5 Best Practices for Managing Remote Access
There's no question that allowing your employees to have remote access to your company's computers is a security nightmare waiting to happen. There's also no denying that it's inevitable. The best thing an IT manager can do is create a system that limits the possibility for security breaches.
Rainer Enders is chief technology officerof NCP engineering, a company that provides VPN (virtual private network) software solutions to help enterprises create, manage and maintain secure network access for staff.He offers ways for IT managers to avoid five common missteps when they are trying to secure remote access.
Maintain control.If IT managers institute rigid security policies and lock things down very tightly, they should make sure they can properly control it. They should investigate the manageability options of the deployed technology, including the VPN and mobile devices. They should make sure they can monitor devices very closely while in standalone/offline mode and when connected to the network, because problems can occur in either scenario.
Don't go simple.IT managers often will select remote-access technologies on the basis of simplicity and convenience. But this can open the door to many threats. IT managers should instead identify best-of-breed technologies (like IPsec and SSL VPN clients) versus tools like remote desktop applications, where users can freely access a business's networks and systems from any device — and expose them to great risk.
Assess risk. IT managers need to do a thorough security risk-assessment and evaluate what level of enforcement/access they want to provide. They shouldn't rely too heavily on one tool (for example, the SSL protocol) alone. They also should be conscious about having the ability to verify each device and end user entering the corporate IT environment.
Educate employees.It is critical that IT managersconstantly communicate the security policies and educate employees at all levels about the risks and benefits of secure remote access. IT managers shouldn't take this for granted; it can be more harmful when users try to circumvent established security policies. Clear guidance and direction are essential.
Look for flexibility.Financial pressures can affect IT departments' technology purchasing decisions. IT managers should first figure out what they can afford to do and look for scalable, flexible solutions that are easy to upgrade and can stay on top of threats in a timely way. Because refreshes can be costly, IT managers sometimes try to push out their technology life cycles instead. This is risky when the security solution is no longer up-to-date.
You can follow NCP engineering at Twitter: @VPNHaus.