CIOs are increasingly asked to support network access for remote users—from customers and business partners to employees. The latter group—staffers working from home or small offices—present a critical security issue, because these users likely require high-speed access and a virtual private network (VPN) to access applications and data housed behind the firewall.
I’ll examine the inherent issues, as well as some strategies for improving and enhancing security for remote users, in a three-part series. In this first installment, I'll discuss the state of remote connectivity among today's tech users and some common security issues that are likely to crop up.
Understanding remote security concerns
VPNs typically provide a number of security features (access control, encryption, user authentication) that ensure proper access to network resources; they also provide a certain level of assurance that data is secure while in transit over the Internet.
The one security flaw in the remote connectivity scenario is the integrity of the user’s PC. If a hacker gains access, several major security problems can arise.
For one, the remote user might have confidential business information sitting on his or her desktop. This data can be e-mail, document files, spreadsheets, or presentations—all of which can contain competitive or confidential information.
Worse still, a compromised PC gives a hacker an entryway through which to release a remote-administration Trojan virus—a program that lets hackers run applications residing on the remote PC. From here, the hacker could launch the VPN connectivity software and break into the corporate network as an authorized user. The scenario is an extreme security breach, as the hacker would have the user’s access rights to data and applications.
One solution is to install a personal firewall on each remote user’s desktop. But before such an approach can be implemented, CIOs need to evaluate the management burden that such a plan would entail.
Scope of the problem
There’s no doubt that the challenges of securing remote users are growing each day. Telecommuting is at an all-time high: Close to 32 million people will telecommute either full- or part-time this year, according to market research firm Cahners In-Stat/MicroDesign Resources (MDR). That’s up from roughly 31 million last year and about 30 million the year before. Of that population, 36 percent work for midsize or large companies.
Another factor is the increase in broadband access. In the past, most telecommuters dialed into corporate networks. Today, broadband services, including DSL and cable modem, have saturated nearly three-quarters of all U.S. homes, according to consulting firm the Yankee Group—and that figure is expected to grow to 85 percent by 2005.
The increased broadband access is prompting more VPN implementations. “Because of the cost-savings potential of VPNs and general interest in security, the VPN market is still growing strongly despite a nearly two-year-old economic downturn," said Jeff Wilson, executive director of market research firm Infonetics Research.
Wilson just released a study that states that worldwide end user VPN products and services spending will increase from about $21.3 billion this year to $46.2 billion in 2006—a whopping 117 percent increase.
Security headaches increasing each year
Along with the increase in high-speed access VPN usage, malicious code is also on the rise. New variants, including remote-administration Trojans, spyware, and worms, are increasing at exponential rates. At least 56,280 distinct malicious-code programs are in existence today, according to security software company PestPatrol Inc., which tracks such malicious code. That’s more than twice the number identified in 1999.
The trouble with such malicious software is that it can easily spread via e-mail, instant messaging, and by users launching unknown programs. Some of these programs give hackers the ability to view data on a remote PC if that PC gets infected. Other programs let a hacker eavesdrop on a user’s connectivity session—making it easy to steal usernames and passwords.
The bottom line is that remote connectivity can provide open doors to hackers and security breaches unless proper tools and processes are put in place. Stay tuned for the next articles in this series, which will examine the best approaches to minimizing such risks.