From the Desk of the CEO: Remote Security Testing vs. On-Site Testing—Understanding the Difference

March 19, 2020

With the COVID-19 pandemic underway, we’ve all had to adjust in ways we would have never imagined. Talking with peers in the industry, having to stand up a complete remote workforce overnight has been both challenging and rewarding. While there are bound to be hiccups and lapses in security, the ability for organizations to be flexible with unforeseen situations allows us to scale in ways never before imaginable.

Now more than ever we are leveraging technology to enable our remote workforce, making sure that our businesses stay operational even under dire circumstances. A number of companies have spent considerable time and resources focused on a remote workforce. TrustedSec is very familiar with this process and has primarily operated as a remote workforce organization from day one. There is a great book that addresses remote work called Remote: Office Not Required by Jason Fried and David Heinemeier Hansson (https://www.amazon.com/Remote-Office-Not-Required/dp/0804137501). With a remote workforce, there can be challenges in productivity, consistency, and morale, but all of these issues should be addressed with your remote workforce strategy.

Security is no different, and protecting organizations to ensure that they stay operational during critical times is more important now than ever before. If a company’s infrastructure is hit by ransomware, a large-scale breach, or worse, it could be what breaks an entire company and the impacts could be devastating. It is paramount that during uncertain times, organizations perform regular security testing to ensure business continuity and maintain a high level of defense.

At TrustedSec, we have moved completely to full remote testing with little to no hinderance to the testing itself. A number of years ago, we released a platform called the TrustedSec Attack Platform (TAP) (https://github.com/trustedsec/tap), which allows us to perform the same level of testing internally that we would if we had a consultant on site. Available in both a VM form and as a physical tool, the TAP device has always been a reliable method for testing at TrustedSec and is open-source and available to other organizations that want to follow a similar approach. At TrustedSec, we continue to perform assessments and focus on helping our customers protect against the threats we face, especially in today’s environment.

There is no doubt that human interaction during the course of an assessment provides a personal touch and allows for clear communication to come through. Remote testing can feel abstract and detached if communication is not there, however, communication should not be a hinderance if there is clear dialogue and updates throughout a specific engagement, test, or project. Tools like Zoom, GoToMeeting, and others allow for constant communication through a project and provide the ability to interact remotely as if the assessment was happening on site.

For some companies, a remote workforce has been taboo and off-limits, but with today’s climate, remote security testing is an absolute must. Continual communication, making sure people stay connected, and confirming project success can make remote work just as effective as it would be on site. There is no telling how long this may last, but what is clear is that security testing and ensuring companies continue to operate and leverage technology in a safe manner are top priorities.

All of the assessments that TrustedSec conducts can be performed remotely without any hinderance. TrustedSec remains committed to protecting our customers during these challenging times and will continue to operate at the highest levels of quality and communication we are known for.

  • Browse by Category

  • Clear Form