BUGS BYTE
Your Company is Remote But is it Secure?

Your Company is Remote – But is it Secure?

2020 has forced many companies to rapidly switch their teams to remote work, sometimes moving hundreds of employees to remote access within days. IT teams across the globe scrambled to set up these new infrastructures, resulting in quickly patched-together solutions that may need reevaluation as companies settle into the remote work routine. Now is the time to assess and optimize your company’s current remote setup and ask:

How secure is your network?

Securing Your Remote Workers

A secure and easy-to-use is important as employees navigate workspaces without colleagues or IT teams in the same physical space. Fortunately, these concerns can be addressed.

Secure User Access

Working from home comes with its own set of security risks but securing access to your company’s network is an excellent first step toward minimizing these risks. Use the following tools to secure user access:

  • Conditional Access: Allows you to control access to your network based on location, app, device state, and user state.
  • Multi-Factor Authentication: Protects your network against lost or stolen passwords.
  • Virtual Desktops: Allows you to build a virtual desktop for workers which gives them remote access to the information in the virtualized session and prevents them from saving any data on their local workstations.

Manage Devices

In addition to securing user access, it is important to secure their devices, too. This has become more difficult with more people using laptops, desktops and other mobile devices to access company data, but there are solutions for securing this technology, too:

  • Mobile Device and App Management: Helps manage work data on mobile apps and decide how much control you want to exert on mobile devices accessing your company’s network.
  • Antivirus Protection: Along with keeping devices up to date and strengthening security policies, protect critical data with antivirus and ransomware protection.
  • Automation: Seamlessly deploy and provision apps, configurations, and user settings across all network users and devices.

Protect Data

Another crucial aspect of network security is data protection. Policies that control access and sharing of data must be put into place. Implementing these measures prevents phishing and ensures confidential data, including social security numbers and other personal identification information, is secure.

Data protection can help in the following ways:

  • Data Loss Prevention: Protects against accidental data leaks, allowing you to detect, monitor, and defends confidential data from being unintentionally shared while helping users learn how to stay compliant without interrupting their workflow.
  • Information Protection: Control access to data and documents by allowing you to decide whether an email or a document can be viewed, forwarded, or printed by a non-employee.
  • Cloud App Discovery: Prioritizes apps, identifies high-risk users, and allows you to integrate applications to enable single sign-on and user management.

Other Security Features

As teams across the world continue to tackle the remote work environment, introducing additional security updates to your organization can ensure protection against threats and introduced new security offerings. These security features include:

  • Strengthen Endpoint Management: Allow your IT teams to make remote and hybrid work possible with the support and management of virtual endpoints. Drive your IT team’s efficiency by enabling the management of virtual desktop infrastructure solutions within the same console as their physical desktops.
  • Defend the Security of Your Network:;Provide security solutions against complex phishing and ransomware attacks by implementing sophisticated attachment scanning, automatic checks of links, and anti-spoofing intelligence.

Need Help Securing Your Network?

BUGS BYTE understands the necessity of securing your IT systems to make it safe for your teams to work remotely. By using BUGS BYTE’s Secure Remote Work Environment services, you can rely on us to assess your current strategy, identify and remediate any gaps, and help you plan for the continuous management of this strategy for the future.

2020 has forced many companies to rapidly switch their teams to remote work, sometimes moving hundreds of employees to remote access within days. IT teams across the globe scrambled to set up these new infrastructures, resulting in quickly patched-together solutions that may need reevaluation as companies settle into the remote work routine. Now is the time to assess and optimize your company’s current remote setup and ask:

Need Help Securing Your Network?

BUGS BYTE understands the necessity of securing your IT systems to make it safe for your teams to work remotely. By using BUGS BUYE’s Secure Remote Work services, you can rely on us to assess your current strategy, identify and remediate any gaps, and help you plan for the continuous management of this strategy for the future.

BUGS BYTE—Transforming the customer experience through tech-enabled managed services

Today’s choices for mobility, cloud, infrastructure, communications, applications, and operations are mission-critical for small, mid-sized, and large enterprises.

BUGS BYTE, is leading the transformation into technology solutions as a service with our tech-enabled managed services portfolio and a commitment to technology innovation, operational excellence, and client intimacy.

Recognized by industry leaders and industry-leading publications, BUGS BYTE has 25 years of operating history delivering exceptional client experiences that directly result in competitive advantage, cost-savings, growth, and improved operational efficiencies.

Visit BUGSBYTE.COM, email info@BUGSBYTE.COM, call (773) 312-5001, today for more information.

Cisco Meraki Logos
Meraki MX Firewall as a Cisco ISR Router

If you are looking for a solution so replace your aging fleet of Cisco ISR 2900 and 3900 routers – then you are not alone. See how we ended up with Meraki MX firewalls as this story unfolds.

Cisco’s end-of-life announcements ends software maintenance and security support at the end of 2020. By 2022 the entire lines are considered obsolete and no support is offered.

A metropolitan housing authority in Ohio has found themselves in this position. They have a couple dozen properties in the county with small connected management offices. They reached out to us for a solution.

The proposed solution is Meraki MX67W at each management office or branch.

The unique component to this solution is their WAN topology. In this case, each branch is connected to a datacenter by a private MPLS cloud. Each branch then traverses a datacenter uplink for public access.

In contrast; most topologies will have direct internet access (DIA) to each branch, which is also used as IPSec VPNs for connecting to other sites.

The fundamental difference with the customer’s WAN topology is that there is no reason to firewall the branches’ uplinks to the datacenter. Further the datacenter can NOT be firewalled when reaching the branch. Similarly NAT (network address translation) breaks the organization’s access to each respective site.

Finally the point-to-point links, or the private MPLS, costs per megabyte are magnitudes higher than the cost per megabyte for broadband.

Our solution replaces the routers with firewalls but circumvents the firewall features for the inter-site traffic. Further, the design allows the customer a future transition to the far less expensive broadband without the purchase of any equipment.

The problem with the design is that Meraki MXs are managed thru the Meraki cloud, they call it their “Dashboard“. The MX will only connect with the Dashboard over a WAN interface that is both firewalled and NAT’d. But we cant have the uplink traffic inspected nor manipulated.

In our solution we proposed two options:

  1. NAT Exemption” & firewall whitelist
  2. A dedicated link for Dashboard access

The problem with the NAT Exemption feature is that it is not fully supported by the vendor, Meraki. It has been in BETA testing for over two years.

The problem with the dedicated link for Dashboard access is that the Telco equipment may not have the extra port. Or the Telco may not provision more than a single port for the customer.

It remains to be seen which way this cookie crumbles when the customer weighs in. While both options have their associated risks, the design process and considerations were a good exercise.

Which way would you go if you were responsible for the environment after the IT consultant walked away?