General discussion


Remote access for employees

By angry_white_male ·
We have about 175 users here. Some of who need (or perceive the need) to have access to remote in from home. We really don't do anything formally. We don't give out VPN access freely because of the usual security risks knowing how insecure home computers can be. IT staff here has it because we can fix our own problems. We could go the laptop route, but my opinion is that the fewer laptops out there, the better from a support and security perspective. Products such as LogMeIn or GoToMyPC are viable (we use LogMeIn to access some of our remote sites), however it requires the user to install an applet on their PC and it means that if their PC at work is having trouble, then they'll need someone to support it after hours. The other issue is that if our remote access software breaks the user's home PC, then we may become responsible for fixing it.

The big issue is that we are not a 24/7 IT operation. We work primarily M-F, 8-5 - with a few of us on call 24/7 for emergencies, in addition to some after-hours work to get things done you don't normally do during business hours. If we enable people to work from home remotely, then like it or not, we will become on call 24/7 for routine support matters which will create issues for me and my employees at home. The phone will ring no matter how many times you tell people that it's for emergencies only.

As it is I get the occasional wake-up call at 4:00 am for a logon or workstation issue by an inconsiderate employee who could care less that my wife and kids are sleeping.

So where do I strike a balance that meets the needs of users, IT staff, and security concerns? Anyone out there find a magic bullet that works for their organization? Has anyone had any issues with requiring people to be on call 24/7 for routine matters? Rotating on-call? Extra compensation? Outsourcing after-hours stuff?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by jdmercha In reply to Remote access for employe ...

It sounds like you need to set policy, or ask for aditional resources.

You have 175 employees. What hours do they work? If their office hours are also M-F, 8-5, then you shouldn't need to support them outside those hours. If they are expected to work outside those hours, then you need sufficient staffing in IT to cover those hours. If the company is 24/7 then you need enough staff to cover 24/7. Whatever you choose, you need to have a policy to cover it.

The same goes for remote access from home. You need to establish a policy that oulines who is respopnsible for maintaining the home computer. In addition to a VPN you could look at terminal services or VMWare. Again, whatever you choose, you need to have a policy to cover it.

Collapse -

First, define need.

by Kjell_Andorsen In reply to Remote access for employe ...

Like you, I work for a pretty small company. We have about 100 users, some of which also want access from home. We do have a simple VPN solution set up, but we try to limit who gets VPN access.

What we discovered was that most of the users who claimed to need remote access only needed things that we can provide withough giving them full remote access. They wanted to be able to access their e-mail at work, so we set up OWA on our Exchange Server, they also needed to be able to access certain information that we set up on an SSL secured website accessible from outside the network. This took care of 90% of the remote access needs.

So my first suggestion is to query the users what they need to do remotely, and then take it from there. See what can be provided without offering full access, and determine different ways of providing this.

Collapse -

Other issues (HR, etc)

by paulr In reply to Remote access for employe ...

Found this post while googling for logmein, and all I can say is before going to any sort of sanctioned remote access system, make sure you have clear usage policies for it. It's no fun to have an employee submit 10 or 12 hours of overtime for remote access time, then be asked by HR if you can offer proof as to whether they were actually working. More than once I've found people who use remote access to do from home what they should be doing during the day, and their daily activities consist of Ebay, Yahoo, and similar (Actually, that's what I find EVERY time a non-manager wants remote access). Then they would go home, and do everything they should have done during the day (some would bill overtime, some would just bill regular time - what a savings!).

LogMeIn further complicated the issue for me, as it made session logging all but impossible, and it was impossible to tell from auditing logs if someone was in the office or working remotely. Also, unless you have a corporate-level account with them, managing a logmein style system can be difficult for access control. While you have a point regarding remote security on terminals, and IP level access at that, those issues can be mitigated by many things (IP policies, custom routes, separate address pool, and firewalls). For VPN I can just lock out someone's AD account if they're terminated. LogMeIn creates one more thing I have to deal with. For me, VPN worked the best from a security and logging standpoint, but was very difficult for the average user to set up at home. Like another user said, OWA also helped with perceived need. It seemed that most people who actually worked in the office really only wanted to get an early start on E-mail activity, or check up on their calendars. Personally I hate user-level remote access in any form, and working at a company with no remote offices, no one out traveling, I feel that if they can't do it in the office, that's really not my problem.

Regarding all-hours phone calls, what I do is function on an E-mail only system. Managers have my phone-number to contact me if there's a severe failure, like a server outage, and for that they can call me 24/7 (I submit after-hours work with a one-hour minimum, at time and a half - cuts down on ******** calls). If it's anything else, I better not be getting a phone call for it, but an E-mail (which with a windows mobile cellphone I have access to all the time, but per my convenience). If someone's forgotten their password at 4AM, they can wait for 5 hours.

Even though it?s been many months since your original post, perhaps that info will be of help to someone.

Collapse -

Re: Remote Access for Employees

by b.mojo In reply to Remote access for employe ...

If you're serious about giving employees ReMAc, then you might consider limiting access to a few key personnel rather than a company-wide plan. Only include those of your Administration staff who require remote access to their workstations, either from home or while on business trips via their portable computers or PDA's. As you stated, allowing all employees access would not only cause security risks, but be a contant nuiscence when one asks for something like Port Forwarding on the main servers, etc. My own company servers were infected by viruses brought in by data from outside sources. Limit the access to those people who's jobs are vital to the operation of your company.

Related Discussions

Related Forums