The Definitive Guide to Secure Remote Working

There is no unified definition of a Secure Remote Working solution; it comprises the parts required to provide the digital workspace that a business needs to function in today’s geographically and globally dispersed workplace. Different technology vendors will focus on the tools and products that form their specific portfolio, muddying the water when trying to ascertain what tools to deploy for your business. This article explores Secure Remote Working as a concept, and where feasible it avoids vendor-specific language and terminology.

What defines a Secure Remote Working solution?

Secure Remote Working provides a safe and protected environment where your staff can access important company and customer data, corporate communications and application tools. Typically, this also means utilising a secure workstation, all from outside the traditional office workspace. A Secure Remote Working solution provides all these functions, protecting your business, employees, and customers from data breaches, malware, ransomware, phishing, whaling, and snooping.

A right Secure Remote Working solution should seamlessly provide these functions, acting as a near-invisible protective blanket. It helps employees work remotely with sensitive company data without trying to circumvent security policies and procedures. It also provides a secure and safe remote working environment, no matter where the employee accesses their work tools.

What comprises a Secure Remote Working solution?

Secure Remote Working is a combination of multiple technologies and procedures comprising:

• Virtual Private Network (VPN) – Facilitates secure access to on-premises applications and services. VPNs also provide secure internet access for employees on public wireless or third-party corporate networks.
• Multi-Factor Authentication (MFA) – This helps protect your critical applications and data, by providing an additional authentication method, typically referred to as Two Factor Authentication (2FA), something you know (your password) and something you have (a token, certificate, or passcode). MFA goes further than 2FA, as it also includes security assurance and posturing for the connecting device, determining whether it meets the corporate security policy. MFA helps identify the person accessing the resource is who they say they are.
• Secure DNS and DNS Filtering – This helps protect employees outside of the corporate network by protecting against Man-in-the-Middle (MITM) attacks and defining a policy of work safe websites and web categories.
• Anti-Malware Protection (AMP) – The majority of attacks happen from trusted endpoints and devices, typically by utilising software designed to provide remote control or access to a computer. It is known as malware, and it can leak sensitive data, or lock data behind criminal controlled encryption resulting in ransom situations. AMP protects the employee by acting as a protection layer to stop these applications, installing themselves regardless of the vector used to spread it.
• Data Loss Prevention (DLP) – DLP is a strategy for ensuring that end-users do not send sensitive or critical information outside the corporate network. The term also describes software products that help an administrator control what data end users can transfer, and to whom the data is shared.
• Virtual Desktop Infrastructure (VDI) – This provides a secure, and simple to manage corporate workstation as a virtual connection no matter what device your employees use. Critical applications and customer data accessed via secure connections to centralised VDI server farms significantly reduce the footprint to network intrusion and help protect important customer and corporate data.
• Single Sign-On (SSO) – Providing users with a single authentication point to access all of their corporate provided tools. When teamed with MFA, SSO allows employees to obtain an authentication and authorisation token to access all of their work tools, reducing password fatigue.
• Cloud Productivity and Collaboration Suites – It is important not to focus only on securing the digital workspace, but also to supply employees with tools that make it easier for them to operate as dispersed teams. Cloud collaboration and productivity tools give easier access to systems employees need to do their jobs, whilst helping the business by reducing the Total Cost of Ownership (TCO) and providing greater flexibility in access no matter where the employee is.

The shift towards a cloud-oriented digital workspace will likely see you selecting multiple components from the list above. However, it's important to note that your business may not need all of these tools, or that you may need a more specific solution for providing secure access to your on-premise digital infrastructure. See our guide for an alternative view on Zero Trust Security and how this can help provide secure access to on-premise infrastructure.

With the rise of flexible home and remote working, the requirement to provide remote access to business tools and data has increased. Remote working has been on the rise across specific industry sectors for some time, however, the recent global pandemic has driven home the requirement for remote working across nearly all business sectors.

