Measures taken against coronavirus pandemic have showered us with several actions reflecting trends which were already present, but were not so relevant before.
One such trend is using Home Office, which brings several changes in corporate IT procedures.
First of all, we need to give secure VPN connection to (almost) every team members, to access corporate resources. It is the first point that we may experience limits to extend our VPN network – it may be a limit of available licences, the limit of our current Internet bandwith, or the capacity of our firewalls.
Solutions offered by Watchguard and Fortinet firewall products can partially solve this problem, and, although we might not be in a position to get larger bandwith from our Internet service provider, the user experience can be improved by configuring „Quality of Service” (QoS) settings
These suppliers offer firewall products which enable domain syncronised, group membership-based and differentiated access control of corporate resources, thus reducing risks of a potential attack.
Unfortunately, the situation also requires to access systems from remote which were normally managed locally beforehand. To increase security level of these access points, multi-factor authentication can be a solution, which can be used via the Microsoft Authenticator mobile app, in case you use Fortinet, while if you use Watchguard, its own AuthPoint application can be the right option. Using Watchguard, the secure access can be fortified by implementing Access Portal, which can be run on firewall, enabling both operational and user web access, also with an external multifactor authentication tool.
As a side effect of Home Office, Internet traffic of users is no longer controlled by the corporate firewall. Only a few organisations can afford that the default Internet gateway for VPN users is the corporate firewall, and all internet traffic generated by users is routed through the corporate internet connection, therefore, „gateway antivirus”, “, IPS – Intrusion Prevention System, DNS and webURL filtering may become unavailable for Home Office users. This problem highlights the importance of centrally manageable endpoint protection, and utilisation of its abilities. The Panda Adaptive Defense 360 package can provide targeted protection against zero day threats and targeted threats, while Web filtering can protect users at home against risks threating by malicious URLs. The same solution can be extended with disk encryption and „Data control module to identify and control files with personal data, also with reporting, patch management and remote management modules.
If that has not been implemented before, introducing a corporate e-mail system which supports teamwork and accessible from anywhere, also from mobile devices can be a top priority. It could be a Microsoft Exchange-based, on-premise system or its cloud-based version Exchange Online, however, it may also worth consindering the Axigen Business Message solution as it may be a bit friendlier to shrinking corporate budgets.
Microsoft Sharepoint Portal can be a good solution, either in on-premise or MS Cloud version for the managed access and share of documents, version tracking and teamworking. The advantages of cloud access can be configured in a way that data do not leave devices controlled by the enterprise, while high level, GDPR-compliant logging and regulatory compliance can also be ensured if we use Enterprise File Fabric, a product of Storage Made Easy. This solution can provide the controlled and audited access of any other file access services of the company, such as existing fileshare, Azure or Amazon cloud service sor integration with Dropbox, using an easy-to-maintain virtual applicance solution. We should not be afraid to use this even in an SME environment, as, if we use CentreStack, from as low as 20 user/month we can provide secure, synchronised file access integrated to Windows AD, from our own infrastructure, using Windows servers. Both CentreStack and Storage Made Easy have the benefit of synchronisation of work folders of users, which means that at least part of remote working is possible even if internet connection is temporarily unavailable.
Personal trust and loyalty is key when you work from Home Office, but there is some sensitive information which needs to be particularly protected, using Data Loss Prevention functionalities, combined with the two solutions outlined in the previous paragraph of this article.
It might be the case, unfortunately, that our company cannot provide a corporate laptop for each remote team member, which means many of them are forced to use their own device while working from home. The security of the employee’s network environment and devices is also important, and Panda Security now provides a free endpoint protection for corporate clients to provide additional support and prevention for home office workers.
Publishing web applications in Watchguard Access Portal, we can provide a full-scale virtual working environment in Microsoft Windows Server RDS (Remote Desktop Service) or VDI (Virtual Desktop Infrastructure) environment. As the above solution requires not only server resources but also licences, it is likely that a hybrid environment will be set up, because of longer than usual delivery times. Licencing is made a bit easier that a 120 day grace period is provided for Microsoft RDS users until licence is activated. It is also a crucial and substantial issue that all meetings and training sessions are virtualised, rather than held in a meeting room. Based on our own experience, we recommend the solution of Microsoft Teams, which, integrated with Exchange calendar, which is suitable for having good quality meetings, with screen sharing, chat and messageboard functions.
Author: Zoltan Mathe