In wake of the recent need for more employees to work remotely, some organizations have found themselves with an unprecedented need to provide secure remote access. The ability to support this type of workforce with little to no notice is critical for business continuity and security.
First you’ll need to determine the types of access your users may need. For simplicity, we will use Microsoft’s terminology for basic access roles.
•Basic user – This type of secure connectivity enables employees to access corporate resources and safely traverse the internet from a remote location such as their home office or customer location.
•Power user – This connectivity is for employees who spend a good deal of time on the corporate network, providing easier access and an always-on connection to the network firewall.
•Super user – Employees with elevated credentials who need access to confidential, critical business information by turning their home offices into branch locations to deliver high-priority information quickly and securely.
In reality, your users more often have a mix of access based on their role or department that they work in. For example, financial people often have specialized access that someone in a member service role may not have and vice versa.
Of course there is a question of how long this shift in our world will last. Many of us are looking for a short-term solution. However, there is a lot of speculation that this will push the workforce towards more telecommuting. A long term solution, especially considering the access level, might look different. Several companies are offering their services for a reduced rate, sale price, or even free in light of COVID-19. Sometimes simple, easy, and free doesn’t give the proper consideration to security.
Short-term: Ideally, you’ll establish a secure VPN tunnel for teleworkers, adding additional security such as a two-factor authentication (2FA) token (i.e. DUO, FortiToken, etc). Not all 2FA’s are created equal. SMS and Google Authenticator, for example, have had some notable security issues. That said, less secure is still more secure than not having a 2FA solution… Therefore, if it is all that a program or solution offers, it is still recommended. Once logged in you can use the computer to access resources as if you were on the network or use Remote Desktop to connect to your computer in the office.
VPN is the ideal secure solution. Still, security isn’t just in the connection. It is tempting, especially considering the short term situation, to allow users to log in using their home devices. Be warned, using home equipment opens up your network to unmanaged devices that may not have ever had anti-virus protection and could be loaded with all sorts of viruses and malware.
Other programs, such as LogMeIn, are being offered for free right now. These require installation and configuration of clients and allow for Remote Desktop like access. LogMeIn can be configured to use 2FA as well, and if being used, should be. Keep in mind, although free for now, later you’ll pay a premium to continue using this service.
Internet bandwidth & speed at a teleworkers home office, and at your organization’s head-end data center is a definite consideration. Upgrades may be required for a good experience… but in rural america, this isn’t always an option. Users may want to use a wireless LTE modem if an upgrade isn’t available.
Long-term: Set up a RDS Gateway or Virtual Desktop Infrastructure (VDI). Citrix is a great tool for large scale deployments of VDIs. Mobile devices provided by your organization can work as dumb terminals, minimizing the risk of viruses and configuration issues.
Consider a home firewall for Power Users or those with access to sensitive information. Adding a home firewall with a permanent VPN secures the home environment and allows you to control the access between the sites. With a home firewall, you can prioritize business data and connections all while making sure your data is secure.
All your security may be useless if you don’t have someone watching the front door. SkyHelm offers 24X7 threat monitoring and visibility for all types of intrusion attempts and/or attacks. We have the ability to detect and stop security incidents, including remediation if necessary.
Feel free to reach out to us if you need help transitioning your workforce to safely work remotely.
SkyHelm builds safe and reliable infrastructure for America’s electric cooperatives using advanced and proven technologies. This includes projects requiring assessment, design and implementation of secure and reliable data center, communications, virtualization and cloud migrations.