Commercial Integrator September 2021 - 20

THE SERVICE DESK
An Updated Blueprint for Remote Work
Integrators must understand how IT fits into the remote work equation in order to properly assess
client needs. by Raffi Jamgotchian
ABOUT TEN YEARS AGO, someone I
worked with when I was in corporate IT
as a consultant, reached out to me to hire
an outsourced IT firm. The unusual part
was that this was a technology consulting
company, and they had plenty of intelligent
engineers that could run their infrastructure,
but he wanted to focus them on revenue.
Over the years, this client pushed my
thinking. They went from being a standard
firm to cloud first. We eliminated servers
and moved to hosted applications and
services: Office 365, Azure AD, online file
storage, and even policy deployment. Their
employees and engineers accessed what
they needed from the LA office or at home
in St. Louis or Montreal.
This became our blueprint. Even clients
who did not want to give up their in-office
servers, we treated their setups as if they
were hosted in the cloud, building access
to the systems such that they work from
anywhere in as secure a way as possible.
In the investment world where most of our
clients sit, many worked from anywhere
and expected to do so. However, we still
had to provide the same level of security
and compliance.
The lines between trusted and untrusted
networks has become blurred. You could no
longer rely on leveraging your firewall to protect
your internal assets. Building Zero Trust
Networks are a journey, not a destination.
It became clear that there were a few areas
we needed to build our protections around:
endpoint, identity, systems, and data.
Endpoint
At the endpoint, we could no longer rely
on traditional antivirus alone. That became
bringing a knife to a gunfight. We needed
to either back up AV with some additional
help or replace it entirely. These next-gen
AntiVirus systems, Endpoint Detection and
Response solutions, or Managed Detection
and Response (pick your poison) services
allow you to eliminate traditional AV.
These new solutions gave us greater vis20
In
a cloud-first world, our clients' identities become even more critical.
ibility on what the client device was doing
and the ability to protect against known and
unknown threats. Initially, you may have a
large number of false positives: things that
they detected as malware but were part of
the regular business operation. Over time
these systems learned using machine-learning
or deep-learning algorithms.
That steel reinforced
door may have a pet
access flap. Let's plug
all those holes. If you require
a remote employee to access
data inside your on-premises
network, use a SASE approach
and leverage its capability to
securely connect to the office
or the internal system.
The next level out on the endpoint was
to protect against malicious traffic through
DNS or web filtering. Endpoints no longer
behind the firewall could visit any internet
site they wished (and so could the software
they downloaded), good or bad. Adding a
filtering agent would allow the IT adminCommercial
Integrator SEPTEMBER 2021
istrator or MSP to control the client's sites.
Especially useful for blocking connections
to ransomware command and control sites
where the malicious software downloads
the encryption keys.
On the more advanced level, layering in
application allow-listing prevents unknown
applications from launching. Ringfencing
will stop known-good applications from
doing things they shouldn't do (does Word
need to launch a PowerShell script?).
Next, add in a Secure Access Service
Edge or SASE (a sort of distributed cloud
firewall that your endpoints connect to
securely). You can control the traffic flow
from that system, such as allowing access
to services and disallowing other services.
Pair that with things like Microsoft's conditional
access policies, and you can lock
down who has access to your clients' O365
environments.
Identity
In a cloud-first world, our clients' identities
become even more critical. That file sync
and share solution you use is accessible
from anywhere. How can you tell if the
person accessing your systems is who
they say they are? Passwords have been
commercialintegrator.com
GORODENKOFF/STOCK.ADOBE.COM

http://www.commercialintegrator.com

Commercial Integrator September 2021

Table of Contents for the Digital Edition of Commercial Integrator September 2021