Coronavirus Concerns To Put Remote Access to the Security Test

The fear of a worldwide COVID-19 coronavirus pandemic that might shut down entire cities or even geographical regions around the world will confront IT organizations with a remote management challenge most of them are ill-prepared to meet.

Most organizations have deployed some form of remote management software on the systems of employees who travel frequently. However, should hundreds or thousands of workers suddenly need to work from home, many IT teams will be challenged by the need to provision and secure remote access software on hundreds of systems.

In some cases, employees may already have a mobile computing device provided by their company. In other cases, workers who rely on traditional desktop systems will need to be equipped with a mobile computing device that comes provisioned with remote access software or IT teams will need to find a way to install remote access software on the employees’ own systems. That, of course, can become even more challenging if the software needs to be installed remotely by employees who are prevented from coming into the office or only have access to a desktop system at home.

Once all those network connections are made, it then becomes critical to secure them. After all, cybercriminals are not going to be taking the day off simply because a number of employees are now working remotely because of the coronavirus. Many of them are already taking advantage of the crisis to launch any number of phishing attacks, including ones that make bogus claims about coronavirus cures.

In addition, there isn’t likely to be a suspension of compliance rules within highly regulated industries, so the potential fines that might be incurred should sensitive data be mishandled is an issue that will need to be addressed.

The first order of business for many organizations will be simply to figure out how to pay for all the software and additional IT network infrastructure required. IT teams should make sure the IT vendors they decide to rely on make available “emergency licenses” that will enable IT teams to install and run remote access software on many more machines than they currently do, said Scott Gordon, chief marketing officer at Pulse Secure, a provider of remote access software.

DevOps Unbound Podcast

Many organizations will face the issue of whether they can deploy remote access software at scale before a geographic area gets locked down. “It’s not too late,” said Gordon. “You just have to be aggressive about it.”

Others are less sanguine. Matt Cox, senior director of technical services/ITSM for SolarWinds, a provider of IT management tools, noted having large numbers of employees working from home in response to the coronavirus isn’t much different than any other natural disaster. “In a lot of ways, it’s no different than a snow day,” he said.

The issue is that when you consider all the collaboration applications and tools that are required to maintain operations, most organizations are ill-prepared to enable their entire workforce to work from home overnight, Cox noted, adding many organizations are about to learn a remote access lesson they hopefully will remember for the future.

“Businesses are absolutely unprepared,” said Paul Statham, CEO of Condeco, a provider of meeting room software.

It generally takes months to set up software to access Windows applications that reside on-premises or migrate their data to a cloud computing environment, he noted. In addition, organizations aren’t likely to ignore their existing information security policies as they pertain to customer data simply because there may be a temporary crisis brought on by the coronavirus.

Of course, some organizations may be able to move faster by relying on a managed service provider (MSP), but even then there is a lot of work that must be done.

Despite the challenges, many more IT teams are trying to be much more proactive about preparing for any disruption, said Klaus Gheri, vice president and general manager for network security at Barracuda Networks.

Some of those organizations plan to rotate half their staffs between the office and home as part of an effort to limit disruptions stemming from the coronavirus, he noted, adding in an ideal world, IT organizations would have in place mechanisms such as two-factor authentication in addition to employing deep packet inspection to network traffic.

“As an extra layer of security, it’s super important,” said Gheri.

IT organizations also can avail themselves of a proxy service in the cloud that isolates endpoints from malware while working remotely, said Menlo Security CTO Kowsik Guruswamy. “This is an ideal use case for us,” he said.

IT organizations also might want to limit the level of access they provide to end users who may be trying to access corporate resources from a public Wi-Fi network, Gheri added.

It’s also worth noting, however, that some business processes are easier to remotely enable than others. Call centers, for example, have become a cloud service. In fact, one provider of such a service, Talkdesk, announced this week it can enable a contact center in the cloud in less than 15 days.

Many organizations are already moving call centers to the cloud. However, that pace will accelerate once organizations realize that call centers could easily become part of the problem, said Steve Bell, senior director of product marketing for Talkdesk.

“Call centers are where workers share access to the same keyboards, mice and headphones … a traditional call center is a ripe environment for any virus to spread,” said Bell.

It’s still early days and unclear whether COVID-19 will transform the way IT is managed and secured. However, it’s safe to say that various approaches to building zero trust networks that can globally scale up and down in an instant are required.

Michael Vizard

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 690 posts and counting.See all posts by mike-vizard

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)