As businesses and organizations around the world were forced to move their employees to work remotely, many were not truly prepared for what is required to make that transition while maintaining seamless operations.
As a result, businesses found themselves scrambling to get corporate laptops into the hands of key personnel, while others encountered supply chain issues that reduced stock at both large suppliers and local electronic chains. Each company, no matter what their size was faced with managing internal software and access requirements. But, how do you translate this at scale? How do you ensure that your employees can work anywhere, anytime, and on any platform available? The answer is simple, and it lies in a technology that has been around since the early 90’s and continues to evolve today. While there are many variations it is all fundamentally offshoots of remote desktop. Citrix, VDI, RDS, DaaS, are some of the current names with each product designed for different use cases and business needs.
Years ago, remote access was traditionally a very easy solve. Working from home was not a popular use case as it is today due to available consumer bandwidth options. Most commonly, users were granted access to corporate resources such as files and email via VPN (virtual private networking). More security-focused organizations provided employees with a corporate machine to access the VPN. However, this solution always had a fundamental flaw, those endpoints albeit secured with your corporate AV, were still living outside the perimeter of the network, and would then connect with full access to the network.
As the security landscape evolved to combat emerging threats from all angles, which specifically included remote workers; Solutions were born that allowed remote access to the corporate network without network level access. This meant that users could access all corporate resources but never actually be physically connected to the network. Additional controls put in place by an organization could further lock down and secure that access. While the organizations that still relied only on VPN access to the office, at the start of the quarantine were struggling to get laptops, configure VPN access points and buy additional licensing. Those that had already put in place a robust solution like Citrix, RDS, VDI or DaaS simply ensured that their end users knew how to access it. What makes this so much easier you ask? Well, it is because technologies like Citrix and RDS use the concept of shared application access. Take for example your accounting department who needs to run Great Plains while working remotely. Instead of loading Great Plains on each of those end users’ laptops, you would install it on the Citrix or RDS server and once any member of that accounting team logs in they would be able to access Great Plains as if they were sitting in their seats at the office. This also means that when it is time to upgrade the software, as the admin you simply perform the update once on the server, instead of multiple times for each remote employee. In the last 5-10 years this technology has evolved even more with the mainstream introduction of VDI (virtual desktop infrastructure). This concept took the idea of a windows machine and made it available as a virtual machine. This allowed admins the flexibility to deploy and scale machines on demand based on end user need. It allowed for controlled updates to the machines and operating system. Users can either use a pool of dedicated virtual desktops. If situations required it, they had the option of giving users their own dedicated desktops. Now imagine your users who already work in their VDI’s in the office are now asked to go into full remote work mode. Those same users simply go home and log into their VDI and it is like they were sitting at the office. In all these solutions there is a front-end server or appliance that handles load balancing of your connections as well as user authentication. Behind that is either your server farm that hosts the applications or a pool of desktops, making the solution highly resilient and redundant.
Solving the challenges of remote work environments are proving beneficial in other business operations. If added to your BCP/DR plan they ensure business continuity by allowing your operations to continue regardless of what happens in the office. Many of the VPN-only organizations currently allow their end users to VPN into the office and then use Microsoft RDP to access their office computers. In a perfect world this works, but it does not account for loss of power or catastrophic events that affect the office. It also does not account for simple things like computers that are simply powered off and cannot be accessed.
If you are an organization that is serious about proving the best level of remote access while securing the enterprise, Thrive is here to help. CONTACT US TODAY!
Has your remote work policy changed in the last month or two? Are more of your employees working from home or at locations that are “untrusted”? The answer is almost certainly a resounding YES! Now more than ever you need to ensure that Two Factor Authentication (2FA) or Multi-Factor Authentication is being used throughout your organization in as many places as possible. Many people are becoming more comfortable with this concept as they are having to perform these same steps to access their personal accounts (banking, Gmail, etc.).
Whether it is accessing your corporate VPN or cloud-based applications such as Office 365, Salesforce, NetSuite, Workday or many others you need to make sure users are required to supply two forms of authentication to access company resources and data. Something they know (username and password) and something they have (a text message with a unique code or an app on their phone that must be clicked to accept the request to connect) are no longer optional in the workplace.
Microsoft has a Multi-Factor Authentication product called Azure Multi-Factor Authentication that can be configured to deliver Two-Factor Authentication four different ways. The Azure Multi-Factor Authentication service can send you a text message with a code that you must provide, call you on a preset phone number and provide you with the number, provide a rotating code on the Microsoft Authenticator smart phone application, or push a pop up message to your smart phone for your approval. Azure Multi Factor Authentication is available as a standalone product and is also included in Azure Active Directory Premium, Enterprise Mobility Suite, and Microsoft 365.
Fortinet also has Two-Factor Authentication capabilities built directly into the FortiGate firewalls. A physical token or a smart phone application can be used to get a rotating code that can be used as the One Time Password when connected to a FortiGate SSL VPN.
