STEP LOGIC's Recommendations on Secure Remote Work

26 March 2020

Due to the current situation, many businesses are faced with the need to transfer employees to secure remote access and provide them with means of interaction. The experience of STEP LOGIC shows that less than 15% of companies are ready for such a scenario, and the rest, as a rule, solve the following problems:

As quickly as possible, provide a large number of employees with remote access to information systems and data.

Protect data, information systems and the IT infrastructure itself when serving a large number of users in accordance with the requirements of regulators.

Provide employees with communication means for collaboration and interaction between themselves and their contractors.

We have prepared answers to frequently asked questions so that you don’t miss anything.

MINIMUM ACTIONS REQUIRED TO PROVIDE PROTECTED REMOTE ACCESS

  1. A firewall with excessive performance and the ability to provide remote access and deploy VPNs (you can also use a software solution).

  2. Two-factor authentication with software tokens to protect access to data and resources.

  3. Monitoring the security of devices for remote access of employees when connecting via VPN solutions belonging to the NAC class.

REGULATOR REQUIREMENTS FOR PROTECTING INFORMATION DURING REMOTE ACCESS

When switching to remote work, information classes and access modes for each employee should be considered. In many cases, the processing of personal data and/or trade secrets will be carried out, for which security requirements have been introduced in accordance with the legislation of the Russian Federation or regulatory acts of the company itself. A company may, by default, prohibit this type of access or not provide for remote work rules that minimise the potential information security risks.

The requirements of regulatory enactments are primarily related to the protection of personal data. In the case of remote access to information systems that process personal data via the Internet (ERP, CRM and other systems, including corporate email), it is necessary to protect the transmitted information using certified Data CryptoSecurity Tool (DCST) in accordance with Order No. 378 of the Federal Security Service of Russia. At the same time, even if an employee uses a corporate laptop with a client DCST, remote work from home will be problematic, since the DCST operation rules (defined in the DCST operational documentation and in Order No. 152 of the Federal Agency for Government Communications and Information dated 13 June 2001) require their placement in allocated premises and setting access control mode, keys, etc. Thus, remote access to information containing personal data (unless it is classified as publicly available) will formally violate the requirements for protecting information or operating DCST. 

For this purpose, you can provide terminal access, in which there is no actual transfer of documents with confidential information between the home office and corporate resources (only an encoded image of the desktop is transmitted). Formally, such a scenario is not considered in the regulatory documentation, and there are examples of the legalisation of this information exchange without DCST. However, this type of access and the corresponding information exchange technologies should be documented in the accompanying documentation for information systems, and also taken into account in threat models.

TERMINAL ACCESS OPTIONS

STEP LOGIC will help you determine and implement the best terminal access option for remote employees, including security settings.

Microsoft RDP provides Microsoft Windows Server-based remote desktop services. This is a perfect option for the following scenarios:

  • It is necessary to quickly provide access to office and business applications (when there is no time to purchase and integrate third-party software).

  • The company has from several dozen to several hundred remote employees.

Citrix XenApp provides rich desktop functionality from Citrix. This is the best option for the following conditions:

  • There are hundreds and thousands of users.

  • It is necessary to provide the ability to work with a large number of graphics and multimedia content.

  • Geographically distributed terminal server farms are used.

  • The highest possible level of security and reliability of terminal access.

Citrix Virtual Apps and Desktops (Advanced Edition license) + Citrix Gateway provide remote access to corporate PCs for the following scenarios:

  • Specialised software is installed on users' work stations that cannot be transferred to a terminal server or home PC (when the license is tied to a computer or hardware key).

  • The software installed on corporate computers presents very high requirements for hardware (CAD/CAM/CAE, etc.). etc.).

VDI provides the most powerful virtual workstations where each employee connects to a virtual machine allocated for him/her. Depending on the specific tasks, a suitable solution may be offered: Microsoft VDI, Citrix XenDesktop or VMware Horizon. This option is recommended for the following scenarios:

  • Each employee uses their own isolated working environment.

