Originally Appearing in Fortinet Blog. Author: By Peter Newton
March 12, 2020
Business continuity and disaster recovery plans are designed to address an organization's need to quickly suspend normal on-site operations in the event of a power outage, illness, or natural disaster that may make it unsafe for employees to travel on-site. This plan needs to include the ability to quickly establish a secure, remote workforce.
Transitioning administrative staff, technical support teams, HR, marketing departments, and other workers who traditionally work from a physical office – along with access to their data and networked resources – to alternate work sites can be a daunting task. In addition to networking considerations, organizations should be aware that cybercriminals are prepared to exploit the weaknesses and security gaps that often arise during such events. Unprepared users and unsecured systems can quickly become conduits for malware and malicious activity. Since time is of the essence, security must be an integral element of any teleworker strategy.
Here are six things every organization should consider when faced with the need to securely move traditional on-site workers to remote locations.
Steps 1 and 2 – General Teleworker Requirements
To start, every teleworker requires access to email, internet, teleconferencing, limited file sharing, and function-specific capabilities (finance, HR, etc.) from their remote work site. They also require access to Software-as-a-Service (SaaS) applications in the cloud, such as Microsoft Office 365.
VPN and Endpoint Security: Make sure all users have a laptop loaded with all of the essential applications they need to do their job. In addition, that laptop needs to include a pre-configured client to provide VPN connectivity to corporate headquarters.
Multifactor Authentication: Multifactor authentication helps prevent cybercriminals from using stolen passwords to access networked resources. To enable more secure access, every user needs to also be provided with a secure authentication token. These tokens can be a physical device (such as a key fob), or software-based (like a phone app), and are used when making a VPN connection or logging into the network to provide an additional layer of identity validation.
Steps 3 and 4 – Supporting Teleworkers with Advanced Requirements
Some of your teleworkers need advanced access to network resources to do their jobs. Systems administrators, support technicians, emergency personnel, and executive management teams often need to access and process extremely sensitive and confidential information or operate in multiple, parallel IT environments.
Persistent Connectivity: Pre-configured wireless access points enable secure connectivity from a user's remote location to the corporate network through a reliable, secure tunnel. For a more secure connection, a wireless access point can be combined with a desktop-based next-generation firewall to enable persistent connections, advanced admission control, and a full spectrum of advanced security services, including Data Loss Prevention.
Secure Telephony: These users also require a telephony solution that supports voice over IP (VoIP) to ensure secure communications. Both physical and soft client models are available that enable users to make or receive calls, access voicemail, check call history, and search the organization's directory.
Steps 5 and 6 – Creating a Secure and Scalable Headend
The other half of the equation is ensuring that the headend can scale to meet the sudden volume of teleworkers needing remote access to network resources while ensuring that network access is appropriately secured.
User and Device Authentication: A central authentication service connected to the network's active directory, LDAP, and Radius enables remote workers to securely connect to network services at scale. This solution should also support single sign-on services, certificate management, and guest management.
Advanced Perimeter Security: An NGFW solution needs to securely terminate VPN connections, provide advanced threat protection – including the analysis of malware and other suspicious content within a sandboxed environment before it reaches its destination, and high-performance inspection of clear-text and encrypted traffic to eliminate malware and malicious traffic. Scalability for this function is especially critical, as the inspection of encrypted data is extremely processor-intensive. Without advanced security processors designed to inspect high volumes of encrypted traffic, NGFW solutions can quickly become a bottleneck that can impact teleworker productivity.
A Secure Foundation Ensures Scalable Business Continuity
Business continuity and disaster recovery programs require a teleworker strategy that can support a remote workforce with little or no notice, without compromising network security. Such a solution needs to enable secure access to critical resources while scaling to meet the demands of your entire workforce on day one.
These business continuity solutions also need to be easily deployable and configurable, ideally with zero-touch provisioning, to enable a quick transition to a remote workforce while maintaining full security visibility and control regardless of their deployment environment. This ensures that your organization can quickly respond to critical events with minimal impact on productivity and profitability.