Sichern des Desktops

Alscient Co-CEO, Richard Corner, recently presented and spoke about Securing the desktop in today’s complex cloud environment at an Insurance Industry IT Forum event discussing Cyber Security Governance: Latest Trends, Threats and Risks, hosted at Lloyds of London.

Die Veranstaltung machte deutlich, dass Hacker, Betrüger, Schwindler und "Insider" eines gemeinsam haben: Sie alle sind eine Gefahr für Ihr Unternehmen. Einige sind Cyber-Kriminelle, andere sind altmodische Finanzkriminelle. Aber sie alle wollen Ihr Geschäft stören und Sie um Ihr Geld betrügen. Dies ist ein ernüchternder Gedanke für diejenigen in der Versicherungsbranche und darüber hinaus.

Die anstehende Aufgabe

Alscient arbeitet eng mit einer Versicherungsorganisation zusammen, um verschiedene Dienstleistungen zu erbringen, darunter eine sichere Computerlösung für Endbenutzer. Der Schlüssel dazu waren die Sicherheit der Desktop-Umgebung und einige wichtige Sicherheitsanforderungen:

Ensure data is contained– User data must not be held on local devices, and all data should be contained within a centralised infrastructure.

Reduction of attack surface area– The possibility of external access should be minimised with locked down restricted access to the desktop estate.

Segregation of users– The impact of a breach on an individual user account and desktop should not impact others.

Prevent inappropriate user actions– The capabilities of what users can do within the desktop estate must be managed and maintained to eliminate malicious activity.

Die Lösung - Amazon WorkSpaces

Amazon WorkSpaces was chosen as the solution of choice for the customer in question, in small part down to the fact it could immediately help to address the above requirements. User data remains contained and centralised within the managed AWS VPN infrastructure and user segregation is ensured by means of an individual desktop instance (WorkSpace) per user. The attack surface area is reduced because of the centralised nature of the solution. Users are able to access the service from any device, from anywhere in the world, but additional security functionality can be provided via Multi-Factor Authentication (MFA), IP Access Controls and Active Directory integration. The latter, in conjunction with Group Policy Objects (GPO), can ultimately lock down the end user desktop experience by limiting the actions of that user to anything beyond their working needs.

Zusätzliche Sicherheitswerkzeuge

WorkSpaces itself though only provides us, and the customer, with part of the security wrap around the desktop solution that’s needed. It is important to remember that additional tools and services are needed to provide a defence in depth solution. With that in mind we introduced Okta for SSO and MFA services, and Trend Micro for Anti-Virus/Anti-Malware services. These services coupled with those inherent within the AWS WorkSpaces infrastructure, Active Directory & GPO management and Symantec.cloud for web and email filtering services allow us to provide our customer with the confidence and security they need across their desktop estate.