Jay Pultz sits at the center of a home office that hums with computers, printers, and a cable modem gateway.

Pultz works for Gartner, a business technology advisor based in Stamford, CT. (TechRepublic is a subsidiary of Gartner.) Because of his background working with high-speed access issues, Pultz can assure Gartner that his powerful home office isn’t a security threat to the corporation. But organizations can’t always rely on a telecommuter’s expertise to protect the business. Telecommuting carries with it a number of security, connectivity, and productivity issues.

Sponsored by
NetScreen is the exclusive sponsor of TechRepublic’s special series on VPNs and Firewalls.

For more information, check out TechRepublic’s VPN and Firewall Center,
or visit NetScreen’s website.

NetScreen is the exclusive sponsor of TechRepublic’s special series on VPNs and Firewalls.

For more information, check out TechRepublic’s VPN and Firewall Center,
or visit NetScreen’s website.

Here’s how Pultz recommends addressing those issues.

Pultz urges organizations to consider three key issues when dealing with broadband telecommuters:

  • The need to limit the number of ISPs that provide your employees broadband access.
  • The unique set of security concerns that come with broadband access.
  • The number of control issues your IT department can expect to face and how to limit those issues.

TechRepublic is featuring a series of articles on this topic in every Republic this month. If you’d like more information on security or productivity issues relating to VPNs, click here.
Broadband access: Got to love it
Pultz said he stretches the definition of broadband when he talks about it in relation to telecommuting. In his view, broadband is any access that involves a connection faster than what a user can achieve via a normal telephone connection and a dial-up modem. The technologies that fall under his definition are DSL, cable, wireless, and satellite. He limits the discussion to DSL and cable because they are most commonly used.

“I view broadband as an enabler of telecommuting,” Pultz said. Without a broadband connection, telecommuters face substantial productivity challenges. “It’s harder if you have to get access to a number of corporate resources and the Web to do your work with a 56Kbps modem compared to someone working on the LAN with the same resources.”

“Broadband access shrinks the disparity between telecommuters and workers on the company’s LAN,” he said.

“The problem is, when you look at both DSL and cable, they are both kind of local-oriented technologies that weren’t originally designed with telecommuting in mind,” Pultz said. “If an enterprise is reasonably large, providing teleworkers throughout the U.S. with broadband access is an issue.”

While cable access might be available for some telecommuters in a company, others in different parts of the country may have DSL. Each may have a different provider.

“You can easily end up with a situation where you have multiple technologies and multiple service providers, and that’s a hard environment for the IT department in the average company to run,” Pultz said. “If you are a smaller company and your users are all within a local area or within the footprint of a single provider, then it is less of an issue.”

“Another problem is that your telecommuters throughout the U.S. may not be able to get broadband of any kind because neither cable nor DSL have been fully rolled out,” he said.

On the plus side, however, a number of companies are starting to provide nationwide service, including:

Finding a single provider for an entire company will still be difficult, Pultz said, but there are good reasons to try.

“For purchase power reasons, a limited number of suppliers [is beneficial] so companies can maximize the volume discount they can get for these kinds of services,” he said.

Always on, always a danger
The second broadband telecommuting issue is the security concerns created because cable and DSL are essentially always online.

When telecommuters are using dial-up services to access the corporate VPN, they may only be online for a few hours. It is difficult, under those ephemeral circumstances, for a hacker to target the user.

Continuous connections made by cable and DSL hookups make it easier for hackers to attack the system.

“If you are a corporate teleworker, it is likely that you will have some interesting information or software on your PC,” Pultz said. “You probably have a file labeled, covertly, ‘passwords,’ which might be of interest if you are of the hacker persuasion.

“Or you may have software on your machine that is server-like so a hacker can get access to your machine as a corporate server and from that machine, they can get to corporate resources. The corporate network assumes this is a trusted machine, but it has actually been infiltrated by a hacker…[who] can use that machine as a backdoor to get into the corporate network.”

There are software firewalls that can protect your telecommuter machines offered by companies such as Norton and BlackICE, Pultz said.

“They are both very nice, but they have to be configured, they have to be in place, and the user has to not subvert them,” he said. “Unfortunately, it is easy for the user to look at the firewall technology and say, ‘I want to do something the firewall is blocking now,’ and just turn off the firewall.”

Security for the telecommuter is complicated by how you separate the home office environment from whatever else is going on in the home.

“This gets into age-old questions like, ‘Can you use your home PC for teleworking?’ and that’s something we advise against,” Pultz said. “You don’t know if that is a trusted machine. You don’t know where that machine has been.

“You can get into really messy issues [with] confidential information. It may not be Los Alamos information, but it’s not stuff you want on a home machine.”

Limit the impact on your help desk
One of the most important decisions companies can make involves the way telecommuters interact with IT staff for support.

A typical telecommuting scheme is for the company to provide a VPN for telecommuters and then have the worker provide their own modem and cable or DSL service.

This is how most organizations set up their systems, “but the problem is that when those teleworkers have a problem, they call the IT help desk,” Pultz said, adding that the help desk is handcuffed because they don’t know how the home PC is configured, how the user is accessing the VPN, or what type of cable modem they are using. “It’s very difficult to guarantee a teleworker any level of service.”

There are some workarounds to these concerns, such as providing a company computer that has the corporate hard disk image and settings installed.

Decide what type of access is appropriate
IT managers need to make other decisions that will affect support and performance, such as which kind of network access is most appropriate for the kind of work the telecommuter does.

A worker who needs the Internet for communication and research is already defined, as far as what form of access that worker requires. In this case, a VPN via the Internet makes the most sense.

If the teleworker is handling transaction processing or production work, however, then a faster and more secure connection such as an ISDN or T1 connection may be needed. The costs would have to be weighed against the productivity of the worker.

Worker performance also is a gateway to some potential legal issues with telecommuting, Pultz said. One argument you might hear could be: “I got a bad performance [review], but I didn’t have a good connection so my performance suffered because you couldn’t provide me a good service compared to my counterpart, who has high-speed service,” Pultz said.

“I’d still call this kind of an experimental phase for broadband telecommuting, with the exception of a couple of very large corporations,” Pultz said.
Is it worth all the hassle to support telecommuters in the enterprise? Is your company doing it? How? Start a discussion below or send us a note.