Clouds and IS (part II)

Clouds and IS (part II)


IT NewsFacts and Forecasts Market Reviews

Evgeny Kuryshev | 06/10/2020

Clouds and IS (part II)

(Ending. Beginning in IT News No. 5/2020)

Required vs. optional

To implement remote work scenarios, there is a basic set of recommendations and settings in the field of information security, which are mandatory for implementation. At the same time, a number of points can significantly improve the level of
safety, but at the same time are advisory in nature. What is really included in these lists?

Head of Information Security Department at Talmer Nikita SEMENOV believes that everything depends on the specifics of the client’s business and on what data a particular employee works with, but absolutely
mandatory are remote access VPN to protect the communication channel and an antivirus solution with up-to-date signatures on the end device to provide the minimum acceptable level of protection. “Further
the variations begin: choose RA VPN using encryption according to GOST or not, whether to use means of protection against unauthorized access, whether secure containers are needed to store corporate information, tokens
or smart cards for user authentication in systems. And similar issues of an optional nature, ”he explains. – The most preferred option from our point of view is VDI with remote
access VPN or with an integrated two-factor authentication system (one-time PIN codes or corporate certificates, the second option is preferable). ”

Such systems are able to satisfy the requirements of 152-ФЗ, STO BR IBBS and even 187-ФЗ subject to the installation of administrative access controls, certified firewalls and
VPN with encryption algorithms according to GOST. Moreover, the simplest situation is for companies that have long made the choice in favor of VDI and thin clients instead of full-time jobs. According to Mr
Semenova, this is a universal solution with a minimum composition of expensive security tools that allows you to flexibly manage your IT and information security infrastructure, meet the requirements of regulators and legislative
acts, and also save on IT equipment.

Deputy General Director of Aladdin R.D. Alexey SABANOV notes that the documents that spell out the requirements for organizing information protection were read only by those who
it was necessary to certify their information systems, or during inspections conducted by the FSTEC of Russia. “For remote access to be protected,” he recalls, “you must use strict
multi-factor authentication, and critical roles (privileged users) require hardware devices that are separate from the IP with a non-extractable key. If your data is stored in the clouds,
then access to them should also be ensured only with the use of strong authentication, and it is recommended that the data itself be encrypted using domestic cryptographic algorithms. ”

Murat MUSTAFAEV, Head of Information Security Services, Ontanta Company (part of the LANIT Group) He told how this problem is being solved in his company. So, all employees are given a portable
a personal computer on which licensed software with the latest service packs is pre-installed, an anti-virus protection tool with up-to-date signature databases, and a VPN client for
remote connection to a corporate network. Mr. Mustafayev warns against using the PPTP protocol for these purposes: in addition to the protocol itself and its components, there are a number of vulnerabilities, a gateway
With PPTP, it is easy to detect network scanners on the Internet, since it runs on a fixed TCP port. Its only plus is the ease of setup.

“We use a multi-protocol VPN server for the safe work of employees within the company’s network with the obligatory separation of ports and networks. As an option, you can enter the second factor
authentication to connect to the internal network – this will undoubtedly increase security and complicate the work of the attacker as much as possible, ”Mr. Mustafayev explains. In addition, he recommends
use anti-spam mail systems to filter mail traffic and protect against phishing mailings.

Director of SOC JSC NIP Informzashita Ivan MELEKHIN considers it necessary to increase the awareness of employees about the risks of information security, especially when using personal equipment. Besides
it is necessary to implement means of monitoring and responding to cyber threats, to protect information that falls on personal devices that go beyond the perimeter of the organization. Extremely useful, he said
consider migration of part of the infrastructure to the clouds to ensure unified access regardless of the location of the employee.

Head of Zecurion Analytical Center Vladimir ULYANOV notes that if the office could rely on organizational measures, the banal presence of colleagues, the presence of video cameras,
physical security service, then when working from home this is not applicable. In addition, people have direct access to information on weekdays and weekends and are not limited in preparation time for the attack. Therefore without
It is impossible to count on the protection of confidential data of technical means for controlling the movement of information, he said.

