Security levels of mobile workstations still critical in many places
Increased hybrid work environments have exposed the vulnerabilities of the existing IT infrastructure in many companies. Overloaded networks, security deficiencies in mobile working and distributed data silos are just some of the challenges that companies are still struggling with in many places, even after two years in crisis mode. In crisis scenarios, it is not only important to maintain critical processes and productivity, but also not to reduce the existing security level in data traffic.
Working from a home office has become a part of everyday life at many companies. Since the term "home office" is used quite inflationarily, however, a clear distinction must be made here, because only very few employees actually have a classic home office: namely, a workstation in their own four walls or at an external location that is not only equipped with the necessary software and hardware by the employer, but also has access restrictions that comply with data protection regulations (e.g., lockable room, sole and exclusive use of components from the employer, etc.). What many workers resorted to in the crisis years of 2020 and 2021 is more like mobile working, which brings many new challenges. It became particularly dangerous when solutions were introduced quickly and not with due diligence, just to keep the business running, even if at the expense of security and data protection. Closing these security gaps will continue to occupy many companies in 2022.
Secure connection of home workstations
The impact that the transition to modern home working has had on operational processes in German companies depends crucially on the business model, the individual requirement profiles of employees and, not least, the company's IT infrastructure. For example, what demands are placed on communication and data exchange? While simple document sharing is sufficient for one person, for example, another employee needs a remote workstation to work on a complex 3D model. Many businesses have also had to send more workers to work from home than operational resources were available. "Against this background, we have recorded a significant increase in requests to date, in some cases to enable several hundred workstations to work remotely and to close the existing security gaps. The principle: The user accesses a virtual desktop environment (VDI: Virtual Desktop Infrastructure) of the company with his private work device via a hardware-authenticated terminal session. The private operating system environment and the company application interface are physically completely separate system worlds at all times. No company data can be stored on the private end device, as there is no data access between the private and company environments. This is a simple and effective solution for connecting a large number of home workstations and also ensuring a sufficiently high level of protection for all clients from an economic perspective," says Holger Priebe, Team Leader Microsoft and Virtualization at Netlink. "Accordingly, it is no surprise that VDI, VMware Horizon and collaboration applications such as Office 365 with Teams and Sharepoint currently represent the largest growth areas for us as an IT system house, which are also currently taking up our largest personnel resources," he adds.
Physical capacity bottlenecks
The conceptual question of connecting to the corporate network is followed by questions about the physical capacities of the existing network: Do I have a sufficient firewall and enough bandwidth to connect all my mobile employees remotely via VPN at the same time? Do the employees need to work remotely on Microsoft machines at all, or is it sufficient to let them work via a classic client, e.g., by accessing the Office 365 cloud locally, so that the bandwidth of the company's own network is not burdened? It should be noted that it is not enough to establish access once. Load tests must also take place due to dynamic adjustments to the IT infrastructure in order to ensure smooth and reliable live operation without interrupting workflows.
But the employee also needs sufficient bandwidth in the home network to work remotely with the usual IT quality. Is the employee only online with one client, so that it is sufficient to set up a VPN tunnel, or does he perhaps even need to be connected via a remote access point? The private WLAN may also already be busy due to other users or may not meet the company's security requirements. Here, an LTE card and an LTE modem from the employer can improve the performance and security of the connection at low cost.
Securing access
Securing access is always a neuralgic point here. "WLAN access should be provided with a strong password that is changed at regular intervals. Ideally, a guest WLAN access is used for home work, so that any company data is not transferred via the same network that other users in the house use. Depending on the role and authorization, the question also arises as to whether logging into the network using only a user name and password offers sufficient protection or whether access security should be increased with two-factor authentication, e.g., with tokens or one-time passwords, via smart card or with the help of biometric features," explains Niklas Lay, Team Leader Network and IT Security at Netzlink. "If you need additional protection for individual work devices, you can also activate the encryption of the hard drive - after all, Windows 10 already includes a so-called bitlocker in the operating system to prevent unauthorized data access, for example in the event of loss or theft."
BYOD - Raising awareness of risks
A latent danger for companies is to tolerate the use of private end devices without existing guidelines, for example, in order to maintain a supposedly high level of employee productivity. Even after two years in crisis mode, private end devices pose a serious risk to corporate data security because they are largely beyond corporate control. "Many employees here also lack the security awareness that smartphones are mobile and quite powerful little computers, sometimes with significant data stores, that need to be secured via firewalls and up-to-date virus protection just like their desktop counterparts. In the event of a sudden change in the work situation, many users are not in a position to assess the dangers and risks for themselves and the company. In this respect, it is in the interest of companies to raise employees' security awareness for the use of private smartphones at work with appropriate guidelines in order to protect the company from external attacks on IT," warns Lay.
Tools for the next crisis: Emergency plan in your pocket
With the increasing use of mobile working, ICT operations are becoming even more important for all companies. The applications and data simply cannot be allowed to fail anymore. The best preparation for successful business continuity management is an emergency manual. This is used to maintain and continue critical processes when certain events disrupt or prevent operations. The complex (IT) structures of our global collaboration networks make us highly dependent on continuous business operations between all process participants - internal and external. This is becoming even more important as digitization progresses. Sustainable risk management must be part of every organization to limit the negative impact of disruptions on business operations. Unfortunately, a damaging event often has to occur before action is actually taken. Responding appropriately to disruptions requires a pre-planned and rigorously methodical approach that takes into account all critical processes, establishes responsibilities and defines communication processes in order to return to productive ICT operations in the shortest possible time.
To give companies a quick overview of the (equipment) technical basics and the personal requirements that make companies and employees fit for mobile working, the Netzlink interested readers an e-booklet to download free of charge an.
