Every office has a need for mobile workers, and whether that means talent in other regions, road warriors, expectant mothers or a case of the sniffles, the need is the same. It pays for businesses to invest in the technology that allows their workers to continue their jobs regardless of their physical locale with varying mobile devices and Internet connectivity. Although many of us have already rolled out some version of this, the need has become more widespread and crucial with the risk of the COVID-19 pandemic. The situation has the risk of placing unprepared businesses in a tough spot, risking the livelihood of employees and the bottom line. It is critical we begin to prepare a business continuity plan in the event our communities are faced with school closures or even broader quarantines. In this blog post, we will discuss some of the technical considerations we must make in order to ensure our people are safe and our businesses remain afloat.
Application Access and Performance:
The work in setting up your users’ access to business-critical apps is going to depend on a couple of key factors: use of remote desktops, adoption of cloud-based applications and traditional on-premise applications. The biggest challenge of connecting users to their tools will likely be accessing your on-premise apps since cloud-based applications are designed to be consumed over public Internet. There are a variety of ways to have users access on-premise applications: expose them to the Internet, make them available via a public remote desktop, or have the user access the environment via a client VPN or firewall-based VPN tunnel. Due to security risks, we generally see most businesses prefer a remote desktop environment, VPN solution, or a combination of both. The device being used to access the private environment will be the first consideration; Are they using a company issued or personal device? Most company issued devices should already be configured to access the private environment, with all configuration and needed applications ready to be used. With personal devices this can be tricky, with companies hoping their end users are tech-savvy or risk the potential for the end users to use a whole lot of Help Desk time to try and get their devices setup. Additionally, with VPN clients and VPN connections you will need to ensure the firewall terminating these connections has capacity and appropriate licensing. If you are already using a virtualized or remote desktop environment, the process is generally simpler, allowing for less friction to access applications. However, from personal devices, end users still often need a specific application, know the hostname/address of the environment, and needed credentials or MFA. You also need to consider any increased CPU or RAM needs, and possible additional licensing. Prioritizing this project is critical with today’s risks but is also an investment in the future, allowing your employees more mobility and work freedom.
While most businesses have some measure of remote work capability already existing in their business, many are underprepared for extending their communications tools. Most businesses today are running some form of IP based phone system that allows for mobile workers on cell phones, soft phones or remote IP phones. If you are running a traditional digital system, it is likely a wholesale replacement will be necessary in order to enable remote staff. Having the capability and being prepared to do so are not one and the same. If you are lucky enough to have already made the migration to a cloud-based solution, moving your workforce home is relatively simple. Cloud solutions are designed to operate anywhere you can get reasonable Internet connectivity but will still require you to update E911 info and ensure your employees have the proper gear. Option #1 is to bring an IP phone home, which requires you to have PoE or an AC adaptor for power. Option #2 is to deploy software, such as a softphone on your computer or a mobile app allowing for adoption on a cell phone. If using a computer, keep in mind you will need some type of USB or Bluetooth headset. If you are still using a premise-based phone system, you will need to review your options which include the possibility of at-home IP phones, mobile clients and soft phones. This will require much more legwork regardless of how it is accomplished. The first step is to establish whether your system is setup, or supports, remote IP or softphones. If not, you will need to extend your network using a firewall-based VPN, with the device plugged in behind it. If you choose to use the solutions provided by your phone system you will need to review licensing requirements, as it will likely require a separate server for the termination of the external users. If you choose to deploy a firewall you will need to consider the cost of firewalls, licensing and deployment challenges, but you gain the advantage of resolving connectivity to premise applications too.
Best practice for remote workers is to offer a web collaboration platform that includes video, desktop sharing and instant message. This allows users to stay connected to each other and their clients on a personal level and provides many obvious advantages to remote workers, such as easy collaboration with others, the in-person feel of video chatting, and the office floor camaraderie provided by instant messaging. Many of the cloud-based phone solutions include these types of tools, but there are also many services that are stand-alone from basic products like Google Hangouts to more premier products like WebEx and Zoom. They are simple to purchase and deploy but will require some planning, including the sourcing of appropriate webcams, quality headsets and a professional home work space.
As workers become remote, another key consideration must be the quality of the Internet connectivity. Most home users are on a coaxial connection or better which in most cases will be more than enough to support a work from home user. If your home worker has DSL, satellite or another wireless solution as their primary connection, it is likely they will struggle with the performance of applications, especially real-time apps like voice and video. It is critical to evaluate what is available and ensure the connections at home are stable and relatively high speed.
The first question when addressing security in a work from home environment will be who owns the device being used to connect. If you are allowing users to utilize their own machines you run the risk that the endpoint could be running malicious code that could expose credentials for Remote Desktop, VPN and SaaS apps. If you are using a VPN connection how do you ensure this malicious code doesn’t spread across the network? Using RBAC to allow access to specific tools can help reduce the risk of this spread, but still doesn’t provide protection to everything the user touches. Regardless of who owns the computer, these devices don’t have the luxury of existing behind your corporate firewall, leaving them exposed without proper endpoint security solutions. In general, we believe that a multi-factor authentication process for all applications is critical in protecting your data and broader network, and it becomes even more crucial as users become mobile. Using Enterprise grade DNS based products like Umbrella (formerly OpenDNS) and malware protection are also highly advisable, protecting your users from malicious code and phishing sites. If careful thought is not given to your security stance you put your company and users at great risk.
Preparing your team to work from home is critical and can be complex. If you haven’t already spent the time to prepare for business continuity in the event of quarantine you run the risk of doing so haphazardly, providing a poor and possibly dangerous experience for your employees and customers. If you would like further guidance on this subject, please feel free to reach out to our team to help develop a plan.
Author: Kyle Holmes