Over the past two decades, remote access became a stable, but often neglected, technology. Now, coronavirus (COVID-19) changed the way employees need to work. Organisations now have old virtual personal network (VPN) technologies lacking the required licenses, updated features and adequate bandwidth to support all users working remotely and simultaneously.
“Corporate VPN is an ageing technology as organisations shift to more cloud-based services,” says Rob Smith, senior director analyst at Gartner. “However, in the wake of the global coronavirus pandemic, companies are realising they have to fundamentally change the way they work.
“For security and risk management leaders, this means grappling with the best course of action to solve the challenges of large-scale modern remote access.”
As companies support more work-from-home employees, they must have the right technology in place to ensure avoid poor performance and ensure secure access. Ask these four questions before deploying modern high-volume remote access products.
Who is the user, and what is their job function?
All users are not equal. Some require more bandwidth than others, like executives or mission-critical employees with above-average data analysis needs. A user’s job function needs to be considered when defining any remote use case.
“Employees who simply check email will have different demands from those downloading and analysing large sets of sensitive data,” says Smith. “Even if there is an existing, workable product in place today, it still may not be optimal for providing the best experience for all users.”
What kind of device is being used, and who owns it?
Usability and security vary widely across the spectrum of available remote devices, like laptops and mobile devices. A corporate-owned PC is much easier to secure than a personally owned smartphone on which users are conducting concurrent activities and accessing websites that are potentially out of policy.
“Remote workers must ensure the same, if not a greater, level of security for all company networks and data access, documents or otherwise confidential information that might be displayed on a home office computer screen,” says Smith. “If security requirements prohibit storing data on individual personal devices, virtualisation is an ideal option.”
What kind of applications and data do users need to access?
From a performance perspective, employees using dedicated cloud applications and having an always-on VPN to the corporate network would not make as much sense as using a cloud access security broker (CASB). The way in which users access applications and data — either through on-premises or via the cloud — makes a difference when choosing remote access services.
Where is the user located?
Data security, labor and privacy laws differ across countries and state/local jurisdictions, which creates an added layer of complexity when choosing offline data storage choices, and thus the remote access solution.
Build a remote access end-user policy
After determining use cases and technology, build an end-user remote access policy with buy-in from all business units. If this is an urgent issue, like COVID-19, the policy must be escalated to legal counsel. Ensure that simple and local language is used, and stress the importance of employees physically signing the policy document as soon as possible.