Strategies for Remote Workforce Data Security Using Forcepoint

Cosmo Romero, Senior Solution Architect

05.29.2020

Learn more about this topic in our on-demand webinar.

The New World: Protecting Critical Data when Everyone is Remote

Click Here to View

Understanding Risk with a Remote Workforce

Remote workers require companies to address two primary threats to their sensitive data:

  • Unsecured (and possibly compromised) networks are connecting in greater numbers via Virtual Private Networks (VPN).
  • A company’s sensitive data is moving from a secure network to a remote network full of non-corporate assets, personal computers, infected computers, unsecured networks, ungoverned Internet activity, and a non-supervised workspace with nobody peeking over the user’s shoulder.

Remote workers introduce risk and expose sensitive data.

 

Strategic steps to protect your data

In short, the best way to protect your data is to set up strong security controls on corporate assets and cloud environments and to ensure company data cannot leave a corporate asset or a cloud environment.

That is easier said than done. However, it is possible—with the right combination of process, people, and technology.

Strategy 0: Start with Process

Providing secure data access to remote workers is a complex challenge even in the best of times. The recent dramatic increase in remote working has increased that complexity exponentially.

That makes it even more critical to build your data protection program on a firm foundation: a proven data security process.By starting with your organization’s data security objectives and working backward, you can wrap process and technology around those goals and achieve them.

Your first step in providing data security for your environment is to identify your organization’s data assets. Answer the questions:

  • What are the data assets I need to protect?
  • How should I prioritize the protection?
  • What action will I take if someone tries to access or leak this data?

The answers to these questions will help you identify where to start. Then you can map out processes and the security controls needed to achieve your organization’s data security outcomes.

Work with the experts

Intelisecure specializes in data protection and has been helping our clients achieve their data security objectives for over 17 years. Our highly skilled data protection experts provides clients with program design, compliance consulting, technical implementation, and a comprehensive managed data protection services solution, incorporating the right related technology products for each client’s needs.

One of Intelisecure’s key partners in securing sensitive information is Forcepoint. This proven provider offers an integrated platform of products to help organizations to secure their data while supporting their remote workforce.

Effective data security relies on consistent policy enforcement. Data security efficiency comes from consolidating reporting and workflows. The ideal scenario enables security administrators to create policies in one product and enforce those policies across multiple products. The comprehensive reporting, cross-product policy integration, and consolidated workflows in the Forcepoint platform allow organizations to secure data efficiently and effectively.

Strategy 1: Least Privilege for Critical Data

Ensuring users can access only the systems necessary to their essential job functions is known as the principle of least privilege. Limiting data access in this way reduces the risks associated with compromised users, malicious insiders, and accidental data loss.

Using a network firewall, such as Forcepoint’s Next Generation Firewall, can provide VPN access for remote users as well as network segmentation and zoning—key methods of limiting data access. Reducing the number of users who can access sensitive data significantly reduces the attack surface and risks against that data.

Strategy 2: Cloud Security

When users have the ability to access information from endpoint devices that are not controlled by the organization, it is imperative to control how they access cloud storage and use cloud applications.

Forcepoint’s Cloud Access Security Broker (CASB) can ensure users are uploading, downloading, and sharing data appropriately. Forcepoint’s Cloud Web Security solution can be added to enable complete control and visibility over the websites your laptops and desktops are accessing. This added layer helps protect your data from being leaked on unsanctioned cloud storage sites or other unsanctioned cloud destinations.

Forcepoint Cloud Web Security and CASB are natively integrated to ensure a user’s activity is authorized through both solutions.

An integrated Web Security/CASB solution provides a range of benefits:

  • Real-time malware prevention
  • URL sandboxing for increased detection
  • Real-time website categorization
  • Website access control for remote laptops
  • Cloud application security
  • Denying uploads of company data to personal cloud applications through your organization’s endpoints
  • Enforcing proper sharing permissions for sensitive data
  • Reporting on attempted shadow IT
  • Blocking shadow IT use
  • Ensuring PCI, ISO, and other compliance standards are enforced on sanctioned cloud applications

Strategy 3: Implement Data Loss Prevention

Forcepoint Data Loss Prevention (DLP) will prevent sensitive data from leaking over inappropriate channels both on and off the corporate network.

Forcepoint DLP integrates with Forcepoint Email Security and Forcepoint CASB, enabling you to configure more consistent data security policies across multiple products all at once. You can view incidents generated from these data security policies in a single interface with the Forcepoint Security Manager Console. Forcepoint DLP Endpoint can stop data leaks through the web, email, printing, removable media transfer (aka thumb drives), file sharing, FTP uploads, and other channels. DLP Endpoint can provide DLP inspection to almost any application—even home-grown applications and even when the endpoint is not connected to the internet.

Forcepoint DLP Endpoint encryption ensures that data leaving your organization’s endpoint device is secure, with data privacy intact. Network DLP controls such as DLP inspection for email will ensure data security policies are enforced on user’s personal devices that don’t have DLP endpoint protection installed.

Strategy 4: Messaging Security and Encryption

Messaging security is a control most organizations already have since many attacks come through email. Forcepoint’s Email Security product has a full suite of protection engines to ensure both inbound and outbound messages are appropriate. The product provides multiple layers of protection including inbound phishing protection, antimalware, antispam, malicious URL protection, and many others.

Forcepoint Email Security and DLP can be integrated to provide a powerful toolset for data protection. In addition to enforcing centralized DLP policy and reporting, Forcepoint Email Security will enforce DLP policies natively. For centralized administration, the two products can be managed from the same Forcepoint Security Manager Console. Administrators can grant users administrative rights to both products within the console, and DLP’s forensic details can be viewed directly from Forcepoint Email Security’s email message review interface for faster event triage.

With Forcepoint Email Security’s transport layer security (TLS) and Secure Message Delivery support, email messages may be sent to recipients securely, regardless whether the recipient’s email servers support encryption.

Connect with the Experts

We know that information security and data protection are complex enough even in the best of times. If you would like to discuss Security Process, Data Security, Network Security, Cloud Security, Messaging Security, or Web Security in more detail, please contact the data protection experts at InteliSecure. We’re happy to help.