With good conditional access, remote office is more secure and efficient

Telecommuting has become the future IT An integral part of strategy , The era of full-time on-site office seems to be receding . The outbreak of the epidemic has promoted IT industry Learn quickly how to support and manage a global workforce and customer base . Make telecommuting a long-term IT It is also urgent to implement the strategy .

therefore , Enterprises should understand the mixed office mode of remote office and on-site office in the future , And formulate relevant policies .

Compared with the information security of remote employees , Establishment of enterprise headquarters IT Security policy is a completely different idea . From a security point of view , When designing strategies for headquarters , More variables should be considered . for example , before IT You can easily monitor incoming IP Address as the starting point for login credentials , Now if the user doesn't pass VPN Connect , It is difficult to achieve this . therefore , Many enterprises still choose to develop security policies for remote employees first . The problem is how to establish a secure foundation for remote employees without affecting work efficiency .

So ,IT Departments can deploy zero trust policies , Zero trust assumed user 、 equipment 、 The network and other resources are not trusted , In addition to providing corresponding vouchers , Users must verify their identity or meet the conditions in a secure state to access the required resources .

In the initial phase of zero trust deployment , Enterprises can adopt conditional access policies , This policy stipulates that users can only access after passing certain authentication conditions  IT resources , These resources have nothing to do with the content that the user has been authorized to access through credentials , It's equivalent to the existing IT A layer of protection is added on the basis of the environment . The conditional access policy consists of three key factors ：

• Verify user identity

• Verify trusted devices

• Verify that the user is connected to the licensed network

The three elements of conditional access are described below .

1. Verify user identity

Verifying the user's identity is the first step to ensure the security of remote access , In addition to strong passwords, you can also use conditional access to manage all forms of credential control tools , Including multi factor certification （MFA）.

In case of voucher disclosure ,MFA It is a powerful weapon against phishing attacks , Can prevent hackers from using credentials from anywhere . However , Some enterprises think that if the user's network location can be verified, it may not be necessary to enforce an additional security layer , Conditional access can also be used to force remote employee input MFA voucher , Employees working on site can directly skip .

Enterprises can also implement multifactor authentication for specific groups that need access to enterprise resources MFA. for example , The customer service team only needs to communicate with customers by email , So you can skip MFA Prompt for direct access to the device , Employees in other departments must use the equipment MFA Protect critical software or systems in your business .

2. Verify trusted devices

To ensure that employees can only access resources from company security devices, device trust components can be used . When a user accesses a resource from a trusted device ,IT Departments can set policies , Reduce MFA Number of prompts for ; Use your own equipment （BYOD） And other untrusted devices will trigger the conditional access policy .

Conditional access also prevents employees from accessing company resources from untrusted devices ,IT Departments can set policies to specify which devices can access which company resources . For untrusted devices , Employees can only check email , No other access rights .

Now almost all devices can access mail and web pages , Enterprises IT Departments can take advantage of conditional access to properly control equipment and access rights according to relevant policies of the company .

3. Verify the network

The last element of a conditional access policy is a network trust policy . Since telecommuting is likely to be normalized in the future , Ensuring employees' network security is also an essential step .

1） Pass the white list  IP Identify network trust

The safest way to build network trust is to use known IP The address list allows employees to use the home network or VPN Access enterprise resources . Through the network trust policy , Enterprises can prevent employees from accessing sensitive resources on unreliable networks such as public networks , And connect to the home network or VPN Employees of can obtain full access rights .

But in practice , Once the remote user base has expanded to a certain extent , Or more changes in the employee's workplace , Network trust will also bring difficulties to management . therefore , The above methods of protecting network trust are more effective for small enterprises or enterprises with a fixed number of remote employees . When employees are connected to a secure licensed network , Network trust can be part of the condition , Relax user access authentication .

2） Conditional multifactor certification

Network trust can also be used for MFA Strategy . For example, in the white list such as the office network IP Address range reduced MFA A hint of , Access to other addresses is always required MFA Proof of .

3） Geofencing

If the enterprise is only limited by the nature of its business and cannot be managed IP White list ,IT The Department can still verify the location of employees to ensure access security . Suppose an employee in Shanghai tries to get a job from IP Address to get enterprise resources , No matter what credentials the employee holds , Geofencing policies will prevent such users without access rights from accessing resources .

4. Conditional access policies for remote employees

Conditional access policy can help enterprises better control employee access , At the same time, improve the user experience . Conditional access is based on the zero trust principle , It can ensure that only authorized personnel can access company resources at authorized locations through trusted devices . Besides , Employees can also use MFA And other ways to access resources .

In a zero trust environment , Conditional access not only creates security policies for access , It also guides the macro security framework . Enterprises need to realize the importance of being vigilant about information security in the remote office environment , And it can be relaxed flexibly only when certain conditions are met . meanwhile , Conditional access allows an enterprise to IT Departments restrict access from unmanaged devices and risk Networks , As long as employees meet the corresponding security conditions, they can still obtain full access rights .