Nigel Heyn

I was recently asked about remote access network security (VPN’s) from a business owner and great client of ours, Mr Adam Franklin of Bluewire Media a Brisbane web design company.

Adam recently had his notebook set up so he could work from anywhere his internet access would take him, however like all good business owners, Adam did question some of the security aspect of this. You can read more about Adam’s success with working remotely here: Work from anywhere using Web 2.0.

Here was my response to Adam, which I’m sure will help and enlighten other business owners as well:

“You raise a good point in terms of VPN and remote access security into company networks. It really comes down to how the company is structured itself and what measures are in place to mitigate users copying company data.”

“Any user can do the same if they are sitting in an office, simply copying files to USB sticks, sending attachments to personal address, printing the data, etc. The critical way to manage this is to ensure proper security has been established at the server level to only grant permissions to what data the staff member actually needs to get their job done. This can be done at either a division or individual level. Smart software, such as REM (Remote Environment Manager) is also available to lock down these areas of potential exploit, for example, by preventing copying data to a USB stick and/or DVD burner. This software can also monitor staff actions and flag incidents when potential breeches have occurred. We use this software with great success for a number of our clients and highly recommend it to those who seek to mitigate these security risks.”

“Critically as well, items such as enforcing strong passwords and expiring used passwords every month, making sure staffcan only access the company VPN through company assigned devices such as laptops, desktops or phones, even using security tokens for additional protection are all common methods used to help minimise external threats into company networks.”

“Essential user activity logging to track a users actions whilst in a remote or VPN session is also a good way to keep tabs on this, however most companies who have such only use this information retrospectively and not proactively, to see trends and lock down areas of risk before they become a problem. The issue here revolves around cost, as to be proactive does require the right software smarts and vigilant analysis of the data regularly – yet then again, can a company put a price on the loss of their intellectual property into the wrong person’s hands? How do you define a company’s worth? By the value in its IP and in the wrong hands, such could mean its demise.”

“In the end, the most important item any business owner can do is to ensure they do not become complacent and review their security, internally and externally, as often as possible. As a guide, monitoring daily through the use of smart software, then managing by exception on a weekly basis and formally performing C-Level security reviews every quarter, bodes well for the management of company network infrastructure. Humans cause most of the technology issues in this world, therefore how we manage them is the key to ones success.”

This entry was posted on Tuesday, May 26th, 2009 at 7:21 pm and is filed under News, Concepts & Technology. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.