Maybe I am wrong, but I just don't see how allowing a non-company device connectivity to RDP in an environment where clients confidential data is being reviewed can be deemed safe.
Can anyone help me out here? Understand one way or the other?
My thought, keyloggers and even video (screen capture) could be used to capture everything seen. Yes, we do use 2fa, but I still have no control of what is happening on the host machine.
I'm sorry, but I felt an arrhythmia just by reading "RDP". Is the VPN broken? Is there any MDM onboarding or similar for the personal device? Can RDP be improved by an issued computer and some MFA?
I need my smelling salts. I feel faint.
Data loss can be just as big a deal as data exposure. In addition to video/keystroke capture, you might also consider laptops being left on a plane, missing backups when laptops are powered down at night, and getting ransom-wared if the user has access to the data files themselves.
Keep in mind that "Safe" is a continuum, not a binary (true/false) value. Risk acceptance is a game of balancing user-experience, cost, and data protection, typically based on your management's tolerance for whiney users vs whiney cyber-sec staff.
To "make the sale", it is often necessary to compromise a bit in the name of user experience. RDP is often the "lesser harm" vs the data being on the laptop itself. With RDP, company data remains safely stashed in the data center. And when the session is disconnected you know the data is protected from prying eyes.
The trick is understanding where we can afford to let go and what mitigations we can squeeze in, such as:
Many of these add value even if the company owns the laptop.
@cweatherford wrote:Maybe I am wrong, but I just don't see how allowing a non-company device connectivity to RDP in an environment where clients confidential data is being reviewed can be deemed safe.
We tend to turn on RDP and the like as a catch-all solution for incomplete engineering. We don't know what kind of remote access we want so we just going to turn this thing on as though we are sitting at the keyboard with an interactive login. That's a "most privilege" solution. The least privilege would be looking at something like database-client relationship where you can have more granular control over the data and the access to it, layering on top of that (or under it if you're thinking in terms of OSI or TCP/IP) good host security and network controls etc.
Broadly, whenever I see RDP, I think "corner cutting," bearing in mind that sometimes it is necessary to cut corners. It's done to save on personnel, hardware, or engineering. That's fine for testing or lab work, but in a production environment, like you, I am pressed to come up with a good justification.