Review Third-Party Validations
Consideration No. 3: Review third-party validations
While researching the security of a clientless remote support solution, you will also want to weigh third-party validation. Some providers have submitted their software to security-auditing organizations. Results of these assessments can usually be found on the provider's Website. If you cannot find a third-party security audit of the solution, ask the company to send you one. Due diligence regarding the security of your solution cannot be taken lightly.
Consideration No. 4: Ensure audit-ability
Be sure that every detail of every remote support session is automatically logged and recorded for compliance auditing purposes. Having a record of chat transcripts and file transfer details will simplify the audit procedure tremendously.
In addition, keep an ongoing record of all specific system and IP information, as this will indicate which device was accessed and when. Ideally, the remote control solution can also record videos of each session's activity to give a visual representation of each transaction.
This level of visibility, combined with granular, centralized logs of all session details will create a strong measure of accountability for what happens during each and every session. This is especially important in the event of an allegation, given that the audit trail and session recording will decide the matter conclusively.
Consideration No. 5: Tier access privileges
When the number of technicians scales into the hundreds, keeping track of who has remote control privileges and who doesn't becomes difficult to manage. In addition, the combination of the relatively high turnover rate of support technicians, the security demands of particular customers and the growing list of regulatory requirements around sensitive data complicates the challenge of strategically securing remote support even further.
Giving every support technician the same log-in info and privileges is not the answer. Instead, tiering the access privileges will ensure that only the most qualified and trusted technicians can access the most confidential information, altogether reducing exposure to risk and keeping security under control.
Nathan McNeill co-founded Bomgar Corporation in 2003. Nathan leads technology and product strategy. He monitors market trends to align the company's solutions with critical needs, contributing regularly to Bomgar's blog on the issues. Nathan has spoken at industry events including SSPA 2007 and Demo Conference 2006. Nathan is ITIL v3 Foundation Certified. He may be reached at firstname.lastname@example.org.