Hello, everyone. Welcome to our new exclusive virtual event series, ID:30. Today we have 30 minutes of blazing insights to help you successfully navigate the unique challenges of moving toward a remote workforce, while providing secure access to your critical assets.
We all know that normal is not normal anymore. So today's session digs into how next gen privilege access management solutions can enhance the security and compliance requirements for users working from home with minimal disruption.
Our speaker today is Alan Radford, a business technologist with 15 years experience in identity access management. Originally from Australia, Alan moved to the UK about eight years ago and is a subject matter expert in privilege access management. He has worked with organizations across the globe. And we welcome him here today.
Good afternoon. Welcome. Thank you, Lorraine. And welcome everyone to this webinar. My name's Alan Radford. I'm coming to you live from what is exceptionally sunny UK from my home office. I'm working remotely. And I have destroyed my office to make way for this studio, for this presentation, which I hope you very much enjoy.
What I want to do, though, is I just first want to point out that my camera is there. And I need to stop looking at myself. And also, that my notes are here. And I have a mouse here. So if you see me moving around a bit, that's what's going on.
But I want to kick off by asking you guys a poll. And that poll is this-- what percentage of your workers were remote before this all kicked off? What do you think? Like, before all of this pandemic happened and all this chaos happened, was working remote normal for you? Was it not normal for you? Are you more of a hands on workforce? Are you more of a remote workforce? What is your normal?
I've got some metrics moving. Nothing in the high-- oh, no, the high percentiles just crept up a little bit. Mainly sort of 30% to 60%, 30% to 60% is winning it. Everything else is about half of that. Majority 40% if you were going 30% to 60%. So we could say from that, about half of our workforce, majority saying about half the workforce.
Easily, the majority is half or less. So 60% to 90%, 22% of us, so about one out of five of us have more than 60% that's our normal. OK, great. You can already see where this is going, can't you?
Where do you think you would sit if we ask that question now? So if we do another poll very quickly, how has that changed? What is it now? What percentage of your workers are working remotely today? What's the difference? Let's find out what the difference is. I feel like I should have some music or something while we watch the numbers move.
But I can see you guys filling out the polls. Thank you very much. It should be a different number. Let's get some numbers going. Up, the percentiles going up, massively. So it's very much weighed. And this isn't a surprise, right? Like, you guys no doubt sat there going, come on, Alan. You're stating the obvious. When is it going to get interesting?
Well, this is where it gets interesting. So we had our normal, about half our workforce working remotely-- fair enough. Now it's nearly everyone. And that's to be expected. But what I want to do is I want to share some insights with you on why that I find particularly interesting. And I did warn you about the mouse. And there's one insight in particular that I really want to call out. And that is about health, essentially.
So when we think about a computer virus, a computer virus is something that has been pretty normal for a long time. You get an antivirus. you don't want your computer to get a virus, which is basically a piece of code designed to do something malicious. And we've always had the risk of viruses to computers. We've always had the risk of viruses to humans.
But what's new is that we have a risk to the computer and the virus linking us together. We're not used to the concept of a human virus impacting how we use technology. A human virus is now affecting how we use technology. And I think that's fascinating because that actually makes us have more in common with technology now than we've ever had before.
We're all working remotely, OK? I'm working remotely. And it's ripe in here. So don't Zoom in on the video, OK? But our privileged users are working remotely as well, especially ones with kids. I've got three kids and a massive lock on the door. I am not BBCing it today, let me assure you.
But when we talk about privileged users, a privileged user means something different to different organizations. Let me give you an example. Back in the 90s, we would think about a privileged user as somebody who can change a system, whereas a normal user would use a system, which is a fair definition if we look at the broad brush strokes.
But when we think about impact and risk, if I'm able to pose as your organization and make a tweet or post on Facebook about something damaging to your company, and I affect the share price, should that account be privileged? If I could shut down email for five minutes as an admin, is that privileged? If I can half your share price in an hour, I would argue that is also privileged.
So what is privileged means something different to different organizations. And when we look at how we use technology, that's particularly relevant-- and whether that technology is sufficient for us to do the jobs in the new world that we live in, in the new normal we're experiencing.
