Worker mobility and technological complexity in today's enterprise are driving the increased demand for IT support departments. Even though IT has used remote control tools to troubleshoot PC issues for some time, there is a renewed interest in the technology to provide anytime, anywhere support to both disparate users and backend systems-regardless of firewalls.
However, a significant concern has emerged around whether traditional remote access software (such as pcAnywhere and RDP) can be locked down to ensure optimal levels of security. Consider this: the Verizon Business RISK team issued a report in 2008 detailing its forensic investigation into over 500 actual data breaches between 2003 and 2007. A key area examined was the attack pathways hackers used to gain access to confidential data. The report discovered several areas of concern that IT security administrators typically expect to see (such as Website vulnerabilities and unsecured wireless hot spots).
But it also uncovered an overlooked attack pathway: remote control and remote access tools. According to the report, in "over 40 percent of the breaches investigated during this study, an attacker gained unauthorized access to the victim via one of the many types of remote access and control." This method was implicated in a higher percentage of data breaches than any other vulnerability analyzed.
And in 2009, the Verizon Business RISK team told a similar story with its updated report that examined 90 data breaches that occurred in 2008. The report found that in "approximately four of 10 hacking-related breaches, an attacker gained unauthorized access to the victim via one of the many types of remote access and management software."
Despite the IT security concerns surrounding remote access tools, today's technology users are quickly becoming less tolerant of the "you can't see my screen" tech support conundrum. As a result, it's not an option for IT departments to avoid using remote control technologies, as they seek to keep customers and employees as satisfied and productive as possible by providing 24/7 remote support. It's important to maintain security and corporate governance policies while relying on remote access technology to support off-site computing devices. To do this, here are five key considerations: