What is Remote Access Control? (No, it’s not a stupid question)

Category: IT Security / Date: 14 November 2019

What is Remote Access ControlMany people understand the concept of remote access. It’s working without being physically present at the office, right? Well yeah, sort of. But if you’re responsible for securing this remote access, you need a little more detail. Remote workers can access the company network in different ways, which means that IT managers like you need to come up with safe solutions for each one of them. That’s a challenge, given the many threats and changes that are reshaping the digital world. To really help you optimise remote access control, we figured we’d start at the very beginning. In this blog, we’ll answer questions such as “What is remote access?” “Why should it be controlled?” And “How can you control it?”

 

Question one: What is Remote Access?

Simply put, remote access is the ability to access a computer or network from a remote location. This location can be someone’s home, a café, a train, an airport, a museum: you get the picture. As the word access insinuates, the devices of remote workers often become part of the company network, just like the ones of their co-workers at the office. This is what we call a VPN connection, which stands for Virtual Private Network. And since we’re being thorough, the device used can be a laptop, a tablet, a phone or any other object that can connect to the internet, which forms the highway between the device and the network.

 “Mobile device management is as safe as asking an unknown banker in Thailand if he’s sure that the money you gave him will end up at your own bank account”

 

Question two: Why should remote access be controlled?

Remote working comes with extra risks. As opposed to the office, where intruders can’t really hide themselves from your colleagues, the devices of remote workers are out of sight. For all you know, they’re at the other side of the world! As IT managers like you can’t see what’s going on at the end-point, it’s hard to respond to threats. Sure, you can opt for mobile device management, where you have software monitor the remote device. However, you’d still deal with a remote end-point, meaning your check-ups are as safe as asking an unknown banker in Thailand if he’s sure that the money you gave him will end up at your own bank account. In other words: how can you be sure the answers you get can be trusted?

Second, the connection between the remote device and the company network is more vulnerable to threats when you compare it to the connection between an office computer and the company network. This is simply because the communication travels from a home or café Wi-Fi to the network of an unknown internet provider to several intermediaries and then ends up at the network of the internet provider of your company. Imagine all the things that could go wrong along the way! Clearly, the connection between remote workers and company networks need to be secured. But as you might have guessed, this is hard. 

 

Question 3. Why is it so hard to secure Remote Access?

In the previous paragraph, we used words like “threats” and “out of sight” and “can go wrong”. But what exactly can go wrong when remote workers gain access to your company network? For starters, you can’t know who’s gaining access to your systems. How can you be sure it’s your co-worker logging in and not someone else who stole the device or happened to be around during your co-worker’s bathroom break? Second, how will you avoid people intercepting the traffic between the remote worker and the company network and use it to their advantage? Third, how will you avoid a Man-in-the-Middle attack (MItM), where a remote worker thinks he’s connected to the company network whereas in fact he’s connected to something else? Fourth, how will you fight end-point attacks by malware and how will you keep this malware from spreading to the company network? And last but not least: how will you avoid data-leakage from the end-point?

 

Question 4. How can you control Remote Access?

Okay wow. That’s a lot of things that can go wrong. And unfortunately, many of the remote access solutions out there don’t solve any of the problems. The firewall with the built-in VPN, for example, solves none of the issues, except maybe the encryption of the data so that no one can intercept the traffic and use it to their advantage. But at the same time, it does open up a tunnel that allows an uncontrolled flow between the endpoint and the network.

But here’s a question for you: do remote workers really have to be part of the company network?

The truth is they don’t, and there lies your solution. The best way to secure Remote Access is to replace it with Remote Working. Hence, don’t let remote workers access your company network at all! Instead, find a way to give them everything they need for their working day, such as data and e-mail, but let them wait outside while someone within the company fetches it for them. By “someone” we mean “something”, as there are ways to automate this. This is what we call zero-trust, and it’s a true lifesaver. Alongside this solution, you should think about ways to encrypt remote traffic, and select a mutual authentication tool. But the foundation of secure Remote Access lies in no access at all. Quite the plot twist, we reckon.

Do you want to learn more about this access-less Remote Access? Then download our white paper on Enterprise Mobility for free. 

New call-to-action