Working from Anywhere
Mobility and Cloud computing has changed the way we work.
We are now able to work from anywhere, with all facilities and capabilities similar to a traditional office workplace setup.
Employees, Vendors and Clients want to access corporate applications and data at anytime, from anywhere and from any device. Many IT sectors are fully or partially addressing the user’s needs with different approaches and technologies. However, authorising employees to use personal devices to perform day to day office tasks have a unique security challenge and employers should make sure that access to corporate applications from an employee-owned device is secure especially when it comes to gadgets like tablets, ipads, mobiles, smart watches etc.
For more than a decade, security practitioners have used traditional methods to secure remote and personal mobile devices. Users, though, are sceptical about allowing third party applications on a personal device and concerned about potential invasions of privacy and limited usability.
I have divided this blog into five major sections, with each covering advantages, limitation and recommendations which helps us to build effective remote teams and deliver the best performance during unforeseen situations such as natural disasters like floods, earthquakes and pandemics.
1. Work Place Digitalisation
Technological growth is limitless in this modern era; almost every home now has fast internet access, capable of streaming videos and movies. Organisations just have to ensure that they provide the tools and technology needed for the employee to access company emails and all work-related folders and files over the internet in a safe and secure method.
Below are some of the facilities that a company should consider while enabling an employee to work remotely.
Desktop as a Service
The practicalities of rolling out desktops or laptops to all remote users is big challenge, but we can configure virtual desktop through service providers like dinCloud, Amazon Web Services, Citrix, VMware Horizon Cloud, Microsoft (Azure), Cloudalize enabling users to connect globally and continue operations. Users may also require a Docking Station, which is a popular device that connects a laptop to multiple peripherals. A docking station provides a single connection point that allows a laptop to use a connected monitor, printer, keyboard