By submitting this form, you agree to receive RealVNC education content, special offers, exciting news and product updates. You can withdraw your consent at any time. We respect your data, see our Privacy policy.

Outsourcing IT: how to keep in control of your remote access

RealVNC® Ltd | 11 Oct 2018

IT-outsourcing-control-remote-access

IT is the fastest-growing function being outsourced. A recent study discovered that in 2017, companies were devoting 11.9% of their IT budget to outsourcing, a 1.3% increase from the previous year. This trend raises a whole set of issues, mostly concerning security.

Remote access software is a tool that is often used to support external contract staff employed by companies. This is because most third-party providers are employed remotely, and are often based in another country.

Although outsourcing suppliers can have many advantages, especially in terms of cost savings and flexibility, organizations need to establish how to control the access that external contractors are allowed through the software. Businesses outsourcing IT support also need to have a plan in place for when those contractors ultimately leave the firm.

With careful planning, remote access can become a powerful business tool to allow your contract staff to perform their jobs effectively.


How to maintain control over your remote access

Organizations are understandably wary of allowing external contractors remote access to their IT resources, mainly because of the potential security issues. However, if external contractors require access to these resources, there are ways in which you can mitigate potential risks to your business.

For instance, ensuring that you have a well-defined and legally binding usage policy in place for your contract staff to follow. The first step would be to ensure that remote access is used by authorized employees only.

If sensitive information is accessible remotely, you may want to consider setting up a non-disclosure agreement (NDA), even if contractors cannot access it directly. You can also make it mandatory that equipment used by contract staff operate the latest versions of software and anti-virus programs.

Ideally, you’d want to maintain strict control over the devices that are allowed to access your IT resources. The number of contractors working for any company is a known quantity, and a regular audit of staff who have remote access software accounts can keep track of who is entitled to access your system remotely.

Staff who leave or who no longer need access to the software can have their accounts deleted, as would happen with permanent employees after their last day at a company. We will discuss how to deal with this aspect of IT outsourcing later in this post.


Make the most of cloud and direct connectivity 

Most remote access software solutions allow you to establish either a direct connection or a cloud connection to remote devices. Direct connections are perfectly safe over LANs (for example, the internal network of a company) where data passes through internal servers.

If the information is being transferred across the internet between your organization and external contractors, security concerns may arise. In this case, a cloud connection allows you to establish a secure connection protecting your data – you can read more about this in one of our recent blog posts.

Enhance your security

The security of any remote access session used by contractors can be further enhanced by account authentication. This means that every time a user signs into their remote access software account, they are asked to confirm that they are who they say they are, for example by entering a code texted to their mobile phone.

Additional security can also be provided by the use of multi-factor authentication (MFA) when contractors connect remotely. With MFA enabled, a user requires multiple means of identification to establish a remote connection.

In the case of contract staff, you can issue them an authentication token like a smart card to be used in conjunction with a user account and password to control access to your systems, so a member of staff would need all three pieces of information to establish a remote connection.

To maintain the highest level of security, companies using remote access software can grant different levels of access to different staff according to requirements. This way you can create teams of users to arrange staff by work functions assigning the minimum required level of permissions to them. For example, you might want to disable the ability to transfer files or copy and paste text from remote devices for users who do not require that functionality.

As an additional benefit, this makes easier to keep track of which staff have access to specific areas of functionality at any one time.

Plan for when contractors leave the company

The nature of outsourced employment is temporary, which means that the contract of third-party staff will eventually come to an end. Additionally, in some situations, the nature of the role of outsourced employees may also change according to requirements. For this reason, companies will need to have a policy to deal with how to rescind or restrict the remote access of former employees.

As we have seen, if these members of staff are part of an easily identifiable group, changing their access permissions or revoking their remote access account becomes simple.

While deleting contractor accounts might be a straightforward process, organizations also need to ensure that former employees do not attempt to continue to access remotely by randomly pinging the IP addresses of your computers to try to find holes in the security.

This can be a risk if you are establishing your connection directly where the IP addresses of computers are known. If you use a cloud connection instead it won’t be a problem, as the IP addresses used to broker the connection remain anonymous.

There is also the question of making sure that no sensitive data remains on contractors’ equipment at the end of the project. A legally binding usage policy covering the procedure for the end of contracts can protect your assets, for example by requiring that certain data is deleted from contractors’ devices and authentication smart-cards are returned and wiped.



Although you might be initially concerned about the security implications of allowing external contractors remote access to your resources, with the right preparation and a trusted remote access solution you can outsource areas of your business with full confidence.

 4 pillars of remote access

 

RealVNC® Ltd

Written by RealVNC® Ltd

Topics:

All

 

Comments