Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Paul Reissner
Table of content
Unless you’ve been living under a rock for the last nine months, you should be aware that working conditions have changed immensely in 2020. Companies around the world have moved to remote-first or remote-only working conditions to avoid the potential spread of COVID-19. While this is a smart and necessary precaution to take, and even provides certain benefits, it is crucial for companies to make sure that they are implementing remote working tools securely and appropriately. In this article, we examine some of the common toolsets used for this purpose and how they should and should not be used in an average Small and Mid-Sized Business (SMB) environment.
To begin, it’s important that we define what remote access technology means in the context of this article. Remote access technology refers to any IT toolset used to connect to, access, and control devices, resources, and data stored on a local network from a remote geographic location. This is different from using a cloud solution, as it provides access to an on-premises environment rather than being hosted offsite in a shared environment and available via the internet. This makes remote access crucial for businesses of all sizes which have not moved to a cloud-first model, or which require access to on-premises machines or resources. Three of the most common remote access technologies – Remote Desktop Services, Remote Access Software, and Virtual Private Networks – are examined in detail in this article.
Remote Desktop Services (RDS), also known as Terminal Services, is one of the most common methods used by SMBs to enable remote work. By using RDS, individuals can remotely connect to an endpoint device or server which supports Remote Desktop Protocol (RDP) via a Terminal Server.
The connection can be made over a local network or internet connection and gives the user full access to the tools and software installed on the machine they connect to. This method is frequently used by IT departments to remotely access servers, or to provide easy local software access to multiple employees.
One common business application which is frequently used with RDS is Intuit Quickbooks. Many companies install the application on a central Terminal Server instead of individual computers, allowing multiple users to connect to the software on a remote device via RDS and access the toolset.
Though RDS can be used on a local network to facilitate shared access to devices and resources, organizations need to access RDS services over the internet to be an effective remote working tool. However, this is becoming increasingly risky as the cybersecurity landscape evolves and is now one of the most common methods cyber attackers use to identify and breach networks.
Terminal servers typically only require a username and password to access, and are easily identifiable over the internet, meaning that attackers can more easily use lost or stolen credentials to gain access to the system. Additionally, RDS has several unique vulnerabilities which can allow an attacker to bypass the login system altogether.
The workaround to use RDS securely over the web requires using an additional dedicated server – often called a Remote Desktop (RD) Gateway – to broker the connection. RD Gateways use tunneling protocol to send private, secure communications over a public network like the internet, making the process of using RDS over the internet much more reliable.
This type of solution is ideal for larger organizations which have multiple Terminal Servers and can tolerate the relatively high cost of the additional server but can often be cost-prohibitive for SMBs with leaner infrastructure.
Remote Access Software offers an alternative to RDS and leverages a dedicated software to remotely connect users to an endpoint device from anywhere in the world via the internet. This method of remote access is typically the easiest to implement, as it only requires the user to install the software on the computer to be accessed. This type of remote access is especially useful when most of the organization’s endpoint devices are desktops.
Many SMBs opt to use Remote Access Software to receive a secure RDS-like experience to computers that are already in the office. While an attractive solution, this can prove more expensive and intricate to manage with several users compared to alternatives. All workstations must remain powered on for users to connect to them, which can lead to increased power consumption and discourage regular rebooting of systems.
Remote Access Software also adds an additional layer of complexity to patching strategies, as the software can be exploited to provide a hacker with unauthorized access to the network if not properly updated. Some Remote Access Software vendors offer automatic updates, which are highly encouraged for any business planning to leverage this technology.
A Virtual Private Network (VPN) is a technology which creates a smaller, private network on top of a larger public network – most commonly the internet. By logging into the VPN, users can gain internet-based access to applications that would otherwise only work on local networks. The goal of any client-based VPN solution is to provide remote employees with the same level of access as onsite. However, this is functionally different from an RDS session, as it does not allow full access to an entire desktop, but only specific applications, software, and other resources which the user has been given access to.
Organizations of all sizes frequently use VPN technology to securely access remote resources from multiple locations. Unlike RDS, VPN connectivity does not require additional dedicated hardware to function securely over the internet and is designed to be particularly secure. Most VPN connections are encrypted using either Secure Sockets Layer (SSL) or Transport Layer Security (TSL) to ensure that the data cannot be read by malicious third parties.
Most SMBs use their existing firewall to provide VPN connectivity, as many firewalls contain a VPN server and client. While this solution offers a relatively inexpensive method of connecting a remote machine to a central location, it also comes with security challenges.
VPN connections essentially allow endpoint devices to remotely enter the central environment, meaning that devices which are not configured to the same security standards as the rest of the central network can present security risks. Therefore, VPN is an ideal solution for organizations which provide end-users with laptops controlled by the business and configured according to organizational standards.
Organizations of all sizes must take all possible precautions to prevent malicious parties from accessing corporate resources and networks. To do so, practicing basic password security to control authentication for all users on corporate resources is an important first step. Basic password security guidelines include:
In addition to the guidelines described above, additional authentication methods are strongly encouraged. Check out our recent article on multi-factor authentication systems for more information and recommendations.
It is up to each individual organization to determine which users can access which resources remotely and for how long. However, it is unlikely that any organization will find all employees requiring the same level of access, and many common compliance regulations specifically prohibit this.
Many common professional tools and applications such as email, Microsoft Office Suite, and major line of business applications are now cloud-based and accessible via the web, reducing organizations’ dependence on remote network access solutions like those outlined above. Similarly, many modern file sharing/storage platforms like SharePoint, OneDrive, and Egnyte provide users with secure access to personal and shared files over the internet, eliminating the need to remotely access an on-premises file server.
For organizations whose employees do require remote access to the network, it is crucial to ensure that all access permissions are properly evaluated before being assigned and properly documented once given. It’s as simple as logging those permitted to access remotely, using what method, and for how long.
Now more than ever, organizations of all sizes are turning to remote access technology to ensure business operations can continue, even when access to a physical office is limited or impossible. Increasing access to your network to your employees comes with the risk of unauthorized access by cyber-miscreants who may use this as an opportunity to gain access or infect you with ransomware. However, by taking the correct precautions and selecting the right remote access solutions for their specific needs, organizations can minimize their risk while maximizing their ability to work effectively in remote-only or remote-first conditions.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.