More of us than ever before are working away from the office, at least part of the time. This new breed of hybrid worker is an exciting change – it shows workplaces are evolving and enabling employees to work in ways that suit their lifestyles. But it can cause challenges for IT managers. To really help you optimise remote access control, we figured we’d start at the very beginning. In this blog, we’ll cover the pain points IT face when enabling remote access and the gains you get with the right approach for our hybrid working world.
What is Remote Access?
Simply put, remote access is the ability to access a computer or network from a remote location. This location can be someone’s home, a café, a train, an airport, a museum: you get the picture.
As the word access insinuates, the devices of remote workers often become part of the company network, just like the ones of their co-workers at the office. This is what we call a VPN connection, which stands for Virtual Private Network. And since we’re being thorough, the device used can be a laptop, a tablet, a phone or any other object that can connect to the internet, which forms the highway between the device and the network.
Why control remote access?
In short: it’s about knowing the right people have the right access to the right applications, regardless of where they choose to work. As opposed to the office, where intruders can’t really hide from your colleagues, the devices of remote workers are out of sight. For all you know, they’re on the other side of the world! As IT managers like you can’t see what’s going on at the end-point, it’s hard to respond to threats. Sure, you can opt for mobile device management, where you have software monitor the remote device. However, you still don’t know if someone left their device unattended and a completely different (unauthorised) person is using it instead. In other words: how can you be sure the answers you get can be trusted?
Second, the connection between the remote device and the company network is more vulnerable to threats when you compare it to the connection between an office computer and the company network. This is simply because the communication travels from a home or café Wi-Fi to the network of an unknown internet provider to several intermediaries and then ends up at the network of the internet provider of your company. Imagine all the things that could go wrong along the way! Clearly, the connection between remote workers and company networks needs to be secured.
Why is it so hard to secure Remote Access?
What exactly can go wrong when remote workers gain access to your company network? For starters, you can’t know who’s gaining access to your systems. How can you be sure it’s your co-worker logging in and not someone else who stole the device or happened to be around during your co-worker’s bathroom break? Second, how will you avoid people intercepting the traffic between the remote worker and the company network and use it to their advantage? Third, how will you avoid a Man-in-the-Middle attack (MItM), where a remote worker thinks he’s connected to the company network whereas in fact he’s connected to something else? Fourth, how will you fight end-point attacks by malware and how will you keep this malware from spreading to the company network? And last but not least: how will you avoid data leakage from the end-point? Sound like a pain? You bet!
So how can you make it work? What are the gains for you?
Okay wow. So, there are a lot of things that can go wrong. And unfortunately, many of the remote access solutions out there don’t solve any of the problems. The firewall with the built-in VPN, for example, solves none of the issues, except maybe the encryption of the data so that no one can intercept the traffic and use it to their advantage. But at the same time, it does open up a tunnel that allows an uncontrolled flow between the endpoint and the network.
But here’s a question for you: do remote workers really have to be part of the company network?
The truth is they don’t, and there lies your solution! Don’t let remote workers access your company network at all! Instead, when they’re not working in the office, find a way to give them everything they need for their working days, such as data and e-mail, but let them wait outside while someone within the company fetches it for them. By “someone” we mean “something”, as there are ways to automate this. This is what we call zero-trust, and it’s a true lifesaver. For your workers, it should feel like they’re sat at their desk in the office, even if they’re at home or another location. But from an IT security perspective, it means you retain control and can empower your users to work wherever they like – without any of the pains!
Alongside this solution, you should think about ways to encrypt remote traffic and select a mutual authentication tool. But the foundation of secure remote access lies in no access at all. Quite the plot twist, we reckon.
Do you want to learn more about this access-less Remote Access? Then download our white paper on Secure Remote Working with the Zero-Trust approach for free.
Originally published 14th November 2019, updated 14th September 2021 for relevancy