|

Secure Teleworking: Protecting data in the Cloud

The COVID-19 pandemic has brought about drastic changes at a social level that would have been difficult to imagine a few weeks or months ago. The situation of confinement in which many countries find themselves, with most of the population unable to leave their homes, is something we were not prepared for and have had to quickly get used to.

Something similar has happened at the work and business level, however, the work does not stop: hospitals, logistics companies, medical material production services, etc. must continue working, and for the rest of the non-critical services in this situation, remote work or teleworking has been imposed at a fast pace.

Normally, establishing new architectures, information systems, tools, etc. is something that takes time, especially in large companies. In this case, many CIOs have been forced to implement remote architectures and work processes in record time.

Many corporate systems are not designed to work from home. Perhaps they are, since in most companies teleworking has been carried out more or less extensively: users take their work home, on weekends, etc. to carry out certain urgent tasks. The difference is that now telework has had to be implemented throughout the organization without exception.
 

Teleworking Securely

On the other hand, never in history has so much traffic and so much critical corporate data had to be managed from home. In many cases we are seeing how communication lines, VPN systems, etc. were not prepared for so many volumes of data.

Although in the first phase of the implementation of teleworking, agility and the possibility of giving remote access to the systems has been a priority, the CISOs have also had to establish procedures and tools to work safely.

Now more than ever we are seeing how it is not enough to protect the perimeter of the company. With information scattered in multiple locations, in the cloud, at employees’ homes, etc. it is now more critical than ever to have security that travels with the information.

Cloud storage applications such as Box, OneDrive, G-Drive, collaborative work applications such as Slack or Microsoft Teams, video conferencing tools such as Zoom or GoToMeeting allow critical work to continue and we can all enjoy certain services that are indispensable in this crisis, while on the other hand allow us to do our job.

Customers expect their suppliers to continue to maintain a high standard of security when processing their data, blocking possible threats and keeping them safe from possible security breaches.

One thing that is striking is that in crises, security or cyber security risks increase. The bad guys see a unique opportunity to act on the misdirection, chaos, and take advantage of it. A few weeks ago we watched in the press in astonishment as even hospitals were hit by cyber attacks in the middle of the covid crisis. In fact, unfortunately, phishing attacks have increased these days.

Furthermore, we have to take into account that in many cases we are the enemy. We are in a new working environment, with our personal teams, with even new and recently implemented tools and even in many cases with the right training to manage them.

Many of the problems of data leaks come from unintentional actions or errors and we have created the perfect breeding ground for these to occur. As stated in this article, we cannot place all the responsibility on users, who are not fully trained, to protect themselves against expert attackers who are highly motivated to make a profit.
 

Protecting Data in the Cloud is essential

At SealPath we have prepared a series of articles showing how to secure or protect your information in different use cases in a remote work context. In this article, we start with protecting distributed and shared information through Cloud storage systems.

As we mentioned above, one of the tools that are enabling many businesses to continue in a teleworking environment is cloud storage applications. Systems such as Box, OneDrive, Google Drive, SharePoint Online, etc. are making corporate information more accessible in this context.

The case of use of many companies is being the next for these tools:

  • Much of the company’s documentation, including criticism, has been uploaded to these systems and made available to home-based employees.
  • Employees download the documentation to their personal computers and work with it, modify it and then store it again in the cloud.
  • Users share this information inside and even outside the company in newly created folders and in some cases without being able to organize it sufficiently.
  • In many cases users install and work with applications such as Box Sync, Box Drive, OneDrive, etc. that generate copies of the information locally, having the information not only in the cloud but large volumes of data locally.

This critical data is being stored on these systems and downloaded to the users’ computers, and as stated above we have an obligation to keep our customers’ and the company’s information as secure as possible despite the need for agility.
 

How can SealPath help me keep critical business documentation protected and under control in the cloud?

SealPath allows you to apply protection to the documentation that travels with it and accompanies you wherever it is stored, whether it is in the cloud or on an employee’s computer. In addition, it allows you to control what can be done with the information (just view, edit, copy and paste, print), and to have a complete audit of who is accessing, if someone tries to access without permission, etc. On the other hand, it offers the ability to destroy this information remotely by revoking access to it, even if it is on computers or devices that we do not manage.

In the case of use seen above, SealPath can help us in the following way:

 

proteger datos nube sealpath

  • Through SealPath we can automatically secure information in these Cloud systems (e.g. Box, G-Drive, OneDrive, SharePoint Online, etc.). When a document is uploaded or copied to a Cloud folder controlled by SealPath it will be automatically protected and distributed.
  • Even protection can be applied to certain folders on a file server that we want to synchronize with the cloud, making this information when it moves to the cloud, travel protected.
  • I can apply a SealPath security policy to these folders or repositories where, for example, only users internal to the organization can access them.
  • If users download the documents, they will be protected and under the control of the company.
  • If I have given more permissions than I should have in a certain folder, I know that the document itself will be protected and only those who have wanted to have access to it will be able to do so. If it’s shared by mistake with someone outside, we make the folder “public” by mistake, etc. the documents will still be protected and only internal users of the organization will be able to access it.
  • In addition, with SealPath Secure Browser, users will be able to work by accessing and editing documents in the browser without having to download or install agents.

 

documentos protegidos nube abrir navegador

SealPath can be quickly deployed and make these cloud sharing flows to enable remote work, properly protected.

Beyond enabling telework, this crisis is an opportunity for CISOs to identify where the most valuable information is and to protect it, whether on an internal server, in the cloud, or on users’ personal computers, if the current situation so requires.

In addition, the security department will be able to monitor activity on this sensitive documentation throughout the organization and identify possible anomalies. And if necessary, prevent access to it from remote or personal teams, once the crisis situation we are going through has been normalized.

In future articles, we will show you how SealPath can help with other common uses in a teleworking environment such as sharing information through collaborative tools like Slack or Microsoft Teams, or accessing sensitive information via VPNs.

You can read this article in SealPath website

CALENDARIO DE EVENTOS

¿Necesitas más información?


    En cumplimiento del art. 13 del Reglamento (UE) 2016/679 General de Protección de Datos, le informamos de que INGECOM IGNITION tratará sus datos personales con la finalidad de gestionar su consulta. Puede ejercer sus derechos en materia de protección de datos mediante solicitud a nuestro DPO en gdpr@ingecom.net. Puede obtener información adicional sobre el tratamiento de sus datos en nuestra política de privacidad publicada en www.ingecom.net.