We look at the Apple-1, iconic. If we go back in time and we use an Apple-1 to do this webinar, we're not going to get very far. Trust me. I've not tried. And I'm not going to. And I can hear people out there saying, what about the internet, Alan? The internet is a thing. And yes, that's a big factor. So are networks.
But if we try to use something like an Apple-1 to do what we're doing today, it's going to be very, very challenging; very, very hard; very, very time consuming. So we move on to something maybe a little tamer to some, Windows, Microsoft Windows 98. Here's a left-handed PC, simply because we put the mouse on the left-hand side. Thank me later.
Computers got more complex over time and were able to do more. And then today we can get very, very powerful machines very, very easily. I'm using one of them now. And we can get them very small, like, hands up, those of you who don't have a mobile phone. I don't even need to switch your webcams on. I can't, by the way.
We've all got mobile phones that are more powerful, orders of magnitude more powerful than what we've had in the past. And when we look at how technology is being used today, I've heard a description, I'm sure you guys have heard as well, of the concept of the internet being the fourth theater of war, or the fifth theater of war, depending on how you look at it.
Australia at the moment, God bless her, is having a massive cyber attack in progress. But they're coping with it. They're coping with it. And here's why. The Australian Cyber Security Center-- and this is what a privileged user looks like, by the way. That's not normal user interface type stuff. And Australian Cyber Security Center issued some guidance before this whole pandemic took place. And that guidance had some very, very standard principles. Make sure that you're using many different accounts and you're rotating passwords and you're using multi-factor authentication and all the kind of stuff that vendors like us would tell you.
But they came out with some other guidance as well, like, make sure that you have a number of jumps between your user and where they going. And maintain a logical diagram of your operational network. Do you have a diagram of your operational network? It's OK if you're saying I don't know because that's normal. It's actually quite unusual for somebody go, yeah, I've got a diagram of my operations network. It's here.
This is to some people not so obvious, to others, obvious. But we're all united in the fact that we're running before we can walk. And the Australian Cyber Security Center recognized this and issued these guidelines. One of the other guidelines was to implement a disconnect plan. Do you have a disconnect plan? Have you considered a disconnect plan? Other areas include things, like, indicators of compromise and indicators of behavior.
So that guidance ahead of the lockdown-- and I encourage you to google it and look it up-- that was instrumental in coping with what was a state sponsored attack. But it also targeted critical infrastructure employees, who they themselves are working from home. But they didn't have this experience where the ransomware was the risk. They had the experience where the kids were the risk. My kids come in here and one around on the keyboard. it's all going to go pear-shaped very quickly, let me assure you.
So there's another parallel that I want to draw to. And that's on the technology front. We talked about people for a bit. I want to talk about technology in the context of what we have in common. So far what we've got in common is that we've both got the virus risk. But now we're both virtual. What do I mean by that?
Computers are virtualized. Apple-1 wasn't running virtualization. But then in the 90s, we had things like VMware and then Hyper-V becoming a thing. And now we can run loads and loads of servers on a single piece of hardware. But the users are becoming virtual as well.
I've received loads of cold calls from automated AIs or simple robots just simply saying, "Hello, my name is Andy. How are you today?" Monotone voice, talking slowly-- hang up. It's a cold call. But take a good look at me down in the right hand corner. I might be artificial, OK? I've not got any makeup on. I've got the COVID hair going. I've got a big, baggy shirt on. And it's ripe as hell in here. I could be artificial. My voice, my audio, my image-- I could be artificial. How would you know?
We're reaching a tipping point where I might have to try and prove to you that I'm real. Let me give you an example. So let's look at Max Headroom. So some of you may be fans of Max Headroom. I don't want to break your hearts. But I'm going to. This was an actor dressed in prosthetics and then presented as a virtual entertainer. But because of the culture at the time, it was believable. It was very believable. Terminator 2, all those movies were out at the time. And in 1985, this was a believable image. But times have changed. And technology has advanced.
This is a fabulous quote from Earl Nightingale that helps make the point I'm trying to make. What's going on in the inside shows on the outside. Earl Nightingale, 1950s radio show host-- you may have heard of him. He was an American radio show host. He's written lots of literature, very similar in concept to Dale Carnegie. Put them both in the same category. But what's going on in the inside shows on the outside was a comment he made about humans.
Ask yourself, if we have much more in common with technology, does this apply to technology? I would argue, yes. I would also argue that it applies to anything. It applies to people, applies to business. If a business is doing bad practice, if you've got a pizzeria and they don't clean things very quickly and they don't make very good pizzas, then obviously that's going to show on the outside-- an easy example, right? But attitude, culture, emotion-- all of that-- you can't hide.
So when you consider that what's on the inside shows on the outside, and you consider that becomes more and more relevant to technology whatever philosophy is out there that we need to consider when we talk about AI. Isaac Asimov had a go at this. Don't worry. I'm not going to go there.
But there is a report from Trend Micro where this is happening around us. There was an energy company defrauded of $243,000 by an artificial intelligence that executed a social engineering attack. Let that soak in for a moment. An AI successfully did a social engineering attack. So when that, "Hello, I'm Andy" doesn't have a monotone voice, has potentially an avatar that looks like me and can respond dynamically to questions, put me to the test. Ask some questions.
What do we do? How do we manage this? What are the rules that govern this? Do we have any? Do you have any? It's the new normal that we live in today.
Let me give you a different take on this. And this is probably my favorite take on this. This was normal 150 odd years ago, where we had Neptune. And Neptune's orbit was not right. So we looked at Isaac Newton's equations. And we went, OK, if Neptune is not orbiting correctly, and Newton's equations aren't applying to this correctly, then what's going on?
So we reverse engineered Newton's equations. We ran the math. And we worked out that if there is a mass so big at this point in time, that fits Newton equations. So we point a telescope at it. Et presto, they discovered Pluto. But then the same thing happened with Mercury. And we noticed, hold on, same thing is going on at Mercury. No problem, we'll use the same method. We'll use Newton's equations. They were so certain that planet existed they named it Vulcan. True story. Go and look it up. I was surprised as well.
But it's a true story. Vulcan was real in the scientific community for a period of time until Einstein showed up. This is a real chart. Go and google it. So when Einstein came along, he came along with this thing we call general relativity. And what he was able to do is he was able to prove the Newton's equations still work. But when you're near a massive gravity well, like, the sun, that causes the mass, causing that gravity well to be so intense, then it just needs adjusting. So the rules needed to change because of the proximity to the sun.
Point I'm making here is this-- the more people you have, the bigger you are. The more people you have, the more technology you have. The more people and technology you have, the more process you have, the more complexity, the more gravity, OK? That causes gravity. And orbiting that are the remote workers. And the complexity is a problem the deeper that gravity well gets-- the more complexity, the more gravity, the more pull that has.
So when you think about the new world we live in, the new normal, and you think about your people, who are your most important assets, your technology and how that scales with how your people need to use that technology, and the processes that wrap around them, ask yourself, do these processes need to change? Are they still sufficient? How do you change these processes, if you need to change them, without impacting your users?
And that leads us to a Ninja Tip that we're going to share with you now.
Hello, and welcome to today's ID:30 Ninja Tip. One Identity's session management secures user sessions providing an efficient way to reduce both the security risk and vulnerabilities for administrator type activities. Transparency with security is crucial for any user experience. In this short clip, we'll demonstrate a simple, non-intrusive workflow using session management.
Let's assume I've already connected to the corporate VPN and have reviewed my opener service requests for today. In this particular request, I've been asked to restart a Kiwi Syslog service on server MEM1. Using my R2B connection manager of choice, in this case, Microsoft Remote Desktop for Windows 10, let's complete the task.
So from my desktop, Start Remote Desktop Connection Manager. As you can see here, I have MEM1 logged in as administrator. Select. It's now prompting me for my user credentials. Assuming I know what the administrator account is, simply apply the password.
Once logged in to the target machine, select Start, Services. Locate the Kiwi Syslog Server. Highlight, Restart service. Once the task has been completed, simply close out your services. Log off of the target machine.
We just saw a simple user experience starting with the Remote Desktop Manager logging into a server, MEM1, and restarting the Kiwi Syslog Server. Lets now take a look at the user's history for both activity and analytics scores. I'm now going to log into the Safeguard for Privileged Sessions interface. On the home page, select Search.
Here you will find the user's recorded session. Use the contains text filter to find all the recordings that contain kiwi. Note, we have 45 recordings found.
Let's look at some of the user's recorded detail. On the Overview tab, show some of the events that were triggered inside the recording. The Details tab provides additional information about the session itself. The Events tab show some of the events inside the recording. The Alerts tab shows any alerts that were triggered by the session that can be forwarded to syslog, email, et cetera. The Content tab allows us to do a deep filter inside the recording itself, as if I wanted to search on kiwi. It will then show me a screenshot of the kiwi application being displayed inside the recording itself. I can select able to download, attach to an email, et cetera, or simply close.
And lastly, the analytics. The analytic summary whether it be normal or unusual, is derived from a number of different factors, such as frequent item set, login time, host log in, keystrokes, and window titles are started inside a recording. You also have the option to play back any recording by simply clicking Play Video. Once rendered, clicking Play-- the videos is then played back to you.
The scroll bars allow for keyboard, mouse, and title movement inside the recording. And if additional information or search patterns are required, you can always download and view via the Remote Desktop player.
All right, thanks, Wayne. So what I want to do now is I just want to have a final poll based on what we've discussed around the people, process, and technologies, just to get a quick poll out there to get your opinions. And this will be interesting for you all to see what others are saying as well around what the biggest impact for you was. What did you find most challenging with your workforce? Did you find the challenge being the volume of users going remote? Did you find the challenge being the technology, the requirements for that increased load? Or was it the changes in the process?
Let's bring a poll up. Let's see what you think. A lot of process, a lot of process-- all the process, nearly. I hope you guys can see this because it's very, very interesting. So we've got-- still moving, still moving. But it's very heavily weighed to process. About 54% of us saying process, 25% saying technology, 16% saying the volume of people. So there is a thread here. People and the technology, they scale together, very much so. But it's the process that makes everything work. You can run a business with a pencil and paper. It's just a lot harder in the modern age.
So what I'd like to do now is open up to questions. I'm going to jump over to the chats and see if we can get some questions going. Hopefully, I can prove to you all that I'm real, which would be a big help for my self-confidence because if I'm real, then that means that this is all not a dream or figment of the imagination. And it means that I'm not a robot. So please jump in and ask some questions so that I can prove I'm real because that would be a big help.
Anybody at all, even colleagues. I'm live. I'll call you out. Let's get some questions going. And I'm still looking at myself down there when the camera's up there. Can we get any questions? Anybody want any questions? I'll come and take a good look at you if we don't get any questions.
When is the haircut coming? Mike, the haircut is not coming anytime soon. Let me tell you, I've been working on it. I've been working on it. But, like, I might keep it. I'm not going to keep it.
Do admin users have to change the way they work? For example, having to use a different tool to do their jobs. That's a great question. So when working remotely, the tools that are in place change because of the process. So let's think about this for a moment. And let's think about that gravity analogy, OK?
If I'm in a secure building and I'm in a secure environment, then I've had to use a swipe card, OK? I've had to actually physically access the building. I have to sit at what is typically a company issued device. And I would log into a secure network. Now, when I'm coming in remote, there's a big dependency on me, the user. So there's an education piece.
There is a big dependency on the technology and the number of jumps. And there's a big dependency on whether I am going to the correct network via the correct path, or whether I need to take a different path. And there are lots of tools out there, including from us, that help with that process. And in the Ninja Tip you saw some of our session technology that facilitates that in a very transparent way to the end user while providing the auditability.
So it still comes down to that triad of people, technology, and process. But if you've got the people and you've got the technology, then the process can actually be quite fundamental. And also, the process can be transparent, or frictionless, as I like to say. That was a great question.
I have another question. Can you provide an example of how this frictionless approach impacted a real company? Yes, I can. So we have a customer. I can't name them. But they had scenario where they would have remote workers and remote privileged workers external users. In fact, in one or two cases, it was us as a vendor reaching in.
And what they did was they had a workflow approach, where they would go to ServiceNow and go, you've got to request this access. But you don't use the vendor tool. You use ServiceNow. So they request the access. But when the access is granted and the ticket number is generated, they literally just go and do it exactly as they did before. They didn't need to log into a tool. They just got the ServiceNow ticket. And they just opened up their RDP or what have you. And it just went through transparently. And that's something we do. So thank you for that.
