From the time the internet was born in 1983 until 1987, the US telecommuting population grew to 1.5 million. In mid-2019, the US telecommuter population reached 4.7 million people. Innovation in transport, business platforms and security have largely kept pace with homeworker deployment, but that rate has grown exponentially in just a few months. A new era of converting masses of office workers to remote workers has begun. As of February 2020, 46% of American businesses have implemented a remote worker program in compliance with their own pandemic policies and/or CDC recommendations.
Business supplied workstations and BYOD
Capital costs, security, exposure to malware and exploits, and business and personal data mixing are just a few of the factors that are pertinent when considering Corporately-Owned, Personally Enabled (COPE) devices or Bring Your Own Device (BYOD) for remote workers. While it is assumed COPE provides higher levels of control, security and compliance, there are systems and procedures that can make BYOD a secure choice for your homeworker deployment.
- Implement a mobile device management (MDM) solution. MDM provides a system to register devices, assure levels of security, and set policy and control for BYOD devices and workstations. MDM can also provide policy enforcement for the mixing of personal and business data.
- Enable access protection for your network with endpoint security. Endpoint scanning assures that each device has the latest patching, up-to-date anti-virus and malware software and employs a firewall that meets policy requirements.
- Mandate two-factor authentication that pairs a strong password with a text message, email confirmation, or a hardware/software key element.
- Ensure you have shared a revised and signed communications policy with each remote worker that includes strong password requirements, role-based access definitions, as well as device protection and lost device rules.
- Provide business-wide policy for collaboration and conferencing solutions.
Which VPN and how much traffic?
Most established businesses will have already implemented hardware-based or software VPN for their remote LAN access. With the rapid increase in the numbers of newly deployed homeworkers, additional consideration should be given to VPN performance, capacity and cost factors.
- Ensure the access link (connects the VPN concentrator to the network) has the hardware and bandwidth capacity to accommodate the new peak remote access requirements.
- Check hardware VPN licensing requirements required to support additional users.
- The performance of virtual and remote desktop environments are latency and transport capacity dependent while considering their operation across the WAN and VPN. In a predominately homeworker environment, replacing virtual desktop or remote desktop with a SaaS workspace environment can provide both performance and economic benefits.
- Consider traffic management and non-essential traffic offload via SD-WAN products.
- Assess your immediate pandemic VPN requirements in conjunction with your near-future planning for application and storage resources. Seventy percent of companies indicate nearly all their applications will be SaaS by 2021. For many companies, this will quickly change remote LAN access and storage requirements. Current VPN systems should be reevaluated based upon emerging traffic patterns, data storage locations, business continuity plans, and disaster recovery requirements.
- For new VPN implementations or expanding VPN capacity, consider Cloud Based VPN or VPN service providers.
Mo’ Home Workers, Mo’ (Security) Problems
There is a practical list of security requirements relevant to the increased number of homeworkers. A few examples: a firewall, malware, and threat mitigation policy consistent for all users, assure latest updates and patching, practice endpoint monitoring. It is important also to recognize that a huge increase in network entry points has been created by new remote workers; waves of malware, exploits, and even social engineering await those newly minted network entry points. Here are a couple of other considerations for improving remote access security.
- Assure that the business has Role Based controls applied for system and data access.
- Consider implementation of Zero Trust. Zero trust is an initiative to move from “trust but verify” to a “never trust, always verify” approach. In practice, this model considers all resources to be external and continuously verifies trust before granting only the required access.
- Recognize that trusted security, like that which physically resides on the corporate network today, is also available “in the cloud” for cloud and SaaS based applications. SaaS and Cloud based capabilities offer adaptive, dynamic environments that reduce operating costs and meet the required levels of security and compliance.
Consider an experienced Cloud Partner
Experiencing this level of remote worker growth is a daunting challenge. Combining that challenge with new security concerns, workforce readiness assessment, Cloud vs Prem considerations, and revised business continuity and disaster recovery plans makes partnering to achieve your goals a viable option. If you’re looking for the expertise and services to help you assess, prepare and adapt to increases in remote workforce deployment, accessibility, continuity or security solutions, Otava can help. Consider our secure, compliant cloud solutions managed by a team of experts trained in the latest security best practices. Call 877-740-5028 or contact us to learn more.
What is Zero Trust Security?
Disaster Recovery and Business Continuity in the Remote Workforce Environment
Network Security in the Time of Novel Coronavirus