Indications are that remote working was able to reduce
the financial impact for those companies that have enabled it, but
very few small and medium businesses have the budget or technical
ability to implement and manage secure virtual private networks
(VPNs) with sophisticated network access control.
Remote working - how risky is it and what can small
businesses do to enable it securely?
Most organisations have
remote workers, whether teleworkers working from a home office,
or mobile workers who work from a variety of locations. However,
some organisations do not know who is working remotely, how much of
the time, or which tools and services they need. This creates not
only business risks, but potential IT security risks, as no defined
and agreed mechanism is in place for ensuring that the right people
gain access to the right corporate resources securely.
Remote workers rely heavily on potentially non-standard service,
support, backup and security systems to ensure that they maintain
connectivity and have effective use of their IT environments. Small
businesses in particular often fail to either provide such
facilities or block the use of non-standard systems, leaving users
to find and deploy consumer-grade products, the security
implications of which are not monitored by the business.
From a technology perspective, user and device authentication
protect both the organisation's virtual private network (VPN) and
its servers, and the user. Secure-sockets-layer (SSL) VPNs, which
allow users to gain access to corporate applications and data from
any device at any time, have become widespread, but should make use
of on-demand security systems delivered by software suppliers and
service providers in the form of downloadable Java applets or
ActiveX to invoke protection at sign-on.
Typical functions include:
- network access control (NAC) health check to allow/deny network
connection based on the user identity
- browser cleanup of potentially sensitive cache data
- mini-anti-virus for major virus signatures
- mini-firewall facilitates dynamic and temporary changes to
network port settings
- malcode scanner performs behavioural analysis for unwanted
program activity
- virtual session simulates a simple virtual machine to isolate
user activity and file systems
Converged security systems, covering core functions such as VPN,
encryption, anti-virus, anti-spyware, patch management and personal
firewall offer a trade-off between cost effectiveness and
best-in-class components. Users of these "complete" packages are
more broadly protected than users with a more patchy set of
best-in-class products.
Gartner analysts discuss the security issues around remote
working at the
Gartner Identity
& Access Management Summit 2009 on 23-24 March in
London.
Scott Morrison is a research vice-president at
Gartner