With Covid-19 forcing many to work from home it is important that businesses revisit processes. Some of these processes could have been in place for many years but that does not mean they are still fit for purpose. Many businesses have a working from home policy. Does this still fit the business now the number of users working from home has increased? Here are some points that should be asked of your remote working process.
Does a bottleneck in productivity happen now remote services are taking higher load?
Does our Virus security still manage to update for users that don’t connect to our network?
Do we still have enforced web filtering?
Can we still manage our assets?
How do we manage the lockout policies for account expiry?
Are we liable for loss of employees data at home if there is a security breach from our business?
Do we still control the flow of data?
Have we got adequate backup resources for our remote workers now data is stored in multiple endpoints?
Are we still GDPR compliant now that data could be outside our business?
There are many more questions but these are a few that may spark some ideas to review the businesses position. On reflection of some of the items it is very likely that a review of the options for remote access would save some valuable money. Here are a few options including pros and cons to think about. This is only meant as a helping hand to spark some questions into what would be the best routes for your business. This is not advise and not all options suit each business the same.
VPN – This is where you will have all your devices connecting through a secure point into your business network so the employees can work as if they were on the network.
1) Direct access into your systems remotely. All applications can be used on the user’s device in the same way as before.
2) Updates to local virus securities are still in place.
3) Ability to monitor web traffic, if configured correctly.
4) Access to server based storage and network shares for company data backups to remain in place.
1) Unable to control when a device logs onto the VPN. Still able to function as a stand-alone device outside of VPN logon.
2) Possible split brain DNS with the employees home network.
3) Home networking can still cause helpdesk overhead.
4) Home network security may not be inplace.
5) Potential user account password conflicts between device and domain. (Process for password resets need to be managed to remove this issue)
6) Ability for advanced users to break the security hardening for virus control. Could be off grid and exposed.
7) Data likely to be saved locally to the device when working if there is contention on your network. We suggest looking at data integrity and backup controls for devices consistently outside your business network. Maybe cloud storage solutions.
8) VPN route could be a bottleneck to the service, resiliency of this provision needs to be assessed if this is to be a future proofed method. Potentially resolved by factoring load balancing solutions.
Remote Access Servers
This is a solution of Remote access services. This could be through Windows RDS (Remote Desktop Services) or Citrix. This consists of a pool of servers that act as a internal gateway to the outside world.
1) Device agnostic and can be used by users own devices if needed.
2) Ability to control the data to maintain all services within the business network.
3) Ability to configure remote applications to be deployed on the end client that point directly to your company servers.
4) Low bandwidth requirements for the end client machines to connect securely.
5) Current backup solutions function as normal.
1) Management of server pools and the performance required to factor all end points can be cost restrictive.
2) Bandwidth on the business internet services could cause slowness of service. (Unless deployed in the cloud)
3) Authentication management can be costly to deploy through a secure DMZ zone for frontend services. Remote gateway should be used to secure the session management.
4) Authentication resiliency needs to be in place.
Remote access applications
These are 3rd party services like gotomyPC and teamviewer or other remote clients that allow employees to attach to machines inside the business.
1) Cheap option to access current devices from outside your network.
2) Ability for employees to continue as normal.
1) Security. There are many security issues with using this method. Employees machines need to on in the business environment while not being physically observed. Any individual in the office could review the users actions without any type of control mechanism.
2) Bandwidth of the network access from the outside world increased.
3) Machines need to be ON and in an accessible state locally (Logged in) to allow remote connections. Power usage and other environmental questions need to be factored.
These are not the only methods, however they are the most frequently used. As users start to return to the office (Or maybe continue to work from home) it is likely that the controls that were put in place to assist in continuation of service will now be inadequate, inappropriate or unacceptable. The main highlight from this is to help raise the questions about what is the right solution, looking at what the new normal is for businesses. There are no right or wrong answers however there are risks that need to be assessed as part of the decision. It could be that the simple approach is the best approach. (This is not to forget that this may not have been the best application or best software at the time the requirements hit suddenly). It is a good time to reflect on the solutions, risks and costs of these solutions. This will give the business the best chance of success while maintaining security and the exposure of the business data. Most Businesses are only as valuable as the data they have. Security and productivity need to be factored into the decision making process.
There are many vendors about that will be able to assist in the search for the most suitable solution. The most important thing is that you make a choice that suits your business and your future goals.
Tractive Solutions Ltd hopes this is helpful and if you wish to enquire about any services that we offer then please don’t hesitate to get in touch.
Due to current conditions, the best method of communication is email. firstname.lastname@example.org