Remote Working Presents Security Issues For IT

Remote access is becoming more popular, more complex and more risk-prone, forcing IT departments to get clued-up

Remote access never used to be a pressing concern for most IT administrators. A combination of in-house servers, desktops and phones met the needs of workers commuting to a central office from home.

As with nearly everything in the world of enterprise IT, technology evolved to the point where this centralised model no longer applied to most businesses. More workers began telecommuting, sometimes from a continent away, while road warriors made a culture of rarely visiting the home office. With a VPN and a corporate-issued laptop, these employees could interface with their company’s network. For IT administrators, remote access became a larger and more complicated task.

Simple Task Becomes Monumental Challenge

Even that model, however, looks simple and antiquated to the one burgeoning across the enterprise landscape. With more employees clamouring for tablets and smartphones, and wanting their IT department to integrate their personal devices into the corporate network, the task of offering secure, simple remote access threatens to become a monumental challenge for IT pros at every level.

Nonetheless, for both SMBs (small- to midsize businesses) and the enterprise, the advantages of ubiquitous remote access are multiple. Those solutions, in conjunction with the cloud, can make remote workers more flexible while lowering an organisation’s costs. “The ability to pay as you go is a big plus,” said Mike Pugh, vice president of marketing for J2 Global Communications, which offers businesses a variety of communications services such as email and unified messaging. “If it works, businesses can keep it and ramp it up, or else round it down.

“On the enterprise side, you get the ability to work it within the enterprise environment,” he added. “For smaller companies, the ability to adopt what you please is somewhat easier.”

That appeal could be driving what industry experts see as a noted uptick in the number of businesses gravitating toward remote access solutions.

“Over the past six months to a year, it has become really wild,” said Martin Hack, executive vice president of NCP Engineering, whose products include a centrally managed VPN solution and personal firewall. “The demands of users have increased dramatically in terms of people wanting to connect anytime, anywhere.”

But the explosive growth in iPad and Android-based device usage also caught some IT pros by surprise. “They had a VPN gateway somewhere and now these users are coming out of the woodwork and saying they want to connect,” Hack said. “It became very evident that people were not prepared for it at all, and now they’re dealing with the aftermath: endpoint security is basically non-existent.”

In addition to security issues, the latest remote-access model threatens to swamp IT administrators, and possibly workers, in a rising tide of complexity. On the backend, much of this complexity is due to the need to introduce four or five different applications or platforms in order to enact a single solution: a server from one vendor, say, running software from another, meant to deliver applications or services to a variety of devices built by still other manufacturers. Adopting a cloud service can alleviate some of this unnecessary intricacy, but many companies remain bound to on-premises or hybridised legacy systems.

Security and data encryption

Fortunately, tech companies have been working on ways to alleviate those issues, even beyond making sure their VPN is secure and warning employees about clicking on possible malware links.

“IT administrators care about data at the end machine,” Tom Quillin, Intel’s director of security technology and initiatives, told eWEEK. “That means data encryption. In 2011, really, every machine ought to be taking advantage of data encryption. Our policy is that every primary end-user machine must have data encryption.”

In previous years, data encryption was liable to drag down a machine’s performance in significant ways. Helping alleviate that issue are newer and faster processors, including Intel’s, whose latest versions have the mathematics of the encryption operations built into the processor instructions.

Another security issue revolves around introducing a streamlined and reliable method of end-user authentication into a network. To that end, companies such as Intel have focused in recent quarters on developing anti-theft technology that can remotely wipe a smartphone or render a laptop totally unusable.

Continued on page 2