Two Ways For SMBs To Secure Their Home Workers
Giving work-at-home employees unfettered access to your systems is so 1999; now, clean virtual private networks or terminal services can help
In the slowly recovering economy, telecommuting has become an essential way for businesses to retain valuable workers, increase productivity, and support "green" initiatives. But from a security perspective, telecommuting can also be dangerous -- if you don't have the right technologies in place.
For small and midsize businesses (SMBs), telecommuting is taking off. Nearly 60 percent of SMBs plan to increase their use of telecommuting to cut costs in the next 12 months, according to survey conducted by Staples Advantage, the IT service of the well-known office-supply chain. Yet many SMBs don't have the expertise in-house to deal with security -- about 40 percent rely on external IT support to run their operations, the study found.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
"Technology has now made it a lot easier for people to telecommute, and the evolution of this technology is such that we are going to see more and more organizations have people working from home," says Jim Lippie, president of Thrive Networks, which handles Staples' IT service.
Managing the security of telecommuters is a challenge, especially if workers share their computers with other family members. Tackling the problem generally involves one of two solutions, according to security experts. You can leave management of devices in the hands of employees and use network access controls to enforce controls. Or you can give the telecommuter a "virtual desktop" hosted on your company network, enabling you to manage the home worker's devices from the data center.
Pairing network access controls with a virtual private network can give SMBs some control over their remote employees' systems and help ensure the most obvious security measures have been taken, says Dave Ahrens, security architect for Internet telecommunications firm Avaya.
"Some solutions do push down a system check to make sure that the end user's PC is up to date with patches and up to date with antivirus," Ahrens says. "Those are all capabilities that VPN vendors are providing."
In addition, current virtual private networks allow the company to put stronger authentication controls in place, deterring potential attackers. Companies should not, however, treat the data coming from their employees' systems as clean.
"It depends on the budget for a small or medium enterprise, but once you have the VPN, you can put a firewall behind it to filter out any traffic that is coming through ... or an IPS [intrusion prevention system] or an IDS [intrusion detection system]," Ahrens says.
For companies that want to centralize the management of their telecommuters' desktops, a terminal server is an ideal solution, Thrive's Lippie says. The telecommuter logs into the terminal server using strong authentication and is presented with a desktop on which to work. However, the desktop is running on the terminal server, not on the worker's home machine.
The ability to separate a telecommuter's system from the corporate network makes terminal servers very secure, Lippie says.
"When they are in the terminal server, it does not matter how messed up their home computer is," he says.
Thrive recommends terminal servers to its clients as the preferred method of allowing employees to work from home securely and still access corporate resources. While Citrix is the most well-known vendor of terminal servers, Microsoft's Small Business Server also has the option to run terminal services.
"Having a terminal server -- or something of its kind -- is absolutely essential," Lippie says. "The last thing you want from an IT management perspective is to have multiple different people working from their home machines with very little oversight or policy enforcement."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.