Then, look at the controls you’re able to extend to the clients themselves, and find the right balance of risk and productivity that fits your organization.” “Understand the security controls you give up by not flowing the connections through your internal infrastructure.
“When evaluating your VPN configuration, identify the highest compliance risks to your organization and make them the priority for controls, policies, and procedures,” Patton says. It’s also important to review your VPN structure for updates.
“We see split tunneling as a gateway to prepare our workforce for our Zero Trust Networking posture, where user devices are highly protected from vulnerability and employees use the internet for their predominant workload.” “Hardened local area networks that previously accessed internal applications are a model of the past,” Suver says. Phil Suver, a principal PM manager in Microsoft Digital, says working remotely during COVID-19 gives employees a sense of what the Zero Trust experience will be like when they return to the office. To access corporate resources, these employees use Privileged Access Workstations, a dedicated operating system for sensitive tasks, to access a highly secure VPN infrastructure. This is the case for Microsoft Digital employees in owner and contributor roles that are configured on a Microsoft Azure subscription as well as employees who make changes to customer-facing production services and systems like firewalls and network gear. While most employees rely on our standard VPN infrastructure, Microsoft has specific scenarios that call for additional security when accessing company infrastructure or sensitive data.
The team also recommends using a dynamic and scalable authentication mechanism, like Azure Active Directory, to avoid the trouble of certificates. “This ensures that only registered devices that comply with company security policies can access corporate resources, which reduces the risk of malware and intruders.” “Before an employee can access an application, they must enroll their device, have relevant security policies, and have their device health validated,” Patton says. To support this transformed approach to security, Microsoft adopted a Zero Trust security model, which manages risk and secures working remotely by managing the device an employee uses. “Instead, each application that an employee uses enforces its own security management-this means employees can only use an app after it verifies the health of their device.” “We no longer rely solely on the network to manage firewalls,” Patton says. Moving most of the work that employees require to the cloud only became possible after the company adopted modern security controls that focus on securing devices. Securing remote workers with device management and conditional access “We’re applying the same Zero Trust principles to our VPN traffic, by applying conditional access to each connection.” “We need to make sure our VPN infrastructure has the same level of corporate network security as applications in the cloud,” says Carmichael Patton, a senior program manager on Microsoft Digital’s Digital Security and Resilience team. “This takes pressure off the VPN and gives employees more bandwidth to do their job securely.”Įighty percent of remote working traffic flows to cloud endpoints where split tunneling is enabled, but the rest of the work that employees do remotely-which needs to be locked down on the corporate network-still goes through the company’s VPN. “Adopting split tunneling has ensured that Microsoft employees can access core applications over the internet using Microsoft Azure and Microsoft Office 365,” says Steve Means, a senior service engineer in Microsoft Digital.
With split tunneling and a Zero Trust security strategy.Īs part of the company’s Zero Trust security strategy, employees in Microsoft Digital redesigned the VPN infrastructure by adopting a split-tunneled configuration that further enables the company’s workloads moving to the cloud. So then, how is Microsoft ensuring that its employees can securely access the applications they need? VPN usage increased by 70 percent, which coincides with the significant spike in users working from home daily. This became increasingly apparent when Microsoft prepared for its employees to work remotely in response to COVID-19. Microsoft’s cloud-first strategy enables most Microsoft employees to directly access applications and services via the internet, but remote workers still use the company’s virtual private network (VPN) to access some corporate resources and applications when they’re outside of the office.
0 kommentar(er)
