Don't Forget to Share this Post

Safe Remote Access: A Comparison of Four Methods and Risks Associated

By Amisha Shah | Tuesday, May 5th, 2020
Investment professionals around the world continue to perform their roles from home with little indication as to when they might be allowed back into the office. The importance of security measures to have in place when operating remotely cannot be stressed enough. Following a prolonged period of remote working, it is understandable to become somewhat relaxed about this, but organisations are urged to remind their employees not to get complacent. 

In today’s blog, we will explore the different ways in which remote access can be gained and compare risks associated with each. With the common perpetrator determining level of risk being the device used to gain remote access.

Accessing VPN Via an Unmanaged Personal Device

This is perhaps the easiest way for employees to gain access to your organisation’s virtual private network (VPN) - utilising a personal device. Whilst it might be the most straightforward method to log on from home, it is in fact ranked the least secure with risks that can be highly damaging. By using their own, unmanaged devices, employees are essentially accessing your organisation’s assets through an unmanaged- operating system, -set of applications and -endpoint protection, all of which you have little to no control over to influence security controls.

  • Firms will have a lack of control over passwords, screen lock, account lockout etc.
  • Could face malware from unfiltered home internet 
  • Attackers could gain entry from the home network and pivot to a corporate network
  • Theft or misplacement of device can leave confidential business data exposed
  • Shoulder surfing and screenshotting of sensitive information displayed on screens cannot be avoided 

Accessing VPN Via a Managed Personal Device (BYOD)

Today, bring your own device (BYOD) policies are becoming widespread. Using a managed (by your firm) personal device is more secure than employees using a device that you have no knowledge of or control over. With this method of gaining access to the firm’s VPN, you can enhance security of access through monitoring the operating system, some applications and endpoint protection. Firms can also ensure encrypted device storage and facilitate on-demand VPN with split tunnelling. And, you can also track some (not all) of the traffic behind corporate firewall and intrusion detection systems (IDS). Whilst the number of risks associated with access from a managed personal device are less in comparison to an unmanaged device, some risks do remain and require careful consideration.

  • Malware from unfiltered home internet remain unblocked
  • Attackers and cybercriminals can still pivot from home to corporate network
  • Theft or misplacement of the managed device can still leave your firm in a comprising situation
  • Shoulder surfing and screenshotting of sensitive information cannot be avoided 

Accessing VPN Via a Managed Corporate Device

This is where secure remote access can be gained to a good standard. With this method, your organisation provides and has control over the device used by employees to connect to the VPN. In addition to a managed operating system, all applications can be managed and monitored with this option, as well as ensuring endpoint protection. For added security, firms can enable an ‘always on’ VPN with full tunnelling for ease of access for it’s employees, and all traffic behind the corporate firewall and IDS can be tracked. This is a secure and recommended method of remote access with far less risks than the previous routes, however some risks (which are difficult to control) remain and can have damaging effects. 

  • Theft or misplacement of data on the device is still out of the control of firms
  • Shoulder surfing and screenshotting sensitive data also remains a great concern

Remote Desktop/Application Virtualisation on Any Device

With a remote desktop and application virtualisation, organisations run little to no risks of corporate information or assets being compromised. What’s more, a remote desktop and virtualised applications can be accessed from any device –even unmanaged personal employee devices (without the associated risks). This is great when it comes to maintaining the organisation’s security and ease of access for employees.

This method of gaining access to corporate drives and assets works by storing the entire corporate environment in a datacenter, with managed virtual machine (VM) golden images enabled for access to everything needed by employees to continue to perform their role from home, as well as managed endpoint protection. And, as with using a managed corporate device, employees can maintain security whilst at home with fully trackable traffic. However, as listed below, there is one risk which has remained throughout the comparisons and is unfortunately impossible to control.
  • Shoulder surfing and screenshotting of sensitive information displayed on screens cannot be avoided, however it should be controllable with employee training around home security awareness.

That rounds up our comparison of the different ways to gain remote access. We hope you found this article useful!
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!