How do you provide someone a secure well managed Desktop PC and apps without having to provide an expensive laptop or desktop tower that has a limited lifespan? Virtual Desktops are a common solution to this conundrum. A Virtual Desktop allows a person to use whatever device they want (like a home PC, smartphone, iPad etc) to access a remote desktop server running on centralised hardware in an organisation’s server room or datacentre. That is what is meant by a Virtual Desktop Infrastructure (VDI) solution. Although these solutions have been around for decades from companies like Citrix, Microsoft and VMware, they have required a lot of high-end hardware and specialist expertise to make them work well. Due to that requirement, they often have not been able to meet the promise of being a more cost-effective solution than just giving everyone a laptop.
With the COVID-19 pandemic we have seen an acceleration of the shift to remote and hybrid working that was already well on its way beforehand. Other scenarios like organisations expanding through mergers, or starting partnerships with other companies, or having temporary/seasonal staff, can add further challenges to onboarding and provisioning IT services, business continuity, and security and compliance.
VDI is a great solution to those challenges but many organisations don’t have the capacity to deal with that demand. Cloud service providers like Microsoft and Amazon have helped to address that issue with Amazon Workspaces and Azure Virtual Desktop (previously known as Windows Virtual Desktop). By using these Cloud options you no longer have to worry about pre-purchasing a large amount of hardware and calculating complex capacity requirements – you can set up the networking, Virtual Desktops, applications etc all in the Cloud and scale it up and down as demand changes. However, you still need that specialist expertise to get it right in the first place.
Microsoft wanted to make providing Virtual Desktops just as easy as providing someone an email mailbox. Microsoft 365 makes it super simple to configure email services through Exchange Online, meaning organisations no longer need a team of Exchange Server administrators to run its own unique instance, could the same be done for VDI?
Microsoft want to make our digital world safe for everyone by providing security that reflects, empowers and includes everyone. When Microsoft says security for all it really means all:
All organisations, big and small
All your data
All clouds (Azure, AWS, GCP etc)
All your people (wherever they are)
All your devices and platforms
All the risks you face
All the opportunities ahead
As always, there is an evolving threat landscape. Microsoft gather over 8 trillion security signals a day and have seen an increase in cybercrime, ransomware and nation state attacks. These have been led by attacks emanating from Russia, but also Iran, North Korea and China. Microsoft produced a Digital Defence Report in September 2020 that describes the current threat intelligence landscape and provides guidance and insights from experts, practitioners, and defenders at Microsoft.
Many organisations see external breaches as the biggest threat to their data security and spend millions building walls to guard themselves against hackers. It may come as a surprise to many that insider security threats – both intentional and accidental insider abuse and misuse – were seen to be by far the biggest cause of data leakage in 2015. With this in mind, it is imperative that you take steps to ensure you understand what your employees are doing with sensitive data.
The repercussions of insider threats can be enormous and can often go unnoticed. An insider may already have keys to the door so won’t trigger any security measures and they may already know where sensitive data is stored. Many cases of insider data breaches have been accidental, but the outcome is still the same – potentially large chunks of company profits spent on damages.
How to identify insider threats
In general, there are three types of insider that could be a threat to your organisation:
Malicious Insiders
Malicious insiders could be a current or former employee, a contractor or any other business partner who is authorised to access your organisation’s data. The motives for their attacks could range from revenge against a company they feel has mistreated them to simply personal profit. Theoretically everyone with access to your data could potentially exploit it for personal gain.
People who make mistakes unintentionally
A large proportion of data leakages occur due to honest mistakes on the part of insiders. They may have been caught in phishing scams, given their password out when they shouldn’t or left their account logged on across multiple machines. These threats are easier to detect and preventable by taking the right measures.
Outsiders posing as insiders
These are external attacks using an authorised user account with real credentials. External hackers can gain access through inactive accounts or by guessing passwords. Whichever way they gain access, they use genuine account details so do not show up as external threats.
Regardless of whether an insider leaks data intentionally or accidentally, you still need to make sure you are taking preventative measures to mitigate the risk. Dealing with insider threats is an ongoing, pro-active process that requires time and dedication.
How you can mitigate the risks of insider abuse
Know where your sensitive data is
It’s very important to know which areas of your IT infrastructure are the most likely to be of value to potential insider threats. It is also important to understand who has access to this data and how regularly it is accessed. Knowing these things will enable you to better detect when something out of the ordinary occurs in files and folders with sensitive data.
Evaluate your security strategy
Security breaches should be treated in the same way as a fire – there should be regular evaluations of safety regulations and ideally testing should take place to assess your current reaction to breaches. This kind of testing should enable you to spot anything you have overlooked or any loophole that currently exists.
There are some basic security practices you can enrol that will help firm up security; including patch-management procedures, IDPS configuration, passwords and authentication policies, firewalls and log review procedures.
Be sure to also look at how up to date your current security measures are. Threats evolve very quickly, and new versions of critical IT systems are released fairly regularly, it’s important that you stay up to date.
A regular and pro-active approach to auditing and monitoring critical IT systems needs to established. This will enable you to track activity in files and folders to ensure only the right people are accessing the right data. Being constantly aware of this will help you mitigate the damage should a data breach occur.
Maintain a least privilege policy
Employees often move departments, get promoted or be tasked with something that requires extra levels of permission. In all these cases new permissions may need to be granted and old permissions may need to be revoked. Maintaining a least privilege policy by monitoring these changes can ensure that only the right people have the right levels of access to the right data. Accounts with inappropriate levels of access are more likely to be damaging to your organisation.
Make insider threats a priority
Often the main issue is that certain people within the organisation won’t admit there’s a problem. Unfortunately, with insider threats, it’s only a matter of time before you experience the problem for yourself. Keep insider threats at the forefront of your mind when developing new security plans, assigning new permissions or managing employees.
Monitor your users
If you are able to make use of behavioural analytics tools, like User Behavioural Analytics or Network Analytics, then make sure you take advantage of them. These tools will highlight any behaviour deemed abnormal after establishing a base-line for what normal is. It can also simplify the process of identifying users with high-risk identity profiles.
Conclusion
Insider threats should be the number one cause for concern for any organization when it comes to protecting their sensitive data. Organisations that store personal information about their employees, clients, partners or customers have a duty to protect that information. A simple way of ensuring that you are able to pro-actively audit and monitor your critical IT systems is to deploy an automated solution like LepideAuditor Suite. This solution can clearly show who accesses what information as well as when and from where it was accessed. It actively audits, monitors and alerts on changes made to critical IT systems, tracks current permissions and permission changes and monitors all aspects of file/folder activity – all from a centralised console. Be sure to consider using an automated solution, like LepideAuditor Suite, when you address insider security threats in your organization.
Thom's HeadSpace 