SmartAdvice: Measuring Business Value Of IT Investments - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
12:11 PM

SmartAdvice: Measuring Business Value Of IT Investments

It's hard to quantify the return on IT investments, but it's in IT's best interests to help in the documentation effort, The Advisory Council says. Also, control VPN access from home computers to improve security, and look at what you want from your system before deciding whether to delay server upgrades.

Question B: A growing proportion of our workforce is telecommuting, leading to increased use of our VPN from computers in employees' homes. What security measures should we be taking?

Our advice: The natural inclination when implementing a virtual private network is to focus on the security of the encrypted VPN connections themselves--what protocols to use (Internet Protocol security, Point-to-Point Tunneling Protocol, Layer Two Tunneling Protocol, proprietary); whether to use a firewall-based VPN versus VPN services on a general-purpose operating system; how to authenticate users, etc.

While it's necessary to consider all these issues, it's easy to overlook the most serious potential security exposure associated with VPNs--the remote-client systems.

Related Links

Survivor's Guide to Security

There's a subtle danger from the use of a VPN, particularly from home computers owned by employees. In addition to using firewalls to isolate the company network from the Internet, companies often take great care to "lock down" the software configuration on office computers, to prevent the inadvertent installation of "malware" (malicious software) that could compromise their networks. Once a home computer has a VPN connection to the office network, however, any malware present on the home computer has access to the company network. As home WLANS on broadband connections become more common, the risk will increase of malware spreading from another home PC (perhaps with quasi-legal peer-to-peer file sharing) to the employee's PC and then to the office network.

Employees' home PCs with VPN access therefore require the same kinds of defense-in-depth that should be applied to office networks--up-to-date operating system and application patches, software firewalls, antivirus software, least privilege, strong passwords, etc., to enforce this discipline. To reduce this exposure, VPN access should only be permitted from computers that are under the control of the company's IT staff. If VPN access from home computers is permitted, there should be strict policies regarding the software configuration and other uses (e.g., by other family members) of the home computer.

-- Peter Schay

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 3
Comment  | 
Print  | 
More Insights
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll