The 4 Key Considerations for Extending Your Business Continuity Plan (BCP) to Home and Remote Employees
It’s a challenge not to think of a spreading health crisis when you’re crushed into a crowded train or bus, clutching a germ-infested pole and dodging a nearby cough. As the current crisis develops, enterprise business continuity planning and risk management will lead to millions of enterprise users working full time from home.
We’re probably about to embark on the largest global work-at-home experiment in history. What does that mean for your business continuity planning and remote work strategy? Consider four categories: connectivity, performance, security, and management. Here’s a summary of each.
Connectivity and Architecture
IT has been supporting remote and mobile users for years, but a sudden spike in staff working from home full time is a whole new ballgame. Most won’t be connecting occasionally to check email or do some quick catchup at the airport, between meetings or after hours at the hotel. They’ll be on the network every workday for hours accessing enterprise applications, files, and data. Your current remote access infrastructure was likely never sized to cope with such a large, constant load, which means you’ll probably have to add or upgrade remote concentrators. In the best of times, this can take days or weeks, but hundreds or thousands of companies will also need similar upgrades.
Aside from the corporate datacenter, most enterprise users will be accessing infrastructure and applications in cloud datacenters, which adds connectivity complexity. For security reasons, most organizations choose to route cloud traffic through datacenter security infrastructure first, then out to cloud datacenters many miles away, which adds latency to the home user’s cloud user experience. Datacenter network congestion is also an issue.
Performance and User Experience
Mobile and home VPN users often complain about remote access performance even when infrastructure is sized appropriately, thanks to the unpredictability, latency and packet loss inherent in the public Internet core. When accessing the cloud, the mobile experience can get so sluggish that users often abandon the corporate backhauling solution to access the cloud directly, opening significant security gaps. Many newer users also find themselves struggling with unfamiliar VPN client software, passwords, and connections to multiple cloud services. To make working at home a success, IT will have to find ways to simplify and speed up the user experience so it’s more like working at the office. This may mean considering alternatives to backhauling and running traditional VPN’s.
As more and more users work from home, security risks are bound to increase. More remote users mean more opportunities for threat actors to penetrate security defenses. Unfortunately, traditional VPN’s authenticate remote users to the entire enterprise network, allowing them to PING or “see” all network resources. Hackers have been known to exploit this opportunity, as they did with the infamous Home Depot and Target breaches of a few years ago, which took advantage of stolen VPN credentials. Once inside the network, a hacker is only one administrator password away from access to sensitive applications and data. That’s a big reason why IT security has been moving away from network-centric security towards software defined Zero Trust Network Access, which grants users access only to what they need when they need it.
Deploying client VPN software on thousands of new home users’ systems can take considerable resources and time that organizations may not have during a crisis.
AdRoll found VPN onboarding of new users a very cumbersome process, especially for contractors. “Using the Mac’s management software to push out VPN configurations to users was a pain,” says Dunne. Dunne also had to send instructions for configuring the VPN client to each user. Once these users are onboard, IT also needs appropriate tools for managing and monitoring all those remote users, much as it does for its branch offices and other sites. Shifting to cloud-based Web gateways and CASB’s has its own overhead as well.