Bernard Parsons, CEO of Becrypt. considers whether PC procurement is the right strategy for modern organisations
A surge in demand for laptops, driven by the increased need for organisations to support remote working, is occurring just as the laptop manufacturing supply chain has a reduced capacity to deliver. With China at the heart of global manufacturing, many supply chains have been suffering. Globalised supply chains and just-in-time manufacturing mean many seemingly unrelated products are vulnerable to pauses in the flow of goods; it only takes one small missing part to bring entire supply chains to a standstill. For example, Apple has been one of the companies affected, with its manufacturing partner Foxconn hitting a production delay. As a result, many organisations are experiencing lengthy delays in laptop procurement, which is jeopardising their short-term business continuity plans.
However, for many, relaxing security controls and increasing access to corporate services from employee-owned devices introduces unpalatable risks. An increase in activity from opportunistic cyber criminals is a stark reminder that solutions adopted need to be both resilient and secure. Unfortunately, COVID-19 has seen the creation of targeted campaigns, with spear phishing, masquerading and new ransomware variants being deployed, as attackers attempt to take advantage of the increased workforce spending more time online while at home. Clearly, coping with a major cyber incident at the same time as a pandemic is beyond the means of most organisations’ already over-stretched IT staff.
As the UK Government mobilises to reduce the impact of the pandemic on its citizens, much of today’s focus is on expert advice. However, Government experts have for some time been evaluating approaches that can provide safer options for scaling remote working than a Bring Your Own Device (BYOD) model. These approaches may provide timely alternatives to procuring new laptops for organisations struggling to meet their current cost or availability needs.
A project led by the National Cyber Security Centre (NCSC), referred to as CloudClient, looked to develop an End User Device platform that could be deployed on a range of computing devices, with built-in security that would allow organisations to share infrastructure and services without increasing risk. CloudClient introduced the concept of strong Device Health measurements, now a key component of what has become known as Zero Trust Network Architectures. Ideally, Device Health measurement involves validating the integrity of all software and firmware components on a device, using a client-server cryptographic protocol such as Remote Attestation.
When implemented correctly, the measurements produce Signals that can be used to guarantee that devices connecting into an organisation are free of compromise. When combined with User Identity and Access Management, organisations can confidently extend IT services outside of their corporate boundary and successfully mitigate the associated risks.
Today, NCSC recommend exploring a Zero Trust Network architecture for new network deployments first, particularly where extensive use of cloud and online services is being considered, and where the concept of a corporate boundary is weakest.
The CloudClient programme produced a lightweight OS and management platform, now available as a commercial product that organisations within the public and private sectors have subsequently used, either on standard laptops, legacy IT that can no longer support a full desktop OS, or deployed to a bootable USB stick to allow home PCs to be transformed into secure working environments.
At a time where organisations need to be creative to explore alternatives to traditional corporate laptops, re-purposing existing hardware, converting home PCs into secure endpoints, or simply extending purchasing options to low-specification hardware can make a significant impact on an organisation’s ability to scale. While the current business environment is incredibly volatile and uncertain, the COVID-19 pandemic could prove to be the catalyst for many businesses to re-evaluate their remote working infrastructures, and how best employees can utilise them, especially when working remotely for extended periods of time.
