Data Governance – Part 4: Scalable Remote Access Infrastructure

Designation Number:
CAN/DGSI 100-4:2023 (R 2024)
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
Reaffirmation
ICS code(s):
35.020; 35.030
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

Scope
This standard presents a set of requirements to help organizations mitigate security risks associated with, and scalability demands upon, enterprise technologies used for remote access. The standard also provides guidance to organizations needing to react to unprecedented and unplanned shifts in their workforce to support work-from-home mandates. This standard applies to all organizations, including public and private companies, government entities, and not-for-profit organizations.

Project need:

Project Need
The world in which we live, and the way people work everyday has changed since the COVID-19 pandemic. Global businesses and governments have since explored new methods to effectively scale-up their remote access protocols, while at the same time manage costs and controls over the inherent security risks associated with remote connectivity into their information technology infrastructure assets. Remote workers typically use either a company-provided endpoint device (laptop) or a personal device connected from home networks via VPN to the corporate network. This infrastructure might not scale at the speeds by which the work-from-home movement has shifted. It is also this remote connectivity model that has been directly attributed to network intrusions affecting large multi-national firms and many others as reported over the years. The access technology in place today is supported by physical remote access and VPN servers placing remote worker endpoint devices directly onto corporate networks. This access technology is far less secure than many realize. The standard would provide a framework and set of characteristics which, when adopted, enable the secure and rapid scale-up of the infrastructure needed to support the remote work requirements and directly addresses the weaknesses of the current security model which has directly led to these network intrusions. This standard would present a set of requirements which, when followed, yield an operational IT environment which allows enterprises to rapidly scale up and down to meet the dynamic and unpredictable demands of employees needing to shift their work habits to a work-from-home (WFH) model, and continue to meet the enterprise security needs. This set of requirements is vendor-agnostic and does not prescribe specific tooling, rather general practices which once met, achieves the scalability and security requirements.

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.