Security in remote offices

The move to internationalize creates huge compliance and data security challenges. Unfortunately, security policies and procedures are frequently an afterthought, especially in overseas remote offices.

Why is this consequential? First, critical or sensitive data may be stored in the remote office. Second, remote offices are often simply WAN connected with no security or monitoring differentiation. Although the insider threat is well recognized, a survey of enterprise networks reveals the majority are still “security eggshells” (e.g., a secure perimeter with little inside apart from client anti-virus). Third, the legal protections available are often limited because protections don't exist or are unavailable to foreign corporations, and the costs involved and risk-to-reputation are too high.

To improve security in remote offices, technology alone will not suffice. Staff attitudes, motivations and cultural norms must be better understood. The following relationship and technology guidelines are critical:

Build relationships: To minimize expenses, Americans may avoid lengthy overseas trips or funding visits by foreign staff to headquarters. However, overseas business is oiled by relationships that develop trust. Failure to understand this and build on common goals can be more costly than the expense of building relationships.

Understand cultural motivations: What is important to the IT staff, or those with access to critical data? Consider that working for a Western company is often highly valued, as are training and certifications.

Money talks: In developing countries, “team spirit” takes a back seat to compensation for creating loyalty. On the other hand, an excessive package suggests the organization is naïve and ripe to be exploited.

WAN edge security: Router/switch ACLs, IPS and proxies should be implemented on the WAN, preferably on the domestic side. Limit access to the minimum needed for the remote office to function.

Monitoring: Central security staff should monitor activity at the remote location. Consider appliance-based offerings that are harder to circumvent and do not require local staff support.

Securing international remote offices is challenging, but the risks can be reduced through understanding cultural motivations and applying security controls more typical of extranet connections.
Jonathan Gohstand

Jonathan Gohstand is HP Inc.’s Director of Security Product Marketing, which includes sales enablement and channel programs responsibilities. He has over 20 years’ experience in cyber-security, primarily in product marketing and product management roles. He started his career on the customer side working for Chevron internationally, managed an IT reseller in Europe in the 1990s, and helped build out Cisco’s security business as a Director of Product Management. His career includes a security startup (Packetmotion) and consulting for over a dozen companies, including CheckPoint, VMware, McAfee, and numerous startups. Jonathan lives in San Francisco and enjoys running, reading, and kayaking in his spare time.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.