi, making Secure Work Anywhere a reality.

Jonathan Leach


Jonathan Leach — Principal, Cyber Risk Services, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS