How to Strategically Secure IT Remote Support

 
 
By Nathan McNeill  |  Posted 2010-01-13 Print this article Print
 
 
 
 
 
 
 

Without a strategic vision for remote control security, organizations will continue to fall prey to hackers who take advantage of IT support departments' growing use of remote access tools. Here, Knowledge Center contributor Nathan McNeill outlines five ways to maintain security and corporate governance policies while relying on remote access technology to support off-site computing devices.

Worker mobility and technological complexity in today's enterprise are driving the increased demand for IT support departments. Even though IT has used remote control tools to troubleshoot PC issues for some time, there is a renewed interest in the technology to provide anytime, anywhere support to both disparate users and backend systems-regardless of firewalls.

However, a significant concern has emerged around whether traditional remote access software (such as pcAnywhere and RDP) can be locked down to ensure optimal levels of security. Consider this: the Verizon Business RISK team issued a report in 2008 detailing its forensic investigation into over 500 actual data breaches between 2003 and 2007. A key area examined was the attack pathways hackers used to gain access to confidential data. The report discovered several areas of concern that IT security administrators typically expect to see (such as Website vulnerabilities and unsecured wireless hot spots).

But it also uncovered an overlooked attack pathway: remote control and remote access tools. According to the report, in "over 40 percent of the breaches investigated during this study, an attacker gained unauthorized access to the victim via one of the many types of remote access and control." This method was implicated in a higher percentage of data breaches than any other vulnerability analyzed.

And in 2009, the Verizon Business RISK team told a similar story with its updated report that examined 90 data breaches that occurred in 2008. The report found that in "approximately four of 10 hacking-related breaches, an attacker gained unauthorized access to the victim via one of the many types of remote access and management software."

Despite the IT security concerns surrounding remote access tools, today's technology users are quickly becoming less tolerant of the "you can't see my screen" tech support conundrum. As a result, it's not an option for IT departments to avoid using remote control technologies, as they seek to keep customers and employees as satisfied and productive as possible by providing 24/7 remote support. It's important to maintain security and corporate governance policies while relying on remote access technology to support off-site computing devices. To do this, here are five key considerations:



 
 
 
 
Nathan McNeill co-founded Bomgar Corporation in 2003. Nathan leads technology and product strategy. He monitors market trends to align the company's solutions with critical needs, contributing regularly to Bomgar's blog on the issues. Nathan has spoken at industry events including SSPA 2007 and Demo Conference 2006. Nathan is ITIL v3 Foundation Certified. He may be reached at nmcneill@bomgar.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel