Laurence Cadieux
Key Findings from the Survey
By a significant margin, the 3 most popular IT security tools that SMBs are using to manage remote access are: virtual private networks (VPN), multi-factor authentication (MFA), and Devolutions Password Manager* (please see note at the end of this article).
In terms of employee deployment and remote access: 75% of SMBs allow some/all employees to work hybrid (mix of in-house and remote), 19% have all employees working in-house, and 6% have all employees working remotely.
SMBs are facing remote access management challenges in four key areas: security (vulnerabilities caused by remote workers using personal devices), efficiency (additional burden on IT staff), governance (distributing policies and updates to all employees and external parties that access the network with their own equipment), and cost (increased infrastructure expenses to ensure remote worker security).
Recommendations
The following recommendations will help SMBs strategically, effectively, and affordably strengthen remote access management:
Implement a Just-in-Time Gateway
The survey found that most SMBs are using a VPN to establish a protected network connection when using public networks — which is especially critical for remote workers. However, while VPNs are helpful, they trigger three major problems:
- VPN servers are notoriously difficult and time-consuming to deploy.
- VPN clients tunnel traffic through the private network, which can significantly degrade network performance.
- When granting temporary access, Admins must spend time updating and keeping track of VPN and firewall rules.
To solve these problems, SMBs should implement a gateway that provides just-in-time access to resources in segmented networks. Unlike a VPN, a gateway:
- Deploys quickly and easily, which is vital for SMBs that do not have the budget or bandwidth to get bogged down with deployment-related issues and hassles.
- Improves network performance by restricting tunneling to RDP connections, which means there is no negative impact on other network traffic.
- Uses dynamic access rules, which eliminates the need for Admins to manually update VPN and firewall rules when granting temporary access
A gateway is also highly beneficial for Managed Services Providers (MSPs), as it allows them to connect rapidly and securely to separate customer networks.
Close the Security Gap Caused by Remote Workers
The popularity of remote working (including hybrid) is not surprising — especially in the aftermath of COVID-19, when logging in from home moved from the sidelines into the mainstream. However, despite the benefits for both employees and employers, remote working greatly expands the size of the attack surface. To close the security gap, SMBs need to implement and enforce a remote worker cybersecurity policy that includes the following elements:
- Secure remote access with a just-in-time gateway solution (as discussed above). If this option is not currently available, then use a reputable VPN until a gateway solution is in place.
- Always use MFA, which is an extra layer of security that requires remote workers to verify their identity by providing their login credentials, along with another piece of information. While MFA is not bulletproof, is it categorically superior to just using passwords (even strong ones) to protect accounts.
- Use a robust, yet easy-to-use password manager that offers features such as: password rotation, strong password generator, automatic check against passwords that have been exposed during attacks, and real-time alerts in the event of unauthorized access attempts.
- Install endpoint security tools including network firewalls for both endpoints and home networks, anti-virus software, and software updaters (as a best practice, we recommend that SMBs put remote devices on a standard image and activate automatic updates for all apps and programs, especially security software).
- Provide ongoing cybersecurity training, which is especially important for remote workers who may be tempted to “let their guard down” at home vs. the corporate environment.
- Switch to cloud-based storage, which is not just more convenient for remote workers, but also enhances protection from cyber threats with protections such as enforcing conditional access, DRM, UEBA, DLP, encryption, and more. If a device is stolen, then access to cloud-based data can be instantly revoked.
Choose Remote Access Tools that Improve Security, Efficiency, Governance, and Affordability
- Remote access tools that improve security feature: strong encryption, account brokering, role-based access control (RBAC), 2FA, and user vaults that provide specific individuals access to certain privileged accounts.
- Remote access tools that improve efficiency feature: a centralized password vault, mobile access, offline access, automatic connections, and session sharing. They should also support multiple vaults, data sources, and technologies (e.g., RDP, SSH, VPN, web, VNC, Telnet, ICA/HDX, ARD, etc.).
- Remote access tools that improve governance feature: audit trails, activity logging, real-time connections, and an integrated console that provides an overview of machine state while facilitating management tasks through integrated virtualization consoles.
- Remote access tools that improve affordability feature: a free trial, per user vs. per installation licensing (which is especially important for hybrid workers who rotate between a home office and the corporate environment), and multiple licensing options (e.g., licensing for up to a maximum number of users, 51 or more users at a single site, and 51 or more users across multiple sites). Tools must also demonstrate that the total cost of ownership does not exceed the ROI for risk reduction and productivity gains.
Looking Ahead
In our next deep dive into the Devolutions State of IT Security in SMBs in 2022-23 Survey report, we will look at the experiences and expectations in IT security management, with a focus on spending and planning.
FOOTNOTES
*By way of transparency and to affirm the integrity of the survey, we wish to point out that we did NOT include “Devolutions’ Remote Desktop Manager” as a potential response in the survey. This was an open-ended/fill-in-the-blank type of question, and participants were invited to submit any response that they wished. The fact that Remote Desktop Manager was among the most popular responses was entirely driven by participants and not in any way directly or indirectly influenced by us.
Steven Lafortune
