While online gaming has seen record growth during the pandemic, there’s no substitute for a good, old-fashioned arcade game and Whac-A-Mole ranks up there with the best of them. Sure – there are digital versions of this amusement park staple and even mini versions for home use, but most agree that a challenge of the whacking type is experiential and best enjoyed in its original form.
Those of us who are immersed in IT – especially end-user computing – also know that Whac-A-Mole is an apt analogy to describe the effort of trying to keep users from accidentally springing data leaks for their firm when they access sensitive data and applications. This is especially true in today’s highly distributed work environment. It often feels like no matter what we try, users always seem to find a workaround.
Take virtual desktop infrastructure (VDI) as an example. Most of our customers leverage hosted virtual applications and desktops in order to centralize access to sensitive and regulated client data. They believe that by moving their apps and desktops into the cloud, they can centralize the security of these digital assets and keep sensitive, and often regulated, client data safe. That hypothesis works fine with legacy Windows line-of-business or intranet applications that can only be accessed in this manner. When it comes to modern SaaS apps, however, this concept often goes out the window (or out the Windows 😊 ).
SaaS is inherently designed to be globally accessible from any browser. Users quickly figure out that they can reach their SaaS-based work apps from any browser, not just the one on their hosted desktop. They also realize (whether they actually understand it or not) that the application experience they get from their local browser is superior to that of accessing a hosted browser. Once they do this for a single app, they start doing it for multiple apps. And then they tell their colleagues and before you know it, everyone is bypassing the VDI solution.
With this action, users circumvent the only form of data protection provided by their firm. Their local device environment is likely highly exposed to attack, especially if it’s personal-owned. As well, we also find many devices technically owned by the firm that are unmanaged (sometimes referred to as COPE or corporate-owned, personally-enabled). Without regular attention to operating system patching, antivirus definition updates, and other security best practices, devices quickly become compromised targets. This is especially a problem if users are downloading client data from their SaaS work apps directly to their unprotected devices. Once those XLS or PDF files are stored locally, they are fair game and should be considered “in the wild” and “unprotected,” similar to an endangered species.
So what’s the solution? Well, for starters, it is critical to move toward a Zero Trust model such as the kind that our Workplace solution enables. It’s not just about checking device compliance and strong passwords for each kind of application or data access occurrence. It’s also about ensuring that applications with privileged data are only accessible through certain gates which cannot be bypassed by clever users.
Bottom line – make sure you properly plug the holes in your application and data access infrastructure so that you don’t end up playing Whac-a-Mole at work with your data security!