  • Access is granted to software developers.

  • Access is provided to demanding applications that use hardware accelerators (CAD/CAM/CAE, etc.).

FULLY FUNCTIONAL REMOTE INTERACTION

Remote work of employees requires the use of electronic means for internal and external interaction, as an integral part of the company's business processes; thus, it is necessary to solve the following tasks:

  • To evaluate the changed requirements for communication channels (bandwidth, delays, etc.), and if necessary, amend contracts with operators.

  • Provide a unified interaction environment instead of disparate use of such solutions as Cisco WebEx, Zoom, Microsoft Skype For Business, etc.

  • Upgrade telephony (IVR, voice mail, and recording systems).

MINIMISATION OF LABOUR COSTS, TERMS AND BUDGETS

We minimise your labour costs, deadlines and budgets using current offers of various vendors:
  • S-Terra: free 1-month demo licenses for S-Terra Client and S-Terra Virtual Gateway.BeyondTrust: extended free trial up to 90 days for such products as Remote Support and Privileged Remote Access.
  • Cisco: special prices and trial licenses for the Cisco ASAv30 virtual firewall for customers who do not have a Cisco firewall or spare resources to support an increased number of remote sessions; for customers who already operate Cisco ASA, Cisco Firepower, or Cisco ASAv30 VPN gateways, free trial licenses with extended validity periods for VPN connections based on AnyConnect Secure Mobility Client for new customers and the possibility of exceeding the number of users over the previously purchased license package at no additional cost for existing customers; ability to use Cisco WebEx Meetings and Cisco WebEx Teams for up to 90 days.
  • Citrix: special conditions for the acquisition of annual Citrix temporary licenses (on-premise) and Citrix Managed Desktop licenses (from the cloud) until 31 March 2020.
  • CheckPoint: free licenses for Remote Access VPN, protection of SandBlast Agent workstations and SandBlast Mobile mobile devices with centralised management for 60 days.
  • Dr.Web: 3 months of protection for free for all remote employees with Dr.Web Enterprise Security Suite installed on their office PCs; Dr.Web Universal bundle, Dr.Web for schools or Dr.Web Office Shield.
  • Fortinet: free trial licenses with renewal for FortiGate-VM.
  • Juniper: vSRX free 60-day trial for all Juniper customers; 90 days of free AppSec licenses, IPS and SecIntel licenses for SRX users; 90 days of free DDoS protection for MX router users.
  • Security Code: free licenses for Continent-SS and Secret Net Studio (the Continuous Protection package) DCSTs for 1 year.
  • Kaspersky: free three-month licenses for Kaspersky Security for Business to protect additional devices, subject to the extension of the current licenses.
  • McAfee: special prices and free 3-month licenses for  McAfee Complete Endpoint Protection – Business, McAfee Complete Data Protection – Business, McAfee Web Gateway Cloud Service, McAfee ePO single management console to protect employees' home devices.
  • PaloAlto: free VM-700 virtual firewall supporting remote access for up to 12,000 employees; GlobalProtect VPN clients that are free to use on PCs running Windows and macOS; free 90-day licenses for GlobalProtect VPN clients on Android and iOS smartphones.
  • S-Terra: free 1-month demo licenses for S-Terra Client and S-Terra Virtual Gateway
We also know that other companies are preparing and will soon announce their own proposals.

Previous news
STEP LOGIC Received New Cisco Collaboration SaaS Authorisation
Next news
STEP LOGIC held a three-day multi-vendor Step Winter Days conference in Sochi
Back to all news
Service center
Рус Eng
Company
NCC
History
Management
Mission
Company`s policy
Licenses
Key customers
Technology partners
Competencies and services
Engineering infrastructure
Network solutions
Computing systems
Multimedia solutions and unified communications
Contact centers
Cybersecurity
Service and IT outsourcing
Software development
Industries
Projects
Media center
News
Expert opinion
Events
Career
About the job
Vacancies
Contacts
Service center
Рус Eng