The Basics of Securing Remote Work Locations

By CIOReview | Thursday, August 4, 2016

The four walls around one central premise for housing personals, machines and utilities is fast blurring. Blame it on the business, commercial, or strategic requirements, but the dynamics of the traditional workspace and its inhabitants are changing. Business expansions demanding branch offices, evolving technology producing telecommuters and nomadic workers are increasingly becoming common. Remote work locations are a usual and essential phenomenon for today’s enterprises, be it a branch office or the bedroom of an employee. Irrespective of how new the face of the modern workforce becomes, one thing will never change—the need for exchanging data between the equipments at remote locations and the central IT infrastructure. But, unlike the IT network within the headquarter perimeter which enjoys a high level of insulation against threats and leakages, the channel linking the remote locations are vulnerable. On this front, any organization is likely to encounter these basic security risks: a secure connection to the organization’s network via public internet, personal devices that may be used by the remote worker, and the potential of unauthorized access into the company’s assets that may be data or equipments. But, one might wonder—aren’t these concerns prevalent within the headquarters’ perimeter as well? Indeed the concerns remain the same, but remote location by definition poses some challenges that amplify the security risks.

The first challenge arises due to a limited number of workers at remote locations, which may or may not be distributed. In that case dedicating an IT expertise at remote site is not feasible, or simply unaffordable for some to put their IT teams on road to secure different locations. A centrally managed IT security solution may be useful in providing an efficient security umbrella for all locations, but is a costly affair.

The next obstacle surfaces once a remote location’s network security has been taken care of. After this point some sort of technical issues in the future are inevitable, and that can slow down or even halt productivity. Trying to resolve issues over the phone is a frustrating option in this situation. Organizations would have to either ship IT support from central location, or ship faulty devices back and forth till the matter resolves.

The least a company should do

The smallest step can be installing VPN and firewall at the remote locations. A VPN will encrypt the traffic between the remote location and central network creating a secure tunnel through public internet. Whereas, a firewall will monitor the traffic and let through only those which satisfy predefined set of rules. But, remember this first line of defense is strongest only when the VPN and firewall running at the remote and central locations are same. A cost-effective way to achieve this first line of defense is to go for routers that have both these applications in-built. Depending on the vendor, some routers may also offer additional capabilities such as advanced encryption and authentication features.

The next step can be installing security software in the devices used by the remote workers. Good antivirus and anti-spyware are bare essentials of this step. And, just like the first step ensure that software installed in the devices at remote and central location are same for maximum possible efficiency. Provided the rising trend of using personal devices such as smartphones and tablet PCs for office work, make sure those devices are under the radar as well.

At the end this goes without saying that one of the best approaches, which is also the basic, is to ensure that devices are protected with undecipherable passwords.

A cost effective, efficient and centralized defense

An innovative approach is to integrate the security defenses at remote locations within the corporate structure by setting up a virtual Ethernet cable between them. This requires a remote Ethernet device (RED) that sits at remote locations, but is centrally provisioned by a powerful security gateway which can be located at the central location or the cloud. RED is usually delivered unconfigured to the remote locations where it activated and connected to the IT grid. Once online RED automatically retrieves setup information to configure itself and then establishes an encrypted channel with the central location, without the physical presence of IT staff. After completion of installation RED forwards encrypted traffic from the remote location to the central provisioning, where the traffic is scanned and filtered before being sent to internet.

Once the IT channel between remote and central locations are secured, organizations should reassess their IT policies for an overall consolidated network. Most importantly, the policies like security measures mentioned earlier should be same between remote and central locations, as much as possible.