Remote Access Offers Complexity, Security Issues for IT

 
 
By Nicholas Kolakowski  |  Posted 2011-03-01
 
 
 

Remote Access Offers Complexity, Security Issues for IT


Once upon a time, remote access wasn't a pressing concern for most IT administrators. A combination of on-premises servers, desktops and phones met the needs of workers commuting to a central office from home.

But as with nearly everything in the world of enterprise IT, technology evolved to the point at which this centralized model no longer applied to most businesses. More workers began telecommuting, sometimes from a continent away, while road warriors made a culture of rarely visiting the home office. With a VPN and a corporate-issued laptop, these employees could interface with their company's network. For IT administrators, remote access became a larger and more complicated task.

Even that model, however, looks simplistic and antiquated to the one looming over the enterprise landscape. With more employees clamoring for tablets and smartphones-and wanting their IT departments to integrate their personal devices into the corporate network-the task of offering secure, simple, remote access threatens to become a monumental challenge for IT pros at every level.

Nonetheless, for both SMBs (small- to midsize businesses) and the enterprise, the advantages of ubiquitous remote access are multiple. Those solutions, in conjunction with the cloud, can make remote workers more flexible while lowering an organization's costs. "The ability to pay as you go is a big plus," said Mike Pugh, vice president of marketing for J2 Global Communications, which offers businesses a variety of communications services, such as e-mail and unified messaging. "If it works, businesses can keep it and ramp it up, or else round it down."

"On the enterprise side, you get the ability to work it within the enterprise environment," he added. "For smaller companies, the ability to adopt what you please is somewhat easier."  

That appeal could be driving what industry experts see as a noted uptick in the number of businesses gravitating toward remote-access solutions.

"Over the past six months to a year, it has become really wild," said Martin Hack, executive vice president of NCP Engineering, whose products include a centrally managed VPN solution and personal firewall. "The demands of users have increased dramatically, in terms of people wanting to connect anytime, anywhere."

But the explosive growth of iPad and Android-based devices also caught some IT pros by surprise. "They had a VPN gateway somewhere, and now these users are coming out of the woodwork and saying they want to connect," Hack said. "It became very evident that people were not prepared for it at all, and now they're dealing with the aftermath: endpoint security is basically non-existent."

In addition to security issues, the latest remote-access model threatens to swamp IT administrators, and possibly workers, in a rising tide of complexity. On the backend, much of this complexity is due to the need to introduce four or five different applications or platforms in order to enact a single solution: a server from one vendor, say, running software from another, meant to deliver applications or services to a variety of devices built by yet other manufacturers. Adopting a cloud service can alleviate some of this unnecessary intricacy, but many companies remain bound to on-premises or hybridized legacy systems.   

Fortunately, tech companies have been working on ways to alleviate those issues, even beyond making sure their VPN is secure and warning employees about clicking on possible malware links.

"IT administrators care about data at the end machine," Tom Quillin, Intel's director of security technology and initiatives, told eWEEK. "That means data encryption. In 2011, really, every machine ought to be taking advantage of data encryption. Our policy is that every primary end-user machine must have data encryption."

In previous years, data encryption was liable to drag down a machine's performance in significant ways. Helping alleviate that issue are newer and faster processors, including Intel's, the latest versions of which have the mathematics of the encryption operations built into the processor instructions.

Another security issue revolves around introducing a streamlined and reliable method of end-user authentication into a network. To that end, companies such as Intel have focused in recent quarters on developing anti-theft technology that can remotely wipe a smartphone or render a laptop totally unusable.

On top of that, new hardware is introducing an additional security factor into the password process. Intel Identity Protection Technology embeds a token that creates a six-digit number, valid for 30 seconds, that acts as a second password. Hewlett-Packard's new EliteBook p-series includes a fingerprint reader and proprietary face-recognition software that scans the user's features via the Webcam. Other dual-factor password systems require the user carry a token or key-fob that generates a new secondary code every few seconds or minutes.

Virtualization and Isolation



Virtualization and isolation are other strategies that can make remote access a safer proposition for companies. "Isolated virtual machines allow IT to compartmentalize different spheres of operation. Now I can create spheres where workers manage their corporate e-mail accounts and connections to the CRM to do their real work," Quillin said. "The idea and advantage of that architecture is that you've now created isolation between work and personal tasks, and isolation enhances security."     

Still another security issue involves keeping up-to-date on which remote workers can access their corporate network from offsite. "I hear almost every day about people forgetting to deactivate employees after they leave the company," NCP's Hack told eWEEK. "The biggest security breaches over the past five years were attributable to people still having VPN access."

Businesses with large numbers of remote employees can find themselves forced to periodically cull those access lists by hand, painstakingly deleting ex-employees one at a time. Introducing a management system that keeps tabs on employees and their access, though, can limit the time and hours spent on that sort of security maintenance. 

That fits with the second issue confronting IT administrators in this new paradigm: complexity, and the ways it can be winnowed from ever-expanding remote-access networks.

"Corporate IT is saying, 'Oh man, I'm already stretched to the max, and you're bringing in these other smartphone and PBX and password issues and administrative issues,' and it's an unwelcome burden on them," said Kevin Gavin, chief marketing officer for ShoreTel, a purveyor of unified communications. "They see it as a potential nightmare that adds to their increasingly complex infrastructure."

"The vendor that wins is the one that makes it simple," he added. "Consider the complexity factor: when systems are complicated, they're more costly to manage. But there's a more enlightened group of IT users out there who are asking: -Why does it have to be so complicated?'" 

A simplified system also has the benefit of appealing more to both IT administrators and end users, which can help increase the rapidity of a remote-access solution's adoption into both SMBs and the enterprise. That requires a drive from within IT to streamline the component chain involved in remote access, or giving serious consideration to porting associated applications to the cloud.  

"I think it's a combination of awareness and, at the same time, making the life of the end user as seamless and easy as possible: not seven to 10 clicks to get to the VPN connection, but one click," Hack said. "We've seen the best results come with making it easy, where the user has a good feeling."  

But more and more, employees want to bring their personal tech into the enterprise-or else have their IT department procure the latest and greatest consumer devices for business use. The proliferation of tablets and smartphones throughout the enterprise virtually ensures a certain amount of complexity built into the system, no matter how strong the effort is to minimize it. In the end, IT administrators could find themselves forced to select from a smaller number of platforms to support-particularly when it comes to developing proprietary applications that allow employees to perform company-specific functions from a remote location.  

"We're a small example of what companies have to do now, in terms of selecting a winner," said Chris Fleck, vice president of solutions development for Citrix Systems. "For companies trying to figure out whether they're going to build internal applications for their employees, should they bet on iOS and Android and PlayBook? It's a challenge. Do you quadruple your development effort? That's a real challenge."

That challenge has led to some companies adopting a wait-and-see attitude toward iOS and Android. Vendors such as Citrix also offer solutions that give remote workers ubiquitous access to applications from a broad range of devices.

In the end, the solution for many of the complexity issues associated with remote access might sit in the cloud, with services that spare IT administrators the costs and time associated with managing on-premises support for workers' devices in the field. Whatever the ultimate solution, though, it's clear that remote access is not only here to stay as a business model, but also burgeoning in popularity-and, in the process, becoming a major issue for IT shops everywhere.


Rocket Fuel