We ended up purchasing a TeamViewer Enterprise license to make troubleshooting VPNs or remote PCs much easier. TeamViewer Enterprise-- I've never used TeamViewer. I've heard of it from years ago, though. But it's good that that's helped you, Mike.
How long would it take for an average-sized enterprise to end up running with sessions? An average-sized enterprise, is there such a thing as an average-sized enterprise? So it depends on the approach. The approach we take is an appliance-based approach. So you literally say, I need 500 concurrent sessions. Then I deploy the appliance. I need 1,000 concurrent sessions. I deploy two appliances. I need high availability for that. I need four appliances.
So you literally just scale horizontally-- oh, sorry-- you scale vertically, or horizontally because you could do it with virtual machines as well. So you can span out as many VMs as you want. You can stand up as much hardware on those VMs as you want. And so you could scale it very, very naturally, move the slider as you see fit. But we take an appliance-based approach for that reason, to make it very, very easy to deploy and very, very easy to scale. Because scale in an enterprise, next to size and agility, is very, very important. And it's a point well-made out.
Has second-factor authentication become a more important requirement for end users in your opinion? Yes, very much so. And the reason why is because when we're working from home, there's a gap that's created. And if I go to the office and I work in the office, then a password might be sufficient, OK?
But if I'm doing something high risk, then there needs to be a wrap-around with that. There's a mantra in the privilege access world where if you're doing privileged access, you must have MFA period. If you're a remote worker, the need for MFA, whether you're a privileged user or a normal user, is that much higher-- much, much higher. So MFA absolutely has a place as a cornerstone of any security strategy for a remote worker, whether they're privileged or not, in my opinion.
Do you think the definition of a privileged user changes as more people access resources remotely? That is another very, very good question. So let me put it to you like this. If I can access accounts payable and my colleague can access accounts receivable, and we're both accessing remotely, then our duties are separated. So that should be OK. But the endpoint has been exposed remotely. How have you exposed it?
If I'm making robots, and a robot can access accounts payable and another robot can access accounts receivable, is that OK? Well, yes. The duties are separated. But I own both of them. I'm pulling the strings. So it's the convergence. It's an example of where process and technology and people all are very, very important, have their touch points. But when we consider specifically the definition of a privileged user, it's where the risk is carried, it is where the risk is carried.
If you follow the risk, you will find the privileged user. And so the point of the remote access for accounts payable and accounts receivable, if there's an admin, a database admin who has access to that central database for accounts payable, accounts receivable, the risk is still there. If there is an admin who is exposing that remote access and controlling that remote access, how are you auditing them? So the definition of privileged becomes very fluid in the remote world.
Can you plug the remote session technology into third party password vaults? Yes. So we have a plugin framework-- a bit of pub trivia-- based on Python. And we have, I believe, they are either on GitHub or our support site. But there are-- I'm not going to name them because our sound and mic guy will cut me off if I name a competitor. So I will say that the top three leading competitors we have out-of-the-box plugins for, plugins available.
And you can make your own plugins. And you don't even have to use a password vault. You can use-- and I'd recommend you do, by the way-- but you can do your own sort of workflow stuff. So you might want to reach out to a CMDB, for example. The plugin framework can let you do a lot of stuff.
Any more questions? Does anybody believe I'm real? I'd be happy with that. If somebody just goes, yeah, Alan, I think you're real. I'd be really happy with that. That would make my day. Anyone at all? All my colleagues are silent. You notice that? Or maybe it's slow. I'll blame lag. My internet connection is very slow, by the way.
Thank you, Stacy. I am real. Finally. Like the accent. OK, we'll cut it there. Like the accent. I don't. Now we've started an argument now, haven't we? Thanks, Rob. Thank you, Lee. So how are we doing for time? I think we've gone over time. Thank you, thank you, everyone.
So with that, I'm going to take a shower. And I'm really happy that you all had fun today. I had fun today. My name is Alan Radford. Take what you've learned and there'll be a white paper winging its way to you very shortly. Thank you very much, everyone. Have a great evening.
[MUSIC PLAYING]
33:27