Develop a Remote Control Strategy
Consideration No. 1: Develop a remote control strategy
A strategy is vital if you are going to mitigate your company's remote access risks in a logical and effective manner. The ideal strategy will identify the demand for remote troubleshooting and maintenance requests, analyze the appropriate amount of money allocated to remote support services based on the level of demand, and comply with the necessary specific security regulations.
The ideal strategy will also list specific criteria to guide IT through the selection process of finding a solution designed with best-of-breed security practices. Without a strategic vision for remote control security, organizations will continue to easily fall prey to the hackers who take advantage of the growing use of remote access tools.
Consideration No. 2: Deploy an on-site solution
Selecting a solution that is deployed on-site gives you more control over security, as the solution resides at your facility under the security measures already in place. Additionally, access to the administration interface for on-site appliances will occur over an encrypted Web connection and can be restricted to the local console port and/or a specified network segment. This design protects against a remote attacker with network access to the appliance gaining unauthorized access to administration functions.
According to a recent security vendor review, this arrangement is associated with best-of-breed security practices, given that the operating system layer vulnerabilities were sufficiently mitigated by compensating controls that limited possible attack vectors. In addition, the appliance model is gaining traction, especially among large organizations and clients in regulated industries.
Another factor to consider at the architectural level is the business model of your solution provider. If you use an application service provider (ASP), you inevitably route your data and your customers' data through a third party. Doing so expands the scope of your compliance liability. Secure use of an ASP will involve strict service-level agreements (SLAs) and regular and rigorous audits of the service provider by a third-party auditing organization. These audits should also be weighed when calculating the unapparent expense of a solution.