Ensuring Remote Access Availability & Security
It’s clear that the COVID-19 virus has greatly impacted our lives in all aspects.
New terms like work from home, social distancing, and home isolation have stormed into our lives and altered our behaviors; we meet less people, go out less, and avoid in-person meetings.
Market and Behavior
These lifestyle changes are impacting our online behavior; our consumption of video streaming (Netflix, YouTube), online games, e-learning, e-commerce and remote-work has spiked like never before.
With regards to remote work, companies around the world have mandated work-from-home policies, meaning millions of workers are no longer coming to the offices and are staying at home. As such, the use of SSL-VPN and remote desktop protocol has gone up by 30% – 40%, signalling the scale of work-from-home usage. Remote access has become the most significant IT resource out there, and we must ensure its availability or else risk the organization’s and employee productivity.
With so many millions of people connecting remotely, global internet traffic is rising exponentially. For example, since the start of COVID-19, U.S. traffic is up 40% and in some European countries, like the UK and Italy, traffic has roughly doubled. Similar trends are also occurring across the Asia/Pacific region.
Manageability, Visibility and Continuity
Indeed, COVID-19 has accelerated and emphasized the importance of the digital transformation that many organizations are making. We see more and more applications transitioning to the cloud, bringing complexities with them; suddenly, applications are scattered across multiple environments, each with its own interface, set of tools and delivery methods.
This affects many personas within the organization, as they need to master new solutions with variants per cloud environment to deliver a consistent service.
Unfortunately, it’s not just us “good guys” who are changing behaviors; hackers are likewise adapting to this new environment. As a result, we’re seeing more and more attacks, not just in terms of frequency but also in their volume and sophistication.
- Increased threat surface – If the whole (or most of the) workforce is remotely connecting into the enterprise using a VPN or remote desktop solution, a DDoS attack could bring the whole business to a grinding halt.
- More load on the internet and cloud infrastructures – With so many more remote workers and people in isolation consuming digital content, tipping the scale to unavailability of services requires much less effort than before.
- Last but not least, we’re seeing an increase in malicious activity like phishing, ransomware and all kind of scams leveraging the COVID-19 situation, including bad bots for data theft, denial of inventory, account take over, fraud and DDoS attacks.
Case in point: We saw 1.8 times the number of DDoS attacks in April compared to March, and 3.9 times in total attack volume. In web application attacks, we blocked more than 80 million attacks in April alone.
Per the points discussed above, there are four main takeaways for enterprises focusing on their IT environments during this extraordinary period:
- Enable capacity expansion. You need to ensure sufficient capacity for remote access, so you need to scale that infrastructure.
- Ensure remote access availability. Remote access has become the most important IT infrastructure, controlling entire workforce’s productivity, so this infrastructure must be available at all times. Redundant connections, redundant firewalls, SSL VPN — these infrastructures must be up at all times.
- Protect remote access infrastructure & apps. As remote access became the most business-critical asset, it is also the most critical target for hackers. Therefore, securing this infrastructure is of the utmost importance, especially against denial of service attacks, but generally against any attack that targets the availability of this resource.
- Secure cloud environments. Last but not least, as we move more and more applications to the public cloud, it’s crucial to put the right security controls in place and secure this environment.