Delivering Secure, Scalable Remote Access Tools for the Long Term
The Coronavirus pandemic is driving a surge in remote working. As organizations have had to adopt work-from-home policies, often without time to craft a comprehensive strategy, the likelihood of sensitive data being compromised has increased. Outside of the office environment, devices employees use for work are less likely to be regularly patched and are more exposed to device theft or unauthorized use. Moreover, new work patterns often increase the use of unauthorized technologies (sometimes referred to as “shadow IT”), making these devices and the networks they connect to easy targets for hackers.
Fortunately, some top remote access tools allow users to be productive from any location, without requiring software or data to reside on the client device – a scenario that greatly reduces your organization’s attack surface. But adoption of secure remote access software tools may prove to be a lengthy and complex process. The list of remote access tools is long, but not every solution can scale as quickly and flexibly as required in an unpredictable and dynamic scenario such as the current pandemic.
As a result, many businesses today are suffering from overloaded networks due to the rapid increase in remote connection requests. At the very least, this network traffic bloat results in sluggish performance; sometimes users simply hang waiting for a response as servers crash in the background. More concerning, though, is the fact that some organizations and users, in the interest of business continuity, neglect remote access security best practices and leave their devices and data dangerously vulnerable to cybercriminals.
Is RDP Safe?
Unfortunately, poorly secured or unprotected RDP endpoints end up providing easy access not only for your users but for hackers as well. Attackers can easily search out internet-connected devices with exposed RDP ports using botnets, and then use “brute-force” methods to crack usernames and passwords. In fact, cracked or stolen RDP credentials are currently a hot commodity on the “dark web”, making raw internet-exposed RDP about as safe as a child’s play fort.
Once an attacker is able to connect remotely to your business via RDP, they have a wide range of tools at their disposal to take advantage of such access, whether for extortion, ransomware, data theft, cryptomining or sabotage. For these reasons and others, security researchers generally recommend that organizations should not allow users to connect their machines directly over the internet using RDP – especially if those machines are running EOL / EOS operating systems such as Windows 7.
Other recommendations include:
- Implementing two-factor user authentication
- Enforcing good password hygiene
- Routinely updating and patching all machines that can be accessed remotely
- Installing a virtual private network (VPN) or other secure gateway to broker all remote sessions
- Minimizing the use of remote connectivity software or plugins on the end user device, as any of these can potentially be compromised or hacked
- Monitoring and logging all remote sessions
Have Your Cake … And Secure It Too
Ericom Connect, our secure desktop and application access solution, supports all of the above security recommendations. It can be configured to use your existing VPN or our own (free) secure gateway to broker and encrypt secure remote sessions. And Ericom Connect supports admin-enforced password requirements, as well as 2FA/MFA. But just because our remote access solution is heavy on security, doesn’t mean that your IT department or your users will be weighed down.
Ericom Connect is built on grid architecture that affords you the flexibility and agility to scale at a moment’s notice. Our technology also minimizes the need for hardware investment in servers or SAN capacity, and requires significantly less management overhead than alternative solutions. All this, as well as unprecedented ease of deployment, makes Ericom Shield one of the best remote access tools by ensuring that organizations like yours can quickly provide access to virtualized applications and desktops throughout the enterprise, even across multiple data centers.
Ericom’s solution also ensures smooth and user-friendly access for home workers, who can be up and running on any device in just seconds, with no client software or plug-ins to install or configure. They simply open a browser tab to their company’s portal, enter their login credentials, and click to open the desired desktop or application. Ericom Connect is also SSO-enabled, which simplifies the log-in process and expedites employee access to business-critical systems and resources. Best of all – besides ‘just’ making your employees happy, these productivity-enhancing features also help encourage good password hygiene and reduce ancillary security risks such as the use of shadow IT.
But We Have A VPN…
Used on its own, a VPN simply gives all authorized users access to everything inside the corporate network. While it was once considered acceptable to assume that any user or process that’s been verified can be trusted anywhere within the perimeter, this is no longer the case. A zero-trust security strategy mandates segmentation of your network, with each user or process being granted granular access to only a specific set of resources, and then only for the duration that they are required. Deploying a secure connection broker such as Ericom Connect in addition to your VPN provides greater control over the privileges and permissions assigned to each user or group of users, so that each user is authorized only for the specific resources they need to do their jobs effectively.
Access Security That’s Local as Well
Ideally, businesses should act to secure all network access, whether remote or from within the office. Zero Trust network access (ZTNA) solutions that apply the “never trust, always verify” principle empower businesses to adopt a “default deny” security stance for all users, to enable the secure access required for today’s perimeter-less networks, no matter where users are.