The Security Risks of Remote Support Tools
by VPNHaus | 11/26/2013 | Certificates, Industry Commentary, IPsec, Mobile, VPN
A recent study has come to light which shows that although remote support tools are being increasingly implemented within enterprises, IT decision-makers are uncertain about their safety. They should be, and for good reason.
The study, conducted by Bomgar and Ovum, focused on the challenges that enterprises face in providing remote support to employees who are using a wide range of devices, such as smartphones and tablets.
According to the research, nearly 25 percent of workers are currently mobile, and as a result, businesses will increase their support for remote workers over the coming 18 months. Despite this, the majority (more than two-thirds) of IT decision-maker respondents were concerned about the associated security risks.
Remote support is alluring because it typically runs in web browsers, which makes it easy to install and utilize on many kinds of devices. However, because it is browser-based, all of the vulnerabilities of the browser can compromise the safety of communications with a corporate network. If a user does not log out properly, an attacker can gain total access to a network, with little oversight by IT. Plus, all network communication is transacted via third-party gateways, which exposes an enterprise’s servers to potential threats.
Enterprises that are looking for all of the functionality, but none of the safety concerns associated with a remote support tool, should instead consider using an IPsec VPN gateway with a remote desktop component and a possibility to check server certificates at the VPN gateway. By using such a solution, an enterprise could have its staff access and control networked computers and devices through a highly secure and encrypted tunnel. It also would have much more functionality than a remote support tool, because it could be used to secure all communications between employees and the corporate network from any device, anywhere.
“The onus is on IT to not only deliver great support to its increasingly mobile and remote workers, but to ensure that the tools being used to deliver support limit security vulnerabilities created by the mobile worker,” said Adrian Drury, practice leader for consumer impact technology at Ovum. Our thoughts, exactly.