In addition to 2FA, geography-based access to your corporate resources should be something that you consider implementing. Allowing someone to connect from any location in the world may not be necessary, when your users should only be coming from certain geographies. If you only operate business in the United States, why not block any connection attempt from international locations? Sure, you may have users that travel internationally from time to time and exceptions can be made as they arise. Reducing your attack surface in as many ways possible is the best course of action to protect your business now and into the future.
If you are interested in learning more about how Two-Factor Authentication or geography based restrictions could better protect your business, CONTACT THRIVE TODAY!
Many companies that have a series of branch offices or a staff that works remotely deploy what is known as a virtual private network or VPN. The primary purpose of a VPN is to allow business partners to communicate over a secure network from a remote location via IPsec or Internet Protocol Security. By using a VPN companies view this as one of the safest ways to link users together that are distributed across multiple locations.
Worldwide issues, such as the recent Heartbleed bug, bring into focus the importance of Internet security. Of course, we have all heard scare stories about the dangers of the world wide web, and in some cases, these can be dismissed as scare stories. However, some of the more rabid reporting on the issue of Internet security shouldn’t disguise the fact that there are real threats out there.
Regardless of your industry, staying proactive with patch management can be a time consuming but extremely important effort. This is where a managed patching provider can be an invaluable resource.
If you were to conduct a survey of businesses to discover whether or not they are happy with their patch management strategy, the majority of them would likely say that they struggle with patch management processes and are overall dissatisfied with their patch management system. If you are one of the businesses that is constantly burdened by patch management, here are a few of the most common issues companies face and how a managed patching provider can help.
Quality network security is an essential part of the operations for your business and meeting data protection compliance and regulatory requirements. It sounds really simple to say you just want to “keep the criminals out” while keeping your business in productive mode. Unfortunately, with the increased demands for technology and information security, this can result in a significant time investment.
Network security is no longer about just deploying firewalls and an antivirus program. Regardless of the size of your business, the latest threats are very advanced. This is why many companies are opting to use enterprise-class network security protection services to increase protection while saving time and money.
If you have never used this type of service for your company or small business, here is an overview of the core levels of protection that a network security protection service can provide.
As one of Thrive’s primary Macintosh resources, I’m beginning to see an increasing trend in companies moving to Mac. Maybe it’s the allure of the “Macintosh Experience”, or the life expectancy of the hardware or even – and this is a stretch – that the average utilization time with a Mac running on batteries is close to four hours at full processor potential.
But moving your users to Mac, and maintaining a Windows Server infrastructure, isn’t without its caveats. Let’s face it, the two are (and always will be) competitors. Sure, Microsoft makes software to run on the (more…)
Many companies that have a series of branch offices or a staff that works remotely deploy what is known as a virtual private network or VPN. The primary purpose of a VPN is to allow business partners to communicate over a secure network from a remote location via IPsec or Internet Protocol Security. By using a VPN companies view this as one of the safest ways to link users together that are distributed across multiple locations.
Not only are VPNs used to communicate securely over a public network such as the Internet VPNs are also (more…)
In today’s world, disaster recovery is a huge topic of discussion for almost all businesses. In case of a flood or fire or any type of natural disaster, companies should want to have a backup plan in place to spend ideally no more than 24 hours down. This is big picture stuff. But what about the day to day? Employees should always be in a position where their productivity and efficiency are not hindered.
At its core, Thrive Networks is a service delivery company. This means that our people are our product, so as long as they are happy, efficient, and productive at all times, Thrive can be confident in its ability to deliver the best customer service possible. One approach to making sure that each and every day we don’t miss a beat, Thrive employees are given the technological ability to work remotely whenever necessary. VPN access, terminal servers, and soft phones are available at Thrive to all employees. These remote technologies are put into place not only for some catastrophic moment, but also for more common events such as the electricity going out in your office building or a snow storm hitting and the plows falling behind schedule. Obviously there are industries that will remain exceptions, such as manufacturing or education, but for those businesses that can give their employees the ability to work remotely, I would certainly encourage it.
The reason I mentioned the previous snow storm example is because that is what is going on right now as I compose this blog. This morning my supervisor sent an email stating that I should work from home today as opposed to braving what are still mostly unplowed roads. My wife, however, made her way to her office, as her company has a less lenient policy on working remotely. What this boils down to is that I’ve been working productively for the past 2 hours, while she is still on the highway trying to get to her office located a mere 10 miles away. So my point is simply, instead of having your employees arrive 2 hours late, worry about their commute home during the day, and likely have some people leave early to deal with snow removal, you could actually get more than a full day’s work from someone who can just pull up at their kitchen table and not have to worry about any of those things. This is something I’m quite passionate about, but from a business perspective, as long as your employees are safe and happy on a day like this one, then you are bound to get more production from them. I would strongly urge any business that hasn’t thought through their policy on working remotely in these terms recently to take these ideas into consideration.