May 06, 2020//Tony HowlettLast Updated: November 19, 2020
The COVID-19 pandemic among the many major impacts, both personal and professional, has also caused a huge upsurge in the demand for remote workforce technologies. The security around video conferencing apps such as Zoom, Skype, and others has definitely captured the attention of the media but for most companies, just getting employees and vendors access to resources that are inside the corporate firewall is the largest need. Sure, most companies have some experience with this type of technology, but not everyone has done it on the scale that’s needed to successfully work from home. So many harried IT managers have had to retrofit their infrastructure to handle this need; either using existing solutions they had implemented or they had to talk to new vendors to fit into the world during the pandemic.
In this article, we will review the various needs for remote access and the most appropriate solution type for each use case. Hopefully this will help you determine which type of solution best fits your company; both during and after the coronavirus pandemic.
This is the most common use case for remote access and most companies have at least internal users deployed in. Your average user is going to need access to general corporate resources such as email, file shares, HR servers, and more. Even if they need access to different directories or have some elevated privileges, these are easily configurable using Role-Based Access Controls (RBAC) in Windows Active Directory or similar directory service. Basically, these users need to look and act like they are on the corporate LAN. For this purpose, a VPN is often the most economical option, especially given the large number of seats needed. This will allow them to get to the servers they need to do their job without overly exposing your company to great risk. This doesn’t mean there is no risk; an average user on an unsegmented network could still cause you lots of problems if they can indiscriminately access other network resources. But these are challenges easily dealt with using VLANs and other network technology. For networks and systems requiring tight security on remote access even for non-privileged users, administrators might consider a Zero Trust type of architecture though these often require major reworking of underlying protocols and infrastructure.
These users are going to have the more valuable access that hackers covet, so additional protections are warranted when allowing them to access resources remotely, especially when considering servers and other critical infrastructure. Additionally, many security compliance frameworks such as PCI, CJIS, and others now require additional controls for these users. Multi-factor authentication is a powerful tool to prevent misuse of privilege accounts remotely. This can be layered on top of a VPN or other remote access layer. Privileged Access Management (PAM) platforms are other tools you can use for these types of accounts to provide additional remote access security. This technology secures all your credentials with elevated privileges and requires users to check them out so that you can monitor usage and place limits on them. Again, this technology must be accompanied by some network layer access technology such as a VPN in order to provide the actual access.
Often you will have a vendor providing simple desktop or application support. These external users, while not part of your company, require no special level of access. They may simply need to take control of a user’s desktop or access general company resources like any other user, for example, a contractor working remotely. For these users, a remote support tool is appropriate. You generally don’t just want to give them VPN access as this will give them far more network access than they need. Additionally these support tools often offer control features such as requiring a user’s consent to take over and documenting the access. Be aware of them supporting users with privileged access as this could unwittingly give a remote vendor user privileged access via a controlled internal user. Also, carefully evaluate the many vendors offering products in this niche. Be sure to do searching on their security history. Some of them have become popular with hackers and have known exploits and vulnerabilities available so an attacker can co-opt the tool for use against you if they manage to hack the vendor software.
This use case, while usually a much smaller population to serve, is very important to do securely. They represent the highest risk to an enterprise as you have nonemployees accessing the most sensitive resources in your company from the outside. Best practices for these high-level external users is to tightly control and audit their remote access. You can do this with many of the tools mentioned previously but it is better to integrate all of it under a single vendor management platform so that all the vendors and records of their access is consolidated in a single place for ease of administration and access. Vendor Privileged Access Management (VPAM) systems offer these types of capabilities under a single solution.
No matter your remote access needs (and you may have more than one of them), there are options to fit your needs. And since there are often multiple vendors within these categories, you will want to evaluate each vendor offering for price/performance for your particular needs. There are many different price points and licensing models (I’ve discussed remote access pricing models in this article) and you will want to select one that fits your budget, user base size and future scaling needs. In the end, you should be able to find a solution or set of solutions that meets your needs, no matter your size or the times.
To learn more about what remote access tool makes the most sense for your company’s needs, download our brochure that highlights the differences between the most common platforms.