The increasing demand for flexible working

Employees are now even demanding remote working as part of their working life. In a recent survey conducted by Dimensional Research only 9% of respondents perceive that they will be returning to a solely office-based role, with 58% of those surveyed expecting to work from home more than eight days each month. A recent study by YouGov revealed that 63% of employees would live more remotely from their work if home working were an option. This blending of the office and home environments requires businesses to adapt their remote working practices.

The global pandemic caused by COVID-19 has accelerated this shift. Office-based employees have seen that they can be successful in a home environment, and with this, there is a reluctance to revert to the previous pre-COVID work environment.

It is a legal requirement within the United Kingdom for an employer to provide employees with the ability to request flexible working. In fact, flexible working was important to 87% of the UK workforce in EY's pre-COVID survey. More employees are looking for a flexible working environment and base their decision to work for businesses according to their flexible working policies.

From a YouGov poll, 30% of remote workers reported that working from home can be lonely. It is vital to address the remote aspect of working outside the traditional office environment. Good collaboration tools will bridge the gap between team members, allowing for promoting the bond between the company culture and its employees.

In the October 2020 report conducted by Dimensional Research into The Rise of the Hybrid Workplace, 98% of respondents reported frustration with video meetings when working from home, with the same amount of respondents believing that meetings will involve participants joining from home. The approach needed to be taken by businesses to address the disparate investment in on-premise solutions and create models that can successfully cope with a distributed workforce.

The business benefits of flexible working

In these post-COVID times, it is evident that all businesses that can provide a flexible working environment should do so, having a plan for remote working helps protect the company from disruptions to service. In the October 2020 Survey by Dimensional Research, 77% of larger organisations seek to increase the levels of flexible working that they offer. Still, businesses with flexible working arrangements for their employees also typically have higher employee retention than the increased job satisfaction of a more stable work and life balance.

Providing remote working ability can also reduce the capital expenditure needed on traditional office spaces, allowing for lower headcounts in offices, reducing expenditure on real estate. In the research conducted by Dimensional Research, 53% of larger organisations plan to downsize their office locations and increase the offerings for flexible or remote working. Even in companies of 250 – 1000 staff (the average company size in the UK), 34% of respondents expect to reduce office size, with 55% expecting an increase in flexible working practices.

For those looking to retain office working, employees are looking for a safer working environment with 95% of respondents to the Dimensional Research survey saying they feel uncomfortable returning to an office environment. Businesses will require better sanitisation, reduced desk sharing, and better communication and collaboration tools.

With all the benefits, it also essential to realise the complications of remote working. Traditionally employees would access their corporate tools from the safety of the inside of the corporate network. It is essential to find a way to extend security to the home, and other work environments such as coffee shops, park, or hotels. Or, indeed, any areas where the traditional control over the internet provided to the employee is not controlled by the corporate security team. Failing to do so can expose the business to data breaches, either unintentionally or maliciously, which in the current global privacy environment can severely erode and damage the trust between companies and their customers, and impacting revenue from sales or costly fines. It is far easier and cheaper to address the issues up front than to rectify them later.

Achieving a Secure Remote Working environment can seem like a daunting task. Still, it's essential to step back and look at the tools and data your employees need to do their jobs successfully and then understand how to securely provide these resources so that it doesn't matter where or how the employee accesses these tools.

Typical Secure Remote Worker criteria

Let us look at the criteria that define a successful Secure Remote Working solution:

• Secure access to the internet
• Secure access to company and customer data
• Secure access to communication tools
• Secure access to collaboration and conferencing tools
• Secure access to work applications
• Ease of use.

Breaking down the solution to component parts helps identify how existing tools can integrate into a complete solution. Any selected technologies must work alongside any current work practices and technology in use by your organisation.

Secure internet access

With the rise of flexible and home working, employees will be looking to access their work environment, whilst blending this with their personal life and commitments. Securing employee internet access reduces the vector by which malware and ransomware can enter the corporate environment. Secure DNS and DNS filtering can protect employees from dangerous websites and enforce corporate guidelines for access to risky categories (gambling, file sharing, etc…). VPNs can secure access to corporate tools or secure internet access in situations where network security is not guaranteed. AMP can help reduce the vector of unintentional infection of workstations.

Secure access to company and customer data

Securing access to data can involve deploying a VPN to access an on-premise resource or implementing SSO and MFA for cloud resources. Utilising a Data Loss Prevention application can help track when sensitive data is removed from a secure workspace.

Secure access to communication tools

Company communication tools can include email, instant messaging, and voice and video calling. These tools ensure communication between employees and customers happens securely. Utilising MFA can help ensure that no untrusted third-party can access these tools, and SSO can help with easing logons between applications, reducing employee password fatigue.

Secure access to collaboration and conferencing tools

Collaboration tools include voice and video conferencing, as well as document and application collaboration. Like communication tools use of SSO and MFA are applicable here, but it's essential to make sure that these conversations are encrypted, especially where they pass over the public internet.

Secure access to work applications

Work applications can include anything your employees use to do their job, whether these are office word processors, file storage, databases, or applications. Utilising MFA and SSO can help ensure that only those who need access to these applications can access them. It extends further to the employee's environment to access these tools, where AMP, VDI, and DNS filtering provide a secure and safe workspace.

Ease of use

The most important category when deploying Secure Remote Working components is that they are seamless to the employee. Use of SSO and MFA helps employees authenticate once to access all their corporate work tools while maintaining a high level of security assurance for the business. Good DNS filtering applications will allow employees to query access to resources and allow the IT Security and Compliance team to tailor access policies easily.

Use of VDI and DLP callow for employees to safely utilise their own devices whilst maintaining a secure environment for corporate and customer data. No matter the approach, it is vital that solution is easy to use, it should not be a burden to the end-users to adopt the platform and components. Failure to encourage user adoption can result in employees trying to circumvent the solution, undermining its effectiveness.

Now we have an idea of what comprises Secure Remote Working and how it can benefit the business and its employees, but what is out there to help you achieve this environment?

Market leading vendor solutions

There are many ways to approach Secure Remote Working, with different vendors offering components to address the requirements. At Forfusion, we work three major vendors of remote working solutions:

• Cisco
• Citrix
• Microsoft

Each vendor can provide whole or part of the solution, depending on your needs. At Forfusion, we are well versed in the capabilities and use cases for each vendor.

Cisco Secure Remote Worker

Cisco Secure Remote Worker is a security solution for companies and organisations who are looking for a simple, scalable, and integrated solution that delivers the strength and breadth of Cisco's platform approach to protecting your workforce everywhere. The solution comprises:

• Cisco Secure Access by Duo – a user-centric zero-trust security platform with two-factor authentication to protect access to sensitive data for all users, devices, and applications. Traditional security relies on location-based trust. A zero-trust model enforces adaptive controls and continuously verifies trust. Using a zero-trust platform such as Cisco Secure Access by Duo, you can help prevent unauthorised access, data breaches, and reduce the risk of attacks. For more information on Zero Trust Security, see our guide.
• Cisco Umbrella – offers flexible, cloud-delivered security when and how you need it. It combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to protect your users everywhere in minutes effectively.
• Cisco Secure Endpoint – provides global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches. Still, because you can't rely on prevention alone, AMP also continuously analyses file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.
• Cisco AnyConnect – empowers remote workers with frictionless, secure access to the enterprise network from any device, at any time, in any location while protecting the organisation. AnyConnect provides secure VPN access for remote workers.
• Cisco Secure Mailbox – integrated cloud-hosted mailbox defence addresses gaps in email security through complete inbound, outbound and internal messages visibility to detect and block advanced email threats through superior threat intelligence.

Cisco also offers a series of additional component tools that can leverage a secure remote working environment with the Webex suite of collaboration applications. Webex includes calling, messaging, and meeting functionality with native support for the Cisco Secure Remote Working solution components.

Secure cloud collaboration with Cisco Webex

Cisco Webex is a comprehensive collaboration suite comprising conferencing, voice and video calling, team collaboration and customer services tools, all available from the secure Cisco Webex cloud. Webex is designed from the ground up to provide a secure and scalable collaboration solution, whilst keeping management and monitoring easy. Webex comprises of:

• Webex Meetings – Webex Meetings is the world's most popular video conferencing service for the enterprise, offering highly secure integrated audio, video, and content sharing from the Cisco Webex cloud. Cognitive Collaboration features such as Webex Assistant and People Insights bring artificial intelligence to automate meeting tasks.
• Webex Teams – Whether on the go, at a desk, or together in a meeting room, Webex Teams helps speed up projects, build better relationships, and solve business challenges. It has got all the team collaboration tools you need to keep work moving forward and connects with the other tools you use to simplify life.
• Webex Calling – Webex Calling gives you a phone service in the cloud to make and receive calls on any device, anywhere—all without the overhead and hassle of managing it.
• Webex Contact Center – Cisco Webex Contact Center brings your business the innovation, flexibility, and agility of a cloud contact centre solution, with the security and global scalability you have come to expect from Cisco.
• Webex Control Hub – Cisco Webex Control Hub offers a holistic view of all your Cisco Webex services. Manage your services and users, provision devices, view detailed analytics and reporting and configure security and compliance policies. All of this can help keep data safe and meet regulatory needs.

Cisco is the only cloud collaboration provider that also produces its hardware for use with these services. From Cisco IP Phones and Headsets, to Webex Room and Board Series videoconferencing endpoints, and Cisco Unified Border Elements to provide access to the PSTN or on-premise telephony platforms.

Microsoft Secure Remote Work

Microsoft Secure Remote Work offers a suite of products that address the challenges faced by today's remote workforce. The solution helps customers identify and tick-off the components that comprise a secure remote working environment; these include:

• Azure Active Directory - Establishing identity management in the cloud is your first step. Microsoft Azure Active Directory (Azure AD) lets you manage authentication across devices, cloud apps, and on-premises apps. With single sign-on, your employees can access resources from any device while working remotely.
• Azure AD Application Proxy - Your business-critical apps may not be setup for access from outside the corporate network. Use Azure AD Application Proxy, a lightweight agent, to enable access to your on-premises apps without opening up broad access to your network. Combine it with existing Azure AD authentication and Azure Active Directory Conditional Access policies to keep users and data secure.
• Microsoft Authenticator - Multi-factor authentication (MFA) is the single best thing you can do to improve remote work security. If you cannot distribute hardware security devices, use biometrics or mobile device authentication apps like Microsoft Authenticator as the second factor.
• Microsoft Intune - Microsoft Intune lets you manage both company-owned and employee-owned devices from the cloud. It allows you to manage across devices (laptop, tablet, and mobile device) and operating systems (iOS, Windows, and Android). Set up your Intune subscription, add users and groups of users, assign licenses, deploy and protect apps, and set up device enrolment.
• Azure AD Conditional Access - Azure AD Conditional Access is the Microsoft identity security policy hub. Create Conditional Access policies according to the user, device, application, and risk. Enforce controls that allow a device trying to access a specific resource only if it's compliant.
• Office 365Advanced Threat Protection - Phishing is a primary point of entry for attackers, and recent world events have provided them with a new opportunity to trick users into clicking on lures. For security against malicious emails, Office 365 Advanced Threat Protection lets you set up anti-phishing protection to help protect your employees from increasingly sophisticated attacks.
• Microsoft Defender Advanced Threat Protection - The Microsoft Defender Advanced Threat Protection integrated suite of pre-and post-breach protection capabilities helps your security team protect your environment and scale and operate efficiently while being remote. Take advantage of Threat and Vulnerability Management, attack surface reduction, and auto investigation and remediation today. These features require relatively low effort to leverage and can significantly impact the drive to better security and improve efficiencies.
• Microsoft Cloud App Security - Remote workers often need access to various business-critical cloud apps to do their jobs. Use Microsoft Cloud App Security to monitor session risk, gain visibility into usage, and enforce app and file usage policies in real-time. Maintain productivity by educating and guiding workers to access the cloud resources they need through more secure methods.
• Microsoft Secure Score - Once you've deployed your security infrastructure, ensure you're taking full advantage of its capabilities with an optimised configuration. Identify potential posture improvements and develop and implement a plan to get the most security out of your Microsoft 365 and Azure workloads with Microsoft Secure Score.

