With more people than ever working away from a central office, IT departments need to have an effective way to secure the devices these people are using and securely access those machines if things go wrong.
The way in which we work has been transformed in the past five years, and staff could literally be based anywhere and on any sort of device. This has understandably had a dramatic effect on the average IT department, which now has its work cut out to keep control of an increasingly distributed user base.
Add to this the fact that, as the threat landscape continues to grow, security is a prime concern for any organization, and you have an environment that could well be seen as perfect for an IT disaster. The reality is that remote devices are more susceptible to infection than those that remain within the confines of a secured office environment; for a start, laptops are often more frequently connected to public Wi-Fi networks, exposing them to countless threats.
It can, of course, prove highly impractical for a user to return a laptop to the in-house IT team every time something goes wrong, so it’s important that companies have the ability to fix as many issues as possible without being able to gain physical access to the machine in question.
So where do you start, obviously setting strong passwords, frequently changing them and using smart cards, is one way to provide an extra layer of security for your colleagues, but this isn’t going to help with maintenance.
You need to take a layered approach to your security and maintenance, this should be something that includes remote support, but also handles on-going monitoring of remote machines and works effectively when fully or partially disconnected from the network in the office. (If you need to clean an infected remote laptop, you don’t want the user to open a virtual private network (VPN) into the production network so you can fix it.)
Using remote desktop protocol (RDP) to manage the workforce, is one way but again this isn’t wholly secure as it opens a port in your firewall, effectively leaving you open to attack. This is where using a remote control service can really help (see this recent blog I wrote for more insight here).
As I mentioned above, remote machines can present a real danger to the network, so the more visible they are to you, the better. If unauthorized software has been installed, it’s important that you know straight away. Asset tracking can prove invaluable in this situation.
If that wasn’t enough, it’s also quite easy for a remote user to continually ignore important patches and updates either through negligence or a simple lack of understanding. Here, patch management should be used to ensure remote machines are up to date.
The more distributed the workforce is, the more crucial it is to have constant visibility into all devices on the company’s network. A scheduled check for each machine is simply not enough – or realistic – if you want to avoid unpleasant surprises that cut into your free time.
With an increasing number of organizations actually looking to improve the user experience for those employees that chose not to be entirely based in the office, this situation is only going to get more difficult for the IT department. So if you’re not addressing this issue now then you need to be doing so as soon as possible.
For more information and some helpful hints on managing a remote workforce download our free white paper.
Ian Trump is ControlNow security lead at LogicNow