Rethink Remote Access: Paul Sloof’s Advice

The third installment of our how to rethink remote access series looks at why the policy is so hard to adapt. Is it an issue of internal politics? Is network security technology not being flexible enough? IT expert, Paul Sloof, European IT & TDP Manager at MOL-IT Europe, shares his opinions with us. My observation is that even though IT security is moving away from perimeter control, technicians are reluctant to do so. Yet, in order to achieve this increased employee productivity through remote mobile access, we have no choice but to let go. Why are security specialists reluctant to abandon perimeter control? Because perimeter control is relatively easy as it comes with a very clearly marked border. So everyone knows where security measures need to be applied and which devices need to be checked. Letting go of perimeter control complicates security management significantly as now each individual component needs to be secured and monitored. This implies more work for the security specialist and it makes proving compliance harder. In short: it is so hard because of network security being inflexible and the people involved are guarding their responsibilities...

What We're Reading, Week of 11/23

Dark Reading… Many Enterprises Still Struggling With Remote Security, Cisco Study Finds This article by Tim Wilson discusses the results of Cisco’s latest survey results, showing that while many organizations appreciate the increased employee productivity and other benefits offered by laptop computers, smartphones, and virtual private networks, they may not have established clear security strategies or plans for employees to work remotely. Companies said they had enabled an average of 63 percent of employees with laptops, and another 46 percent of employees are using smartphones. Of the companies that have adopted mobility and remote-access technology, 62 percent said doing so had resulted in increased employee productivity, with 57 percent noting an increase in employee satisfaction and 42 percent seeing a reduction in overhead costs. But only 27 percent of the enterprises surveyed had enabled more than half of their workforce to work remotely. This study shows us that companies need to be rethinking remote access. Computerworld… Keep the Virus Away with Remote Access Today This post by Eric Rosenzweig discusses how VPN technology is enabling people to work remotely from home and avoid spreading illness in the office.  User authentication has advanced so that companies can know who is remotely accessing sensitive data.  Many companies are now using “strong authentication” where the user accessing the system is required to produce two types of authenticators such as a password and a code.  With this remote access technology, businesses can now put a work from home policy in place to prevent employees from getting sick. With flu season in full force, employees need a quick and easy way to access the...

What We’re Reading, Week of 11/23

Dark Reading… Many Enterprises Still Struggling With Remote Security, Cisco Study Finds This article by Tim Wilson discusses the results of Cisco’s latest survey results, showing that while many organizations appreciate the increased employee productivity and other benefits offered by laptop computers, smartphones, and virtual private networks, they may not have established clear security strategies or plans for employees to work remotely. Companies said they had enabled an average of 63 percent of employees with laptops, and another 46 percent of employees are using smartphones. Of the companies that have adopted mobility and remote-access technology, 62 percent said doing so had resulted in increased employee productivity, with 57 percent noting an increase in employee satisfaction and 42 percent seeing a reduction in overhead costs. But only 27 percent of the enterprises surveyed had enabled more than half of their workforce to work remotely. This study shows us that companies need to be rethinking remote access. Computerworld… Keep the Virus Away with Remote Access Today This post by Eric Rosenzweig discusses how VPN technology is enabling people to work remotely from home and avoid spreading illness in the office.  User authentication has advanced so that companies can know who is remotely accessing sensitive data.  Many companies are now using “strong authentication” where the user accessing the system is required to produce two types of authenticators such as a password and a code.  With this remote access technology, businesses can now put a work from home policy in place to prevent employees from getting sick. With flu season in full force, employees need a quick and easy way to access the...

Rethink Remote Access Planning: Paul Sillar’s Advice

To carry on with our how to rethink remote access series, we spoke to IT expert Paul Sillars, Managing Director at So Internet (UK). He offered some thoughts on remote access planning. I think the day of traditional thick(ish) client VPN installs is probably dying. Most of the time was spent getting the software to the end user, getting it installed and then managing the access. SSL VPNs (allowing access to creating the “tunnel” via HTTPS) provides a quick way to create a secure VPN, without the need to push software to the end user in the same way. To access the VPN the user needs to load a web page, thus you have more immediate control over their access. You can also customize the login page so resources are accessible with a single click and can be changed very quickly. Depending on the depth you want to take it, you can even control access to the network based on the software or service packs an end user has installed on their PC. There is a lot that you can do in a web browser. We have clients accessing Remote Desktop sessions in a web browser using Java Applet that gets installed automatically. I agree that for some apps a thin client may need to be installed but the advantage is that the security side of things is so much easier as real-time access lists can be updated an enforced. I don’t agree that you will be back to the same point [as IPsec], I think you may be back to something similar, but much easier to manage. Most...

What We're Reading, Week of 11/16

SearchSecurity.com… Secure Your Remote Users in 2010 This article by Eric Ogren lists a few technologies that security teams should be looking to in 2010 to help lessen the heightened risk of business disruption and data loss from a larger workforce of remote and mobile users. One technology he suggests investing in is remote user virtual workspaces to protect browsers and VPN agents from malware on home computers and less secure public networkers. GigaOM… Using Public Wi-Fi? Hop Into a Free VPN Tunnel First In this post, Sebastian Rupley discusses using a VPN application to provide a secure, encrypted tunnel when using public Wi-Fi. Although a free VPN may protect you from other users in the hotspot, there are a number of advantages to using a VPN client. Using NCP’s secure entry client provides users with an integrated dialer, personal firewall and 32/64-bit VPN connection, and the ease of a ‘one-click and forget it’ experience. The Forrester Blog | Infrastructure & Operations Professionals… Why Mobility Will — And Does NOW — Matter To EAs And IT In this post Chris Silva discusses recent Forrester research listing the mobile enterprise as one of the top 15 technology trends that EA’s should look out for. As companies begin to rethink remote access, they should consider how mobility will enhance productivity, user satisfaction and business efficiency. Chris tells us next time we are logging into our VPN from the local coffee house to ‘take note of the experience; is this the way your entire organization should be served in the event of a...