Director of Information Security “MyOffice” (“New Cloud Technologies”) Alexander BURAVTSOV recommends, first of all, to use channel encryption tools to ensure control and reliable data protection
communications, mobile device protection, firewalls, antiviruses. If you have the appropriate resource, you can also configure multi-factor authentication, restricting access to unauthorized
users, the appointment of a set of minimum necessary rights and programs for users, monitoring security events. In addition, believes Mr. Buravtsov, it would be useful to conduct regular
corporate network vulnerability analysis. When using home Wi-Fi to access the Internet, it makes sense to protect the network with a strong password.

Director of the Cyber ​​Defense Center DataLine Vasily STEPANENKO believes that you need to connect to corporate resources, even via VPN, through a trusted (preferably your own) Wi-Fi router, which is necessary
protect with a unique and complex password. The user needs to update both the OS and applications, including the browser, video conferencing tools, archivers and other software on the computer from which he
works in self-isolation mode. It is desirable that a paid antivirus with constantly updated virus signature databases be installed on the PC.

By the way, during a pandemic, many large vendors offer free antiviruses, recalls Mr. Stepanenko. If possible, we recommend that you give out corporate laptops to remote employees,
on which you can provide the necessary information security policies. You can also use a VDI or terminal server. “IS services need to organize an analysis of vulnerabilities of corporate resources available from
Internet, apply modern SZI (NGFW, SandBox, etc.) to quickly respond to attacks. As well as collecting logs and having procedures for investigating incidents, ”advises Mr.
Stepanenko.

Sales dynamics

It is obvious that during any crisis in most sectors of the economy, sales fall: somewhere more, somewhere less. But some segments may, on the other hand, mark an increase in sales of their products and
services. Among other things, the structure of demand is undergoing changes. How has the current situation in the world affected the dynamics of sales in the fields of information security and cloud services / products?

Nikita SEMENOV (TALMER) hopes that the current situation will become an impetus for virtualization in the future, as in the vast majority of cases the only thing that contributed to the choice
“Iron” remedies, this is the mentality. World practices have long reoriented to virtualization and cloud technology, in our country this process is just beginning. If IT has long been
switched to the XaaS model, then there is no information security. “We believe that the remote work mode will show that it is preferable to use protected certified clouds to store and process sensitive
information, thin clients and VDI for creating a working environment, as well as SOC, external consulting and outsourcing to ensure the function of information security, ”says Mr. Semenov.

Murad MUSTAFAYEV (“Onlanta”) notes the growing demand for cloud infrastructure services, protecting web resources from threats: sites, information systems, corporate mail, virtual workers
places – a very relevant service at the moment.

In turn, Ivan MELEKHIN (“Informzaschita”) emphasizes the second wave of interest in security services, due to the fact that after the emergency, the transfer of employees to remote access
sharply exacerbated the topic of information security. Companies that have retained free resources will demonstrate an increase in demand in this area associated with a change in both the IT landscape and the threat landscape, and a separate place
cloud services will occupy, he believes.

Vladimir ULYANOV (Zecurion) notes an abnormally increased number of applications for the product to identify facts of photographing a computer screen (class Camera Detector). The threat is urgent, including
in office mode. “We know that by the beginning of 2020 many large organizations have introduced restrictions on the use of smartphones in the workplace. But such prohibitions are meaningless when remotely
work, ”summarizes Mr. Ulyanov.

According to SBKlaud Executive Director George MEGRELISHVILI, many customers are activating projects for the transition to the cloud, as they understand that now maximum measures are needed to
restructuring business processes taking into account the mass withdrawal of customers and employees online. First of all, this is true for insurance companies, retail, restaurant business, educational
institutions. In SMB, complex solutions for remote work are in demand, which are commonly called “anti-virus”, meaning the counteraction to the negative impact of COVID-19 on the economy.
“Now you can connect to our new“ Remote Work ”service, which includes office applications, cloud storage, a messenger and a project management system, for only 1 ruble for 6
months, ”explains Mr. Megrelishvili.

Alexander BURAVTSOV (“New Cloud Technologies”) reported recently received more than ten requests from large customers planning to install the company’s products. Implementation
These projects involve thousands of new jobs in the cloud.

Vasily STEPANENKO (DataLine) also notes the increased number of orders for VDI and mail organization, including those with protection against spam and malware. A number of clients of his company have acquired
crypto-gateways for organizing the remote work of its employees. “In addition, many customers now lack qualified engineers, so they turn to us for help,” notes
Mr. Stepanenko.

Magazine: IT News Magazine, Magazine Subscription

.

Leave a Comment