When COVID-19 first became public in the United States in March 2019, and as governors started defining essential and non-essential workplaces and businesses, everyone scrambled to get their employees setup for remote access to be able to work from home.
While many organizations already had policies and resources setup to do just this, many others, specifically small businesses with managed IT services or ones that had an outside IT guy handle things, didn’t have these things in place, or did but just didn’t have them active.
This created a rush to get people mobile and working from home and created a situation where the quickest option, but not necessarily the best option, was implemented to keep people working.
What happened in the rush to work from home?
Since COVID-19, I have heard of cases where people at small businesses without managed IT services, IT support, or a full IT team, just took what was available and quickly rushed out to get some remote desktop software to get access into their computers.
While not all these solutions are terrible ones or that they didn’t work, the problem becomes unification and the ability to align and address security holes that have now been introduced to the corporate network.
While these solutions allowed network access from home and small businesses have patchworked their way through getting remote access to their solutions, now the problems exist of how to keep this solution working as time goes on.
It’s been documented that now that people have been working from home, and this hasn’t drastically impacted workflow, that this work from home will now be even more prevalent. At the time of this writing, there were several articles in my Google News feed that talked about things from salaries changing and different defined roles in this new landscape of remotely working.
If this is the case small businesses find themselves in going forward, they should now consider an approach that hardens security, makes more efficient use of network bandwidth, and unifies the remote workplaces and corporate environment.
What should be done going forward?
SMB’s that find themselves in a similar situation should take an approach to document all systems, where the systems reside – i.e. cloud or an on-premise server, and how their remote resources should attain access to those systems.
Once it’s determined what systems are available to the users, then a plan can be made for remote access users to consistently connect to those resources, regardless of the device they are connecting from. Doing this will ensure that no questions come up when a user is at home working, if they are on the road at a hotel, or in a client’s office.
There are three different scenarios that exist for most SMB’s.
- The environment in the office consists solely of a connection to the Internet, and all devices connect to cloud services. The cloud services may be a file sharing system such as Dropbox, OneDrive, etc., as well as cloud applications where the user signs into the application through a web browser
- The office environment consists of on-premise file shares, servers, installed applications on each desktop, etc.
- Most commonly for SMB’s (small and medium sized businesses), the corporate network consists of a hybrid of on-premise and cloud services
Once the type of network is determined and documented, then determining the best universal approach for access to these systems can be determined.
If the scenario is the first above of all cloud services, then it may be possible that the users access their cloud services and applications directly from the devices that are compatible with those applications.
Usually however in this case, the downside is that not all applications run directly on all mobile devices. Some applications may require a specific browser to access or may even require an app to be downloaded. This may not work on all devices, and therefore then the user needs to make sure they have a device available to them that meets all the requirements.
Another item to consider for this is also the security to access those resources. Since those resources in the cloud won’t touch the corporate network, then the ability to control the security on those devices is diminished.
Ideally in a situation like this, users would still have a corporate identity (IDaaS) that would also be cloud based, and then this would also be chosen based on compatibility with cloud applications. If this is able to be done, an SSO (single sign on) service could be implemented that would then allow users to minimize their credentials for all the different resources.
If the scenario is the second above where all resources are local, then possibly the only solution needed would be the VPN. This would allow secure access to all network resources. Depending on the VPN and licensing, this may be a more attractive option as more devices are likely to be compatible with the VPN and the configuration will be the same.
If the scenario is the third above, this would be most common. This also presents IT challenges however because there are more systems to implement and usually a combination of a VPN, SSO, and VDI (virtual desktop infrastructure) is used.
How TR Technologies handles this
In most cases with our managed IT services clients, we implement a system with client VPN access to the corporate network. Then after connecting securely to the corporate network, we have a web interface setup to where each user can access the systems and resources that each user has assigned to them, based on permissions of resources available to them.
This approach allows all mobile users to consistently access all resources available to them in a way that is always the same and always works the same, whether they are using an iPad, a Microsoft Surface, an Android phone, etc., and whether they are working remotely or in the office on their office days.
Conclusion
- Document all resources and systems available for work from home users
- Determine where all the resources needed by employees are located and how access can be granted
- Setup a secure connection to the resources using something such as a VPN or SSO.