Remote work bandwidth and network problems
Posted by Emmamegan on 08/11/2020
As noted above, endpoint security is critical to secure deployments. Ideally, the devices allowed to connect to VPNs are fully patched, enterprise-managed systems, with authentication certifications, strong passwords, and endpoint protection software installed. These can be managed remotely such as when they are on the LAN, and many VPNs offer facilities to detect whether the machines connecting to them are complying with specific security policies in terms of patch level or installed software.
However, in fast deployments like the ones we're currently seeing, remote worker endpoints may have to use whatever computer they have at home. These may be old machines with little power and no patches. Businesses will have limited visibility into their settings and no guarantees about their security. These computers may already be infected with malware, which can take advantage of the opportunity to connect to a VPN to infect other machines, including critical systems within the company.
Best practice is to assume that any unknown device connection is already broken and institute appropriate monitoring and controls to detect malicious activity.
Some possible alternatives
Depending on the access required for new telecommuters, companies can reduce some of these risks by limiting access only to explicitly necessary systems.
Remote desktops can be a good tool too, if available. Users connect to a virtual computer that is within the confines of the company network. This virtual desktop allows all data and applications to remain within the company network; only the visual representation is sent to the user's screen. So the IT department will be able to monitor, manage and maintain these virtual desktops like any other computer on the corporate network.
Third-party services such as SaaS email, file sharing, chat, and especially cloud services, can be helpful - rapid deployment to a large user population is easier if someone else handles the logs and provides bandwidth and servers. You just have to be very clear on your cloud strategy and understand the risks.