May 14 2009

Rolling Out Remote Access

Plan properly to prevent provisioning and troubleshooting woes.

The typical fed who commutes five days a week disperses 8 tons of pollutants into the environment each year, according to research from the Telework Exchange.

With gas prices volatile, telework remains an important part of government cost-cutting strategies. Remote workers don’t necessarily need permanent office space, and environmental gains make the outlay easy to justify. Here are four ways to maximize your telework investment:

Tip 1: Match the Tool to the Job

Not all applications are equal, and you’ll want to consider bandwidth requirements carefully before giving your blessing to a specific remote access method. Even with high-speed connections, running a 2.4-megabyte executable from a mapped network drive to use an Access database will be an exercise in frustration. And Win32 fat clients are beasts to manage remotely.

A knowledge worker who uses his own PC raises the issue of remote desktop support. Internet access is preferable to your IT group taking on the risk and burden of supporting Win32 on other users’ gear. If you’re serious about remote access, now would be a good time to build a requirement for native web clients into your enterprise software solicitations and deals.

If you can’t immediately switch to native web clients, consider solutions that require less desktop support, such as Terminal Server or GoToMyPC. New technologies such as bandwidth optimizers may also be a stopgap measure to deal with legacy fat clients.

Be open to new technologies, such as Google Apps, which neatly and quickly provision users. Be wary of unencrypted web-based Distributed Authoring and Versioning (WebDAV) filestores, but don’t exercise your powers of random denial — if a service offers an encrypted enterprise version, steer users there instead of to the basic service.

Tip 2: Make Arrangements Notebook Users

Notebooks that leave your organization present their own challenges. You’ll need to ensure that virus and patch updates go through even if the user doesn’t connect through your virtual private network.

Another factor to consider: Local network settings (static proxy configurations) might not work once a notebook is plugged into a home network. These issues can be addressed through a variety of mechanisms. Make sure your desktop support team is talking to the infrastructure team; enact policies that spell out ownership and acceptable use; and use endpoint security agents and two-factor authentication.

Tip 3: Buddy Up With HR

You will need to become knowledgeable any labor regulations that apply, so get help from human resources before rolling out remote access. They can save your organization from incurring unanticipated overtime expenses and legal exposure.

Tip 4: Make Policy Part of the Plan

Even the most secure technologies can be foiled by users who leaves their key fobs with their unattended notebooks at conference tables or cybercafés.

Part of your discussion with HR should be about how to bulid training and consequences into remote access policies. Are users required to attend 30 minutes of training before they’re provisioned? Are they required to sign off on a document that clearly spells out expectations and consequences for failing to follow policy?

Each agency may be slightly different, but your users’ security savvy will depend on your security technology program.