Cloud and information security (part II)Eugene Kuryshev | 10.06.2020
(The end. In the beginning IT News No. 5/2020)
Definitely vs. optional
To implement scenarios of remote work there is a basic set of recommendations and settings in the field of information security, mandatory for implementation. At the same time, a number of points can significantly improve the level
security, but are Advisory in nature. What actually is included in these lists?
Nikita SEMENOV (CALMER):”When you work remote aspects of information security is protection of the communication channel and the formation of a terminal device from a trusted environment (or the formation of its trusted container)”.
Head of information security of the company TALMER Nikita SEMENOV believes that everything depends on the specifics of the client’s business and what are these works by a specific person, but absolutely
are required remote access VPN for secure communication and anti-virus solution with the latest signature on your target device to ensure a minimum level of protection. “Next
starting variations: select the RA VPN using encryption according to GOST or not, whether to use means of protection against unauthorized access, whether a secure container to store corporate information, tokens
or smart cards for user authentication in the systems. All those questions optional character, he explains. – Most preferred option from our point of view – VDI with remote
access VPN or with integrated two-factor authentication (one-time pin-codes or corporate certificate, the second option is preferable)”.
This kind of system can meet the requirements of 152-FZ, STO BR IBBS, and even 187-FZ, provided the installation of controls administrative access certified firewalls and
VPN encryption algorithms to GOST. The most simple situation for companies that have decided in favor of VDI and thin clients instead of full jobs. According to Mr.
Semenova, a universal solution with a minimal number of expensive remedies allows the flexibility to manage it infrastructure and information security, to ensure that regulators ‘ requirements and legislative
acts, and save on IT equipment.
Alexey SABANOV (“Aladdin R. D.”):”In fact, in the order of FSTEC of Russia No. 17 dated 11 April 2014 and “the protection of information in GIS” everything – and binding items, and recommended”.
Deputy General Director of “Aladdin R. D.” Alexey SABANOV notes that the documents stipulating the requirements for the organization of protection of information, read only by those who
we had to approve their information systems or during inspections conducted by the FSTEC of Russia. “To have the remote access was protected, – he recalls, – you must use a strong
multi-factor authentication, and for the critical role (privileged users) require a hardware device separate from the IP, with an inaccessible key. If your data is stored in the clouds,
the access to them must also be ensured only with the use of strong authentication and data recommended to be encrypted using Russian cryptographic algorithms”.
Murad MUSTAFAYEV (“Onlanta”): “In a hurry could take the path of least resistance and to transfer staff on udalenku using PPTP. In my opinion, this approach is unsafe.”
Head of information security of the company “Onlanta” (part of LANIT group) Murad MUSTAFAYEV told how this problem is solved in his company. So, all employees are issued portable
a personal computer that pre-installed licensed software with the latest service packs, anti-virus protection with current signature-based databases and VPN client for
remote connection to the corporate network. Mr. Mustafayev cautions against the use for these purposes PPTP: apart from the fact that the Protocol itself and its components have a number of vulnerabilities of the gateway
PPTP is easy to detect scanners on the Internet because it is unchanged TCP port. The only advantage is ease of setup.
“We use multi-Protocol VPN server for safe work of employees inside a company network with the obligatory distinction between ports and networks. As an option you can enter the second factor
authentication to connect to the internal network is, without a doubt, improve safety and will complicate the job of the attacker,” explains Mr. Mustafayev. In addition, he recommends
use mail’s spam system to filter mail traffic and protection from phishing emails.
Ivan MELEKHIN (Informzaschita):”As in medical practice, not being a “doctor”, that is, without knowing the specifics of a particular customer, you can only give a “hygienic” advice”.
Director SOC AO NIP “Informzaschita” Ivan MELEKHIN finds it necessary to increase the awareness of employees about the risks of information security, especially when using personal equipment. In addition
it is necessary to implement means of monitoring and responding to cyber threats, protect information that falls on personal devices outside the organization’s perimeter. Extremely useful, he said,
to consider the migration of your infrastructure to the cloud to provide unified access regardless of the location of the employee.
Vladimir ULYANOV (Zecurion):”a Critical component in the protection of steel DLP system. And I think I understand why”.
The head of the Zecurion analytical center Vladimir ULYANOV notes that if the office is to rely on organizational measures, the simple presence of colleagues, availability of cameras,
physical security when working from home is not applicable. In addition, people have direct access to information on weekdays and weekends and are not limited in time preparation attack. So no
technical means of control of flow of information to rely on the protection of the confidential data impossible, he said.
Alexander BURAVTSOV (“New Cloud”):”We do not recommend to use work device for personal use and personal computer for work – it increases security risks”.
Director of IB “Maiofis” (“New Cloud”) Alexander BURAVTSOV recommends to ensure control and reliable data protection at the outset to use encryption channels
communication, mobile device protection, firewalls, anti-virus software. With the appropriate resource, you can also configure multi-factor authentication, restricting access by unauthorized
users, assignment of a set of minimally required rights and programs for users, monitoring of security events. In addition, says Mr. buravcov, it is useful and regular
analysis of vulnerabilities in the corporate network. If you are using home Wi-Fi for Internet access it makes sense to protect your network with a strong password.
Vasily STEPANENKO (DataLine):”Mandatory common user approach, so as not to infect first home computer, and through him the corporate resources”.
The Director of the cyber center DataLine Vasily STEPANENKO believes that connect to corporate resources, even on VPN, you need through a trusted (better your) Wi-Fi router that you want
to protect the unique and complex password. The user needs to update OS and apps, including the browser, tools, videoconferencing, archivers and other software on the computer from which it
operates in isolation. It is desirable that the PC was installed a paid antivirus with constantly updated databases of virus signatures.
By the way, during a pandemic a major vendors offer free anti-virus, reminds g-n Stepanenko. If possible, it is recommended to give remote workers with corporate laptops
which can provide the desired security policy. You can also use VDI or terminal server. “Services information security it is necessary to organize the analysis of vulnerabilities of the corporate resources available from
Internet, to apply modern GIS (NGFW, SandBox, etc.) in order to respond quickly to attacks. And collect the logs and have procedures in place to investigate incidents,” advises Mr.
Dynamics of sales
It is obvious that during any crisis in most industries sales are down: somewhere more, somewhere less. But some segments may, however, note the growth of sales of their products and
services. Among other things, changes to the structure of demand. As the current situation in the world influenced the dynamics of sales in the areas of information security and cloud services/products?
Nikita SEMENOV (CALMER):”the Main change concerns the architecture of the purchased solutions. If earlier preference was given to the physical equipment and servers, which are set on the basis of the decisions of IB, and now, because of difficulties with delivery, customers are increasingly make a choice in favor of virtual remedies”.
Nikita SEMENOV (CALMER) hopes that the current situation will push to virtualization in the future, as in most cases the only thing that contributed to the choice
“iron” means of protection, is the mentality. Global practices have long focused on virtualization and cloud technologies, in our country this process is only beginning. If it has long
moved on to the XaaS model, IB no. “We believe that remote work will show that it is preferable to use a secure certified cloud storage and treatment of sensitive
information, thin clients and VDI for the formation of the working environment, as well as the SOC, external consulting and outsourcing for support functions and information security,” says Mr. Semenov.
Alexey SABANOV (“Aladdin R. D.”):”the Demand for the means of information protection, who produces for 25 years, our company has led to substantial sales growth. A lot of time from our staff to have consultations, because leading specialists of “Aladdin R. D.” are recognized experts in the field of providing secure remote access and data encryption on laptops and cloud infrastructures. Now, many large customers are seriously thinking how to manage all these. Ready solutions on the market not much.”
Murad MUSTAFAYEV (“Onlanta”):”Many major projects, such as the protection of personal data, was initiated prior to transfer to the remote mode of operation.”
Murad MUSTAFAYEV (“Onlanta”) notes the increase in demand for the services of cloud infrastructure, protection of web resources from threats: websites, information systems, corporate email, virtual desktop
place – very topical at the moment service.
Ivan MELEKHIN (“Aquarius”):”In the beginning of the crisis we observed a decline in requests and the staging of some projects on pause”.
In turn, Ivan MELEKHIN (Informzaschita) focuses the second wave of interest in services for safety, due to the fact that after Abraham’s transfer of employees to remote access
sharply escalated the theme of information security. The company, preserve available resources, demonstrate the increased demand in this area, associated with the change in the it landscape and the threat landscape, and a separate
is just cloud services, he said.
Vladimir ULYANOV (Zecurion):”We capture a natural resurgence of interest in our products to protect information from leakage. While I was surprised by the demand for certain types of decisions.”
Vladimir ULYANOV (Zecurion) notes abnormally increased number of applications for the product to determine facts about the shooting of the computer screen (the Camera class Detector). The threat is relevant, including
in the mode of office work. “We know that many large organizations by the beginning of 2020 imposed restrictions on the use of smartphones in the workplace. But such prohibitions are meaningless when a remote
work” – sums up g-n Ulyanov.
Giorgi MEGRELISHVILI (the”Sblood”):”In the enterprise segment, we see a significant increase in demand for our VDI solution from the family of cloud products RUSTEK”.
According to the Executive Director of the “Sblood” George MEGRELISHVILI, many customers are stepping up projects to transition to the cloud, as I understand, what is now needed is the maximum of the measures
restructuring business processes in light of the mass Exodus of clients and employees online. First and foremost, it is important for insurance companies, retail, restaurant business, educational
institutions. In SMB demand complete solutions for remote operation, which is vulgarly called “anti-virus”, referring to counteracting the negative impact COVID-19 on the economy.
“Now to connect to our new service “Remote work”, which includes office applications, cloud storage, instant messenger and project management system in just 1 ruble 6
months,” explains Mr. Megrelishvili.
Alexander BURAVTSOV (“New Cloud”) reported recently, more than a decade of requests from large customers planning to install the company’s products. Implementation
these projects involves thousands of new jobs in the cloud.
Vasily STEPANENKO (DataLine):”increased Sharply prasilova activity. In April we held a special offer of free vulnerability scan white IP, and resources for them. As a result, some customers have already bought our scanner, others are ready to test the WAF (Web Application Firewall)”.
Vasily STEPANENKO (DataLine) also notes the increased number of orders for VDI and organization of mail, including protection from spam and malware. The number of clients his company has acquired
cryptology to organizing remote work for their employees. “In addition, many customers now do not have enough qualified engineers, so they turn to us for help,” notes
Journal: Journal IT-News, Subscription to magazines