Remote Access: Should I allow it?
It seems that recently, one question I’ve been asked fairly frequently is regarding the use of remote access tools to provide remote technical support. With the popularity of GoToMeeting, LogMeIn, GoToMyPC, and other similar tools we have the ability to conduct staff meetings, make sales presentations, and provide technical support, all from the comfort of our (insert most relaxing place you can think of here). Single requirement: an Internet connection. While this is a great convenience, making decisions on and then regulating the use of remote access tools is becoming an increasing challenge for business owners, compliance managers, and IT decision makers. Whether you’ve got a home office or a large corporation, this a question that you have either already considered or should have already considered.
There are a lot of factors that go into deciding how much remote control to give to employees and vendors. Depending on your line of business, some governing body most likely has already given guidance regarding remote access. For example, HIPPA, Sarbanes-Oxley, Gramm Leach Bliley all have their own requirements regarding data security and accessibility.
However, before I jump into the details, it should be pointed out that the ability to remotely access computers is nothing new (in relative terms, anyway). Microsoft first introduced the ability to remotely control its computers in the Windows NT 4.0 Operating System with Terminal Services Client, released in July of 1996. This was later renamed Remote Desktop Connection, and was expanded to include desktops with the release of Windows XP in October of 2001. The point? Your “IT Guy” has had the ability to remotely access your computer for quite a while.
So, the first question is “should I allow remote access at all”? The benefits of answering “yes” are many, and the following is not an exhaustive list:
- Employee productivity since employees can access their work computers from anywhere
- Reduced support time since vendors can provide technical support easily and quickly
- Reduced travel expenses since training, sales presentations, and support can be provided remotely
And if you answer “no”? Here is a short list of benefits:
- More sleep at night since you know that your data isn’t accessible remotely (though this may be a false sense of security)
- Don’t have to spend any more time considering this topic… “no” is an easy answer!
Another thing to consider if you decide that you aren’t comfortable with allowing remote access into your network is whether or not you are prepared to spend the money to ensure that this decision implemented. In other words, do you have a firewall and/or proxy in place that can block remote access software? It’s advisable to have as good a firewall as you can afford. Your $100 router from BestBuy isn’t going to do the job.
Assuming you’ve gone with “yes” or at the very least “I’ll think about it”, here are some other things to consider:
You should start with determining what your compliance requirements are. For example, are you required to be compliant with HIPPA/HITECH (healthcare industry), Sarbanes-Oxley and/or Gramm Leach Bliley (financial industry). If you are bound by one of these acts (or others), you should then research the remote access softwares that are in use to determine if they are compliant. Most of these companies (like LogMeIn, for example) write whitepapers regarding why their solutions is compliant.
In my opinion, this ultimately boils down to trust. There are two people (or groups of people) that you must absolutely trust. Your financial guy (CPA, bookkeeper, etc.) and your IT Guy. Note: For the ladies out there, please excuse the use of the work “Guy”. I am using the term to mean “person” or “people”, not “male” or “men”. =)
References:
https://secure.logmein.com/LogMeInITReach_Benefits_for_OutsourcedIT.pdf
http://en.wikipedia.org/wiki/Remote_Desktop_Services
http://en.wikipedia.org/wiki/HIPPA
No related posts.