Secure Remote Access to Transactional Middleware Environments in The New Work-From-Home Paradigm
Some of you who are reading this right now, have probably not stepped into an office in a very long time. Or even if you are in the office, maybe the cubicles don’t seem as full as they used to be. Either way, it’s become apparent that remote work and hybrid work are going to be the way many organizations operate in the future. As this reality solidifies, secure remote access, especially for those who work with sensitive transactional messaging and middleware, becomes a looming concern.
Surely the work-from-home trend has provided many benefits, not just for employees but for organizations as well. A study by The Quarterly Journal of Economics of 16,000 workers found that working from home increased productivity by 13%. A study by Prodoscore reports an increase in productivity by 47% since March of 2020 (compared to March and April 2019) due to remote working. As shown in this article from Squaretalk, various studies attribute the increased productivity to no commute, improved work-life balance, less watercooler talk, and increased exercise leading to improved mental and physical health. And as the trend continues, studies show that remote work is expected to Decrease Office Density and Demand, reducing the cost of corporate real estate.
But it’s not all roses
Secure remote access refers to any security policy, solution, strategy or process that exists to prevent unauthorized access to your network, its resources, or any confidential or sensitive data. Essentially, secure remote access is a mix of security strategies and not necessarily one specific technology like a VPN.
As organizations rush to move everything from on-prem, into the cloud, to accommodate this remote workforce, secure remote access to sensitive corporate systems is now a huge concern. According to a recent Tenable study conducted with Forrester, 74% of organizations attribute recent business-impacting cyberattacks to remote work tech that lacks secure remote access.
And it’s fair to be concerned. There’s only so much one can do to survey all your employees at all hours of the day. Just go to a coffee shop and look at how many people are using personal devices for working tasks over unsecured networks. There’s also the risk of someone else using these personal devices and getting access to sensitive information. As the lines of home and work are getting blurred for your employees, you need to think about the 3rd party applications and solutions your organization is implementing and if your security parameters in place are enough to minimize your risk from them.
That was our whole idea when we started Infrared360® at Avada in 2006. We were a remote workforce way before the trend started. That’s a big part of why we designed Infrared360 to provide secure remote access capabilities to transactional middleware. Aside from being clientless and agentless, we also ensure secure remote access through capitalizing on an organization’s existing security parameters to log in to the product. Whether you use SSO, certificates, LDAP, 2-Factor Authentication, Hardware Tokens, it doesn’t matter. This is critical because it does not introduce an additional security layer that is not under the control of your IT team and could potentially add an unseen vulnerability. In today’s world, even with the reams of pre-screening and testing, I would not really trust a solution without this characteristic.
A Secure Remote Access webbing
But secure remote access isn’t one specific parameter, like a password policy, it’s a mix of security strategies. This why Infrared360 also includes Trusted Spaces™ where we further enhance secure remote access with Administrative-driven, granular-level limitations to what remote workers can access in your transactional middleware environment. Trusted Spaces works in the combination of two security “planes.” A transactional middleware administrator can limit or grant what a remote worker (or any worker for that matter) can see and combine that with varied restrictions on what they can do with objects they’re allowed to see. This translates into secure remote access similar to how a top-secret project is built in segregated parts without anyone on the project ever seeing the whole. Even if a nefarious someone was to compromise one remote worker’s access, it would be siloed to only a slice of company data.
Since, we are a transactional middleware management portal, we are involved in discussions around security and secure remote access regularly with all our large enterprise clients with remote workforces. And, while the characteristics we lend to an organization’s secure remote access may only be part of an overall secure remote access strategy, the key point I wanted to get across is that remote and hybrid workforces are here to stay and as you consider secure remote access to transactional middleware environments, look for ways to do it without adding additional security layers and in ways that limit remote access visibility and capabilities.
It’s my hope that you took something out of this blog and I would be happy to talk to anyone about your experiences with remote work, secure remote access, and how it affects your transactional middleware environment.