FINANCE

Secure remote access, everywhere

When working remotely is a necessity

Route1 Secure remote access

The largest work-from-home experiment in history—forced upon us by the recent coronavirus—taught us to change the way that we approach many aspects of doing business. From remote customer solutions, to rethinking office space and meetings, to the design of corporate security architecture, lessons all stemmed from the requirements of physical distancing.

Work-from-home is, of course, where frailties in cybersecurity and network architecture became exposed and turned into liabilities. Like their colleagues in many other industries, financial industry IT teams turned to that 1990s technology, the virtual private network (VPN), as the workhorse that would keep the data of suddenly-remote workers—nearly the entire workforce—secure. It was a stopgap approach that leveraged a legacy technology already in place and, for want of time more than any other factor, ignored the strategic need to transition to zero-trust, identity-centric security.

1990s IT to the rescue

One issue that remote workers and IT staff alike noticed with VPN right away was that traffic slowed to a crawl. That’s because at the office, the cybersecurity stack handled most of the Internet traffic. With just a few remote users at a time, the VPN was never a chokepoint. Employees simply connected to a cloud application from the office, utilizing very little bandwidth in the process. The cybersecurity stack provided verification, and off you went.

When employees connect to a cloud application from home with VPN, they create a secure tunnel across the public internet to a centralized VPN at the office, which then creates a secure tunnel across the public internet to the desired cloud application. It’s an inefficient workflow that quickly overloaded VPNs and made them susceptible to things like distributed denial-of-service (DDoS) attacks.

 

Route1 Secure remote access

Furthermore, threats have changed. The Financial Services industry now handles personal identifiable information (PII) of their clients, trade secrets, and the movement of large sums of money digitally. Beyond the serious concerns of cyberattacks, the mishandling of this data can result in violation of stringent regulations including the General Data Protection Regulation (GDPR) and the Gramm-Leach-Bliley Act (GLBA), opening the firm to financially and reputationally damaging fines.  

1990s IT to the rescue

One issue that remote workers and IT staff alike noticed with VPN right away was that traffic slowed to a crawl. That’s because at the office, the cybersecurity stack handled most of the Internet traffic. With just a few remote users at a time, the VPN was never a chokepoint. Employees simply connected to a cloud application from the office, utilizing very little bandwidth in the process. The cybersecurity stack provided verification, and off you went.

When employees connect to a cloud application from home with VPN, they create a secure tunnel across the public internet to a centralized VPN at the office, which then creates a secure tunnel across the public internet to the desired cloud application. It’s an inefficient workflow that quickly overloaded VPNs and made them susceptible to things like distributed denial-of-service (DDoS) attacks.

Route1 Secure remote access

Don’t move data

The biggest issue with VPNs, however, concerns a more fundamental aspect of cybersecurity architecture: moving data. As soon as you move data outside of the corporate network, there is a risk. If the phone or laptop it resides on gets lost or stolen, it’s a potential issue. The same is true if a cybercriminal gains access to a VPN server or cracks VPN encryption, both of which can occur.1 In January 2020, the Department of Homeland Security issued an official alert2 regarding the vulnerability of over 14,000 VPN servers worldwide—the same issue that enabled hackers to enter and ransom Travelex systems around the world.3 For further reading, see What Is a VPN?

“As soon as you move data outside of the corporate network, there is a risk.”

Access data in place

Finding a way for employees to access their full desktops, cloud applications and everything else securely, while positively validating the identity of mobile users, has proven challenging. The solution is to avoid moving data entirely. Enable personnel to work with the data, but leave it in place. Thanks to accredited Route1 solutions, professionals in many industries, including U.S. military personnel, have the ability to access their full desktops from anywhere. They do so entirely securely, from non-secured devices on public networks—without moving data.

An Option for Data in Motion

True zero-trust, that can’t rely on “data in place” because of environmental or infrastructural factors requires a verified security solution that has been proven to be tamper-proof and remotely administered or “killed” from a thoroughly envisioned and tested management solution. Our device management server provides enterprise management capabilities that enable administrators to centrally register, block/unblock, revoke, set polices, integrate third party applications for secured access, audit, and “kill” devices remotely. Additionally, each time the user is connected to the platform, the audit functionality is synchronized, allowing the enterprise to monitor user actions as well as control access to the use of the devices in the ecosystem. By capturing log-on and log-off activity, device disabling and enabling, and activation code recovery actions, finance organizations can monitor users and devices from structured data that allows the determination of patterns of use and detection of suspect operational behavior, informing corrective action; with the highest level of confidence.

Keeping Data Secure

Five Military Crests

 

Route1 builds technology solutions with security as a first principle. That’s where our organization began and where it continues to excel: we invented data security and user authentication technologies that landed us patents in Canada and the U.S. and technology accreditations (ATOs) with the U.S. Department of Defense. From remote user authentication to a secure remote access solution that delivers their trusted desktop to personnel wherever they are, we help businesses of all kinds deliver military-grade data security.

 

1Flaws in 4 popular VPNs could’ve let hackers steal your data, researchers say, Cnet, May 2020

2CISA Cyber Infrastructure Alert (AA20-010A), January 2020

3Air Travel Cyber-Attacks: New York Airport Hit, Travelex Exchange Held to Ransom, Forbes, January 2020