Infrastructure
Commentary
2/25/2005
06:50 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

SmartAdvice: Telecommuting A Boon With Proper Safeguards And Training

Make telecommuting a privilege and focus on training and security for a successful experience, The Advisory Council says. Also, look for range of services and experience from a data-center-relocation services provider.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from leadership advice to enterprise strategies to how to deal with vendors. Submit questions directly to smartadvice@tacadvisory.com


Question A: What technical and security issues should we consider when setting up a telecommuting program?

Our advice: With the increasingly global economy, businesses are dependent on their staff and customers being able to access potentially sensitive business data from anywhere in the world. As a corollary, once they've enabled remote access, many companies have found that telecommuting can improve staff productivity and response time, while reducing fixed costs in office space requirements. Implementing a viable and secure remote-access policy requires the use of appropriate security systems and tools, proper levels of IT support, plus a knowledgeable workforce, or your company could be vulnerable to serious security problems. Fortunately, with careful planning, businesses can implement a secure remote-access policy successfully.

The foremost technical challenge in implementing a remote-access and telecommuting policy is securing access to sensitive company data. Until recently, the most common solution was an IPsec (Internet Protocol Security) or Point-to-Point Tunneling Protocol VPN, where the remote computer becomes a virtual node on the internal network. Although great in theory, in reality the technology requires often clumsy client software loaded on potentially improperly secured computers. In addition, because an IPsec VPN encrypts every network packet, it often degrades network performance on lower-speed home or remote Internet connections. If a large percentage of your workforce already has company-owned laptops, and proper training in basic computer security, this technology can be successfully implemented.

Related Links

Best Practices For Supporting Home Users

Telecommuting: Keeping Data Safe and Secure

SSL VPNs: No Compromise?



However, if you're planning to allow staff access to internal data from public kiosks or home equipment, you should consider deploying a Secure Sockets Layer VPN. SSL VPN, which is based on the widely used Web security technology SSL, offers the advantage that it's designed to deliver secure access to your internal systems at the individual user and application level without requiring special client software. This gives you the granularity to develop access policies based on individual roles and responsibilities. Some of the newer systems offer client-aware software that checks if the connecting computer has the proper security systems or applications installed. If the system fails to detect antivirus or other protection, it can deny or limit access. The tradeoff is higher IT administrative overhead to manage often complex security and access policies. Since SSL VPN is relatively new, many of the systems are still proprietary, and integration with applications is hit-or-miss. For companies that have fairly simple access requirements and the right mix of applications, SSL VPN can offer powerful and highly granular access security at a reasonable cost.

No matter how advanced the technology, remote-access policies are dependent on proper staff training and expectations. Remote users require more IT support because they're away from the informal coworker support network. This can be mitigated by better application training and certification; however, treat remote access as a privilege, not a requirement, and you'll achieve higher levels of productivity and a more-satisfied workforce. If employees understand that maintaining current antivirus software and secure firewall settings is in everybody's best interest, then administrative overhead can be minimized.

Telecommuting and remote access can be a viable option for your business, if you're careful to implement a proper staff-training program, have a solid understanding of staff access by application and user type, and are willing to devote the resources required to maintain proper security policies.

-- Beth Cohen

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.