This picture is for all the people I have had discussions with in recent years about Digitisation in general or, more specifically, about the integration of tablets or notebooks within a corporate network.
My recommendation then and now: Zero Trust! Isolate and segment potentially insecure, closed-source AD infrastructures! Keep smartphones, tablets or laptops out! This also applies to unknown, untrusted applications. " jumper laptops" are the better places for them. Put business applications on RDP/RDS terminal servers1 and create uniform, web-based, open interfaces that can be monitored and controlled. Nextcloud2 is suitable for accessing SMB files, Apache Guacamole3 for RDP access via HTTPS. Use RFC-standardised4 multi-factor authentications! Technologies like Keycloak5 or PrivacyIDEA6 make this possible throughout the enterprise.
There are so many possibilities - but what is being done? Inflationary VPN accesses are distributed and all gates straight into an AD are torn down. So that even the last Idiot may continue to work with his rotten SMB drive letters.
Here is the punchline in today’s Heise-Newsticker: Microsoft recommends Zero-Trust!7
A “Zero Trust” philosophy is an important part of any security strategy.
It took a long way including a large-scale hack and intrusion into their own network to make them realize this. But don’t worry, Microsoft reliably ensures my “I Told You So” T-Shirt and recommends its own technologies for protection.
and enjoy your sunny weekend!