Microsoft also offers the Microsoft 365 suite of collaboration tools to secure communication and collaboration for a dispersed national or global workforce, all with easy integration with Microsoft Cloud Security components.

Secure cloud productivity with Microsoft 365 and Teams

Microsoft 365 provides a wealth of tools to help teams communicate and collaborate more effectively, all securely hosted within Microsoft Azure. Office 365 provides a customisable suite of tools comprising:

• Office 365 – Office 365 provides web or desktop access to the suite of Microsoft Office tools. Employees can stay up to date on any device with the latest versions of Word, Excel, and PowerPoint, and more.
• Microsoft Exchange – With Exchange, your employees can access email and calendar across all of their devices with Microsoft Outlook. Exchange provides easy access to email to communicate with co-workers and customers.
• SharePoint – SharePoint empowers teamwork with dynamic and productive team sites for every project team, department, and division. Share files, data, news, and resources and customise your site to streamline your team's work.
• OneDrive – Access the information you need securely and safely across all of your devices or directly from the cloud. OneDrive provides each employee with their dedicated storage area to safely host, share, and collaborate on company and customer data.
• Microsoft Teams - Microsoft Teams is your hub for teamwork, which brings together everything a team needs: chat and threaded conversations, meetings & video conferencing, calling, content collaboration with the power of Microsoft 365 applications, and the ability to create and integrate apps and workflows on which your business relies.

The value proposition of the Microsoft Cloud Security ecosystem increased significantly with the utilisation of Microsoft 365. Every application integrates tightly to provide a seamless solution for Secure Remote Working.

Citrix Secure Remote Access

Citrix Secure Remote Access is a comprehensive private virtual network solution that delivers all apps on any device. It allows for the tightening of security with access point for apps and resources. The solution comprises:

• Citrix Gateway – Citrix Gateway consolidates remote access infrastructure to provide single sign-on across all applications whether in a data centre, in a cloud, or if the apps deliver as SaaS apps. It allows people to access any app, from any device, through a single URL.
• Citrix ShareFile - ShareFile is a secure, enterprise data sync and sharing service with flexible storage options that allows IT to mobilise all business data. ShareFile enables mobile productivity with read-write access to data, workflows and collaboration and will enable users to securely share files with anyone and sync files across all their devices.
• Citrix Analytics for Security - With the advantage of work from anywhere, anytime, any device on any network, sensitive corporate data is exposed more than when users only worked from an isolated corporate office. Malicious users have a large attack surface to target. IT teams must deliver a great user experience without compromising security. Citrix Analytics for Security can help bridge that gap with a focus on user security.
• Citrix Endpoint Manager - Citrix Endpoint Management is a solution for managing endpoints, offering mobile device management (MDM) and mobile application management (MAM) capabilities. With Endpoint Management, you manage device and app policies and deliver apps to users. Your business information stays protected with strict security for identity, devices, apps, data, and networks.

Finding a solution from a single vendor to complete the whole of your Secure Remote Working solution is relatively uncommon. A typical organisation will utilise components from multiple vendors; these applications must co-exist with each other. One example is where Cisco networking and hyperconverged infrastructure supports Citrix on-premises VDI workloads and provides onRamp services to Citrix Workspace, Cisco Webex Contact Centre and Microsoft Office 365 (inc. Teams) productivity tools.