ExtendedEnterprise.IO a Cybersecurity Framework for a Secure Digital workplace
Advances in mobility and client computing technology combined with the ubiquity of the Internet and social media are creating a culture and desire for constant connectivity and anywhere access to information. As these trends extend from the home into the workplace, the classroom and even into government entities, CXOs should consider the opportunities for increased productivity and communication with customers and constituents seriously, as well as understand the increased security risks posed by online, anytime access to private networks and data
Work now happens everywhere. Employees are accessing information and applications at the office, from home, in cafes, and even at 10,000 feet, on many personal and corporate endpoints, across a variety of networks. Today’s expanding organizational, and work perimeters provide even more excellent opportunities for cybercriminals. Modern zero-day threats and Man-in-the-Middle (MITM) attacks are good examples of the response from governments with increased cyber regulations and compliances that have introduced in the past two years.
Leveraging EUC technologies and SD-WAN can help mitigate the risk and exposure for companies allowing remote workers or contractors into the corporate perimeters but when relying on this can cause gaps in both your security and compliance. The Extended Enterprise Framework supports the evolving digital workspace and the need for enterprises to embrace a framework of trust between the components in their security enclave. The Extended Enterprise Framework for Cybersecurity worksheet was created to help identify these gaps. My recent Cybersecurity research into 2018’s Data breaches and new breach compliance laws implemented this year in the US designed the EEF.
Trying to keep up with new regulations and compliance frameworks both national or global is the use case for using the EEF. The EEF worksheets are here. This worksheet is blank with 13 boxes with examples of the type of technology in those areas. Fill it out with your current security and access capabilities. Then compare it to the EEF impact vectors diagram to see areas where your identified gaps have vulnerabilities. Then compare it to the EEF Breach report for 2018 to look at the companies that had those same gaps breached in 2018.
This month’s spotlight EEF Worksheet is on Citrix Virtual Apps and Desktops 7.X. Citrix is a EUC technology company that focuses on both EUC and SD-WAN. Citrix is leveraged in a 3rd party remote worker or contractor use case in many companies today. This technology had many complaint and security capabilities to support this capability but based on the EEF gap analysis it highlights where it is susceptible to advanced phishing techniques using social engineering and programming expertise, bots, and ransomware threats without both advanced configuration and 3rd party integrations. Are you using Citrix for remote contractors? Are you configured for the gaps? Like OS security flaws visibility, governing access and control, Virus scanning and Compliance monitoring? Use this month’s EEF for Citrix Worksheet to help build your gap analysis for your contractors and remote workers.
Using EEF for guidance can more effectively safeguard 3rd party access as your digital workspace strategy expand and evolve at the same time as dynamic cyber threats escalate and adapt to target new vulnerabilities beyond traditional perimeters. http://extendedenterprise.io