Remotely Safeguarding the Enterprise

by Mike Baldwin

Help desk resolution, troubleshooting, system configuration, software installation, end-user training, and disaster recovery are just few of the ways that IT professionals leverage remote control solutions to facilitate and improve the services they provide to their remote customers. However, being able to consistently discover and connect to all of the remote hosts that an IT professional supports can be a difficult and sometimes frustrating challenge.

Today, IT administrators use remote control software as an effective way to quickly solve problems and keep the network available to authorized users. Just as administrators can leverage remote control to help manage and support their multiplatform IT infrastructures, IT professionals can use it to provide customer support without leaving their offices. A good remote control solution serves as a powerful tool, opening new avenues and possibilities. With these opportunities come new risks and more and more organizations demand tools that offer the advanced security they need to protect their information assets and meet industry and government regulatory requirements. To meet these demands, remote control programs must provide a secure environment for resolving helpdesk issues, managing remote computers, and working across multiple platforms.

Forrester Research recently identified several specific security implications associated with remote offices, noting that remote workers may be less likely to follow security procedures because the problems and policies at the corporate headquarters often seem far away.

In fact, issues with security are often the most important factors in determining whether to implement remote control technology in the corporate environment. However, by addressing necessary security requirements in specific areas, such as authentication, authorization and access control, perimeter and data-transfer security, and administration, a remote control solution can provide IT organizations with a secure and cost-effective helpdesk tool.

Remote control software easily enables a user to see the desktop of another system and to control that system by passing mouse movements and keystrokes to it. Remote control includes file transfer, remote access, and often remote management capabilities. These capabilities offer more freedom to both executives and IT administrators alike.

Traditional remote control programs offer a point-to-point solution, creating a direct connection between two computers. This type of solution provides control over the connection, where the data is going, and which ports are open. The traditional model of remote control enables IT administrators to retain the ability to control traffic as needed based on corporate IT policies.

Remote control is also now available as a hosted Web service, giving users access to a host PC from remote devices that have Internet access. These highly convenient, subscription-based or free services are typically easy to use and require minimal installation. However, the hosted service model may pose security concerns, especially for enterprises faced with demonstrating compliance with industry or government regulations for information security.

Ensuring Data Security
IT administrators make sure that the data they protect remains secure on the network, but they also know that securing the data stream in transit is just as important as preventing unauthorized access. Remote control software should support both symmetric and asymmetric (public key) encryption services public key encryption to prevent eavesdroppers from intercepting data during transmission.

Remote control users should pay attention to current industry and government data encryption standards. If they do, they will see that the AES encryption algorithm is something to look for in a remote control product. AES (or Rijndael) is one of only four symmetric key encryption algorithms approved against the National Institute of Standards and Technology's Federal Information Processing Standard (FIPS) 140-2 standard. It provides encryption at the 128-bit, 192-bit, or 256-bit cipher strengths.

AES is, by definition, exponentially stronger than the previous DES and 3DES algorithm standards, and is considered to be faster and less resource-intensive as well. It should be set as the standard across all product components of your remote control solution. The NIST FIPS 140-2 validation allows products to be purchased by federal agencies and other organizations that require stringent security standards to protect sensitive information.

FIPS 140-2 is also required by federal agencies in Canada, is recognized in Europe and Australia, and is being adopted by numerous financial institutions worldwide. It is a tremendous indicator of product encryption security. Secure remote control products will support encryption of both the data stream as well as authentication credentials. For full effectiveness, remote control software should also support Virtual Private Network (VPN) technology to permit secure Internet connections over an extended corporate intranet.

The typical IT environment today is comprised of everything from Windows desktops to Linux servers, handheld computing devices, and more. And IT organizations are responsible for keeping this heterogeneous infrastructure functioning at all times.

That's why a growing number of organizations are turning to remote control solutions that offer true cross-platform support. The use of remote control solutions across platforms demonstrates another reason why security within these solutions is important.

Compliance
Continuing legislation changes the landscape of compliance and regulatory standards. Due to this scenario, security has become a boardroom issue in organizations of all sizes and in all industries. Key business regulations and standards have brought information protection to the forefront, from the Health Insurance Portability and Accountability Act (HIPAA) of 1996, to Sarbanes-Oxley (SOX) of 2002, to California's Security Breach Information Act, and more. These regulations call upon organizations to evaluate and address critical issues with respect to data reliability, integrity, and security even as government institutions face mandatory requirements for security.

To maintain the security of their data and network resources and meet such industry and government requirements, organizations are opting for remote control solutions that support their existing security infrastructure and provide advanced security functionality and features. Support for a variety of strong encryption helps mitigate the risk of information exposure and brings organizations closer to regulatory compliance. Ongoing security concerns cause some organizations to re-evaluate their remote access tools. Indeed, these reflections are driven in part by regulatory compliance issues. Recognizing the possibility that remote access software might inadvertently put the confidentiality of sensitive corporate data at risk, organizations will continue to demand more sophisticated remote control solutions.

Availability
Another expectation an organization should have for their remote control solution is high performance and availability. To be effective, even the most secure cross-platform remote control solutions must also offer high performance in an enterprise environment. To ensure such performance, features such as bandwidth auto-detection can be used, enabling users to detect the actual connection speed or bandwidth of each connection and then adjust settings that impact performance in lower-bandwidth connections. In doing this, administrators are able to ensure that the availability of their now-secured data.

The Final Word
Increasing data breaches show clearly how security can be compromised in an enterprise environment. Whether data is lost when a thief steals a laptop or a shipping company loses a delivery, one thing is clear; these types of security lapses can cost millions of dollars. Safeguarding the security of remote offices provides a means for organizations to increase efficiency while adding an essential layer of protection to the data and the network. Organizations have a powerful tool for keeping their environments up and running when they implement a secure remote control solution.


About the Author
Mike Baldwin is senior product manager at Symantec Corp.


Article © Copyright 2006 Symantec Corp. Used by permission.