How to apply security policies for remote workforces

Identity and access management (IAM) solutions protect company data even when employees do not come into the office.

Learning Objectives

After reading this article you will be able to:

  • Understand the security challenges of managing remote teams
  • Learn how to maintain a strong security posture when employees work remotely
  • Explore how Cloudflare Zero Trust helps manage a remote workforce

Related Content

Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What are the security challenges of a remote workforce?

In an on-premise working environment, internal corporate IT teams usually have control over network security and the devices used to access that network. In addition, physical security teams have control over who is allowed into the office and who can access internal infrastructure.

However, as cloud computing grows in usage, distributed workforces are increasingly common. The cloud is location-agnostic, since it is accessed over the Internet rather than an internal network. If a company uses the cloud, its teams can work from anywhere. "Working from home" is also increasingly an option even for companies that have not moved to the cloud. Many companies allow their employees to access their desktops remotely, either over the Internet or using a VPN.

Remote working often helps companies stay more efficient and agile, but it can also introduce a number of challenges for protecting sensitive internal data. Some of the biggest challenges are:

Employee endpoint devices may be vulnerable. IT cannot directly maintain the laptops, desktop PCs, and other endpoint devices that remote workers use. In many cases these may be workers' own personal devices.

Access to data relies upon identity verification, which attackers can fake using a variety of account takeover attacks. Phishing attacks, credential stuffing attacks, and brute force attacks are all too common, and all of them can compromise an employee's account.

Data may pass over unsecured networks. Using the Internet means there is a risk of attackers intercepting data in transit as it passes through various network connections. This risk increases when remote employees use unsecured or vulnerable WiFi networks — for instance, if a remote worker uses their work laptop from a coffee shop that offers free WiFi, or if their home WiFi network has a weak password.

How can a remote work security policy address these challenges?

A number of identity and access management (IAM) technologies can help mitigate these risks and keep remote teams secure while protecting sensitive corporate data.

Secure web gateway: Secure web gateways sit in between internal employees and the unsecured Internet. They filter risky content from web traffic to stop cyber threats and prevent data loss — for instance, they can stop employees from visiting unencrypted HTTP websites that send data over the web in plaintext. They can also block risky or unauthorized user behavior. Secure web gateways can protect employees working both on-premise and remotely.

Secure web gateways use DNS filtering or URL filtering to block malicious websites, anti-malware protection to prevent endpoint compromise, data loss prevention to detect data leaks, and other forms of threat prevention. Cloudflare Gateway, for instance, uses browser isolation to protect employee endpoints from malicious JavaScript.

Access control: Access control solutions track and manage user access to systems and data, which helps prevent data leakage. Implementing an access control solution ensures that employees do not have too much access to company systems, and that no unauthorized parties are given any access to those systems.

Single sign-on (SSO): Remote workers often rely on SaaS applications instead of applications installed locally on their devices, and they access these applications through a browser. However, logging into each of these applications separately both incentivizes employees to use weaker passwords and makes user access harder to manage for IT. SSO enables employees to sign into all of their SaaS applications at once from a single login screen. This makes password rule enforcement easier since it must only occur in one place, and makes it possible for IT to add or remove application access from a single point as needed.

Multi-factor authentication (MFA): Strong user authentication is essential for a remote working security policy, because an employee's identity cannot be verified by their physical presence in the office. Even the strongest passwords are subject to compromise, but MFA reduces the threat of account compromise even if an attacker obtains an employee's password. By requiring at least one more form of authentication in addition to a password, MFA ensures that a user must be compromised in at least two different ways instead of one for an attacker to gain control of their account. This additional step makes attacks much less likely to occur.

For instance, if Bob's corporate email account requires Bob to enter both a password and a code from an electronic key fob in order to log in, an attacker would have to both digitally steal Bob's password and physically steal his key fob in order to compromise his account. A successful attack of that nature is not likely.

How does Cloudflare help keep remote teams secure?

Cloudflare Zero Trust is a platform built to help keep remote teams secure. It puts Cloudflare’s global edge network in front of internal applications — even on-premise applications. Cloudflare Zero Trust enables companies to implement Zero Trust security to protect their data and ensure no user has unauthorized access.

Cloudflare Gateway is also part of the Cloudflare Zero Trust product suite. Cloudflare Gateway provides visibility into Internet traffic, filters risky or forbidden websites with DNS filtering, and uses remote browser isolation to protect against malicious code that runs in the browser. Both Cloudflare Gateway and Cloudflare Zero Trust are network security solutions built to do all this without impacting performance.