Remote access is the ability to access a service inside a computer’s network from a remote location. This could be a web application, an email server or a folder containing documents. This location can be someone’s home, a café, a train, an airport, a museum or any other place that people work. As the word access insinuates, the devices of remote workers often become part of the company network, just like the ones of their co-workers at the office. This is what we call a VPN connection, which stands for Virtual Private Network. And since we’re being thorough, the device of choice can be a laptop, a tablet, a phone or any other object that can connect to the internet.
The most challenging part about remote access is the fact that you lack information. As an IT manager, you can’t know who gains access to your systems and who downloads company data. When a co-worker logs in, you:
Nope, far from it! Admittedly, it’s not so much the VPN that’s causing trouble; when they’re configured in the right way, they’re quite well protected by their own security software. However, the problem lies in the connection that VPNs make between an external device and the company network. They form a direct connection between someone’s (privately owned) device and the computer network, bypassing all controls. In terms of IT, there’s really not much difference between an internal user and an external user, except for the fact that you’re (really) not in control of the device of the external user*. He therefore can transport all kinds of troublemakers such as malware into your network, which is tough for you to detect, let alone stop.
*This problem is often overlooked by IT people. They’ll tell you that they are in control, as VPN software controls the endpoint and monitors virus scanners and checks for system updates. The question is: where does the VPN software gets this information? And how can you be sure no one came in between?
With COVID-19 shaking our routines, remote working has become the new standard. It’s amazing to see the flexibility of both employers and employees that manage to keep the show running- even if they can only connect through e-mail, chat and video calls.
The big question is: how to (really) secure remote working? Virus scanners aren’t equipped to optimally protect company assets, and although widely accepted, VPNs come with risks too.
In our new white paper, we introduce you to the zero-trust approach: a mindset that will help you make remote working safe- wherever your co-workers are and no matter which device they use.
Another problem (sorry for sticking with the negative) lies in unsafe Wi-Fi. In order to be secure, companies should use a Wi-Fi type called WPA2-Enterprise (or even WPA3-Enterprise). The thing is that most companies still use WPA2-Personal, which works with the well-known pre-shared Wi-Fi code. It’s a very basic way of connecting a handful of devices to the internet, which is fine for the average household with a couple of phones, computers and tablets that contain little sensitive information. But as pre-shared codes are shared with all users and all devices on the network, anyone (including former employees) could get their hands on it, making WPA2-Personal unsuitable for company usage. But what’s even worse, is that most public spaces such as cafés use WPA2-Pesonal too. So, if your co-worker goes to a coffee bar and logs into your company network using unsafe Wi-Fi, a fast lane is created from the café to your data. After you, hackers!
“We argue for remote access without network access”
- Hans-Peter Ponten, Product Manager Soliton Systems
We’re done talking about challenges and risks. Now, let’s see what you can do to protect your company network without limiting the freedom of movement of your co-workers. You can of course use virus scanners, but as they’re reactive tools, we recommend not to use them as the only security solution. No, in order to gain control over remote access, you need to think bigger and trust less. The best way to do so is by taking on a zero-trust mindset that helps you prevent security issues before they arise.
With a zero-trust model, you make sure users only gain access to the company elements they’ve been given the rights for, which reduces risks to a minimum. Second, ask yourself why remote workers need access to the network anyway. They’ll only jeopardise your company assets and the more security measures you add to prevent issues, the more you’ll interrupt their work. We therefore argue for remote working without network access altogether. Instead, find an IT security solution that functions as a proxy between the worker and the network, so that he disposes of all needed information to do his job, and nothing more.
“Stop securing the connection and start securing company data”- Hans-Peter, Product Manager Soliton Systems
Although the aforementioned proxy and zero-trust model solve many security problems, remote workers remain free to process data in the way they like. They can edit files, forward them to others and make screen-prints of sensitive information. Because you never know how safe the endpoint is, we advise you to implement a security layer around your company data to protect it. You can do so by putting all company applications and data in a secure container app, that co-workers can install on their private devices. This container not only encrypts the work applications and data, but also separates them from the private applications and data. As all data in the container and the connection between the container and the network is encrypted with strong mutual authentication, remote workers can connect to any Wi-Fi, only this time, risks are limited to a minimum.
A great benefit of this approach is that it no longer requires mobile device management. Instead, it allows employees to use any type of device and any type of internet connection without worrying about the security risks.
Does the container app sound appealing? On the page below, you’ll find more information on MailZen: the Soliton Systems container solution for secure mobile access to corporate resources. Here, you can also download the data sheet.
Wrapping up all company applications in a container app sounds like a great way to secure remote access. And it is! But what about applications such as Word and Excel? Employees access Office 365 documents on their mobile devices and store data outside of the company network too. In this scenario, you still lose control over company data. This is why Soliton developed MailZen for Office 365. With this container app, employees can still use applications such as Word and Excel, but without endangering company assets.
But that’s not all. MailZen for Office 365 offers a range of extra functions, such as safe camera usage and photo storage. Want to know more? In the article below, you’ll read about five scenarios that you no longer have to worry about when using MailZen for Office 365.
Want to know about MailZen for Office 365? Click the link and download the data sheet!
Before we end this story on remote access control, we need to talk about the future. One day soon, all physical networks will disappear and be replaced with one, big network called the internet. When this time comes, we’ll all be remote workers that gain access to a distant Cloud, as everything we need will be stored there. This makes it even more important to find effective ways to secure access by remote workers, as they paint a picture of what IT access will look like. Therefore, look into safe and future-proof ways to facilitate remote working while simultaneously exploring ways to make the big move to the Cloud.
Sounds like a lot of complex work? Our experts gladly block time in their schedules to talk to you about remote access control. So don’t be a stranger and contact us below: we’ll be in touch!
Selecting the right remote access solution for your business can be a bit overwhelming at times.
Where to start and what to look out for? Let us help you taking your business continuity to the next level. Read all about our remote access solutions and the 4 principles their design is based on.