Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

RDP, cloud migration, and endpoint visibility: what changed?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: A Black Hat survey of more than 270 cybersecurity professionals found that 95% believe the COVID-19 crisis increases cyber threat to enterprise systems and data, while 80% expect cybersecurity operations to change significantly and only 15% expect a return to normal after the pandemic, according to SentinelOne. The operational lesson is that distributed access, weak endpoint visibility, and rushed remote control expansion turn identity and device trust into the core security boundary.

NHIMG editorial — based on content published by SentinelOne: a survey-based analysis of pandemic-era cybersecurity changes and remote-work risk

By the numbers:

Questions worth separating out

Q: What breaks when remote access is expanded faster than endpoint controls?

A: Remote access expansion without endpoint control creates blind spots, longer attacker dwell time, and broader lateral movement risk.

Q: Why do unmanaged home devices increase enterprise risk so quickly?

A: Unmanaged home devices often lack corporate hardening, consistent monitoring, and centrally enforced access controls.

Q: Where do RDP and VPN controls usually fail in practice?

A: They fail when organisations treat connectivity as proof of trust.

Practitioner guidance

  • Harden remote administration paths Disable public exposure of RDP wherever possible, and where it must exist, place it behind controlled access, MFA, and strict source-IP restrictions.
  • Move detection closer to the endpoint Prioritise endpoint telemetry and response on laptops and workstations that now touch enterprise resources.
  • Re-scope remote access privileges Audit who can reach internal systems from unmanaged or personal devices, then reduce standing access to the smallest practical set.

What's in the full article

SentinelOne's full article covers the operational detail this post intentionally leaves for the source:

  • How the Black Hat survey framed SecOps changes during the pandemic and what practitioners said about post-crisis normality
  • The FBI and IC3 complaint figures that show how quickly cybercrime volume scaled during the early pandemic period
  • Examples of RDP brute-force activity and ransomware patterns that illustrate the exposure risk in more operational detail
  • SentinelOne's device-centric detection and response framing for remote workforce defence

👉 Read SentinelOne's analysis of remote-work cyber risk and endpoint control gaps →

RDP, cloud migration, and endpoint visibility: what changed?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Remote access sprawl is the new governance boundary: The article shows that once users work from home, the practical security boundary moves from the office network to the endpoint and its credentials. That creates a governance problem for IAM and PAM teams because access policy is only as strong as the device and session it is applied to. The field now has to treat remote connectivity as a lifecycle control, not a temporary exception.

A question worth separating out:

Q: Who should be accountable when remote work access creates a breach?

A: Accountability should be shared across identity, endpoint, and infrastructure owners, because remote-work failures rarely sit in one team. IAM should own privilege scope, endpoint teams should own device posture, and infrastructure teams should own exposure reduction. If remote access is still a business dependency, the governance model has to assign named owners before the incident, not after it.

👉 Read our full editorial: Remote work is exposing endpoint and RDP control gaps



   
ReplyQuote
Share: