Many companies need to allow users to access their internal company desktop computers from external locations. A common approach is to open ports in the firewall, enabling inbound RDP traffic. Although this solution comes with risks!
Thankfully, there is an alternative to opening up ports, without the complexity of installing security gateways. But first, let's consider the typical challenge IT teams face when allowing access to internal desktop computers.
Remote access is a more complex problem than it may seem
When an organisation wants to give access to internal resources, they often install so-called 'security gateways'. This approach makes sense: a security gateway checks a remote user's identity, secures the connection and endpoint, and allows the user access to the resource.
Gateways also ensure there is a central point where all remote access can be monitored, logged and controlled.
However, in some scenarios, such as an organisation needing to provide access to a couple of existing workstations, installing gateways has its downsides.
Implementing gateways means changing the network infrastructure, which can be complicated and time-consuming. All traffic going back and forth to internal computers now has to go through the gateways, which creates congestion and can significantly slow down the connection speed.
So, how can an organisation improve remote working capabilities on internal workstations securely, without having to go through the complexity of implementing gateways?
To answer this, we first need to examine what the exact problem is.
How did we get here?
There are many kinds of workstations inside an organisation's network, and it's often possible to remotely control them.
It doesn't matter whether the target computer is just running some office applications, a powerful workstation used for CAD or a computer with an old operating system, connected to an industrial machine. Remote controlling the PC means only the screen contents, keyboard strokes and mouse clicks are transferred, bringing the full capability from the target PC to almost any endpoint, whether it's a PC, Mac, tablet or mobile phone.
The ability to remote control a system is useful in many cases, even when the remote device is within the company network. But what if this is not the case? What if the remote user is working on a private device from home or a remote location?
In this scenario, new challenges arise because the user needs authenticating, the connection needs securing, access rights need enforcing, and access needs monitoring.
With this in mind, opening up ports in the firewall might not be the best solution. This option exposes the organisation to an increased risk of hacking and malicious activity. It's also a static solution that doesn't support business flexibility and agility.
So what solutions exist that do not require the implementation of security gateways, and solve the challenges?
A possible alternative
Several cloud services can securely connect an internal resource to a remote device, without having to open up the firewall.
What these solutions have in common, is both the remote device and the internal device connect outbound to the service, and the service connects the two together. The result is the remote device and the internal computer talk directly to each other, over a secured channel.
It is easy to see the benefits of this solution: because the connections are outbound, there are probably no changes needed to the firewall. Also, the internal desktop computer can take any route to the internet that is available, which prevents a single point of congestion and improves performance.
Some solutions, although, not all, offer management features that allow the company to create users and devices, making it possible to control who can access what from a single location.
But wait... one crucial thing is still missing - both the users and the target devices need authenticating before allowing any connection. Otherwise creating access rules and monitoring access doesn't make a lot of sense.
This part is difficult - but there is a way to solve it!
The best alternative: Soliton SecureDesktop
There is an alternative remote working solution that strikes a balance between ease of access and security: it's called Soliton SecureDesktop.
SecureDesktop is a service that works as described above; however, it also solves the mentioned issues by implementing management features and digital certificates for strong authentication on both ends.
With SecureDesktop, the internal system can be Windows-based or macOS-based, while the user clients can run Windows, macOS, iOS, iPadOS or Android. The communication protocol is extremely fast, allowing even the most demanding applications to run smoothly on the endpoints. And the client applications provide a plethora of useful remote control features, making remote working a breeze.
What this means is:
- Only a light-weight receiver application needs installing on the internal workstation; this application is called the streamer
- Built-in strong 2-factor user and remote device authentication, with certificates that are one-to-one connected to the user's login name
- After authentication, users see a list of available internal computers (all available streamers)
- Management features to add groups of users, add users by e-mail invitation, monitor how many users and streamers are online, and which user connects to what streamer
- The remote-controlled computer blacks out the screen if an authorised user is logging in, preventing others from snooping
- Built-in support for a multi-monitor setup
- It's speedy, even over low bandwidth / high latency connections
- Users don't have the ability to copy company information to the local device
- Remote control applications can be downloaded from the services, for mobile devices the apps can be downloaded from the Apple App Store or Google Play Store
The delivery model for SecureDesktop can be cloud-based, meaning that organisations can start to scale up their secured remote working capabilities in minutes, rather than weeks.
Soliton hosts SecureDesktop from data centres in Europe, but alternatively, customers can install an on-premise relay-server if they do not want to use the cloud (VMware required).
By using Soliton SecureDesktop, organisations can leverage the use of personal PCs and Macs, while protecting their sensitive data and without compromising security!
User benefits
Users like SecureDesktop because the installation only requires a small-footprint application on their device. Users also like:
- The speed and stability of SecureDesktop connections, because connections are set up in seconds and are very stable
- The controls that are available on remote devices, that allow quick and responsive remote working, even on mobile devices
Originally published November 23 2020, updated on October 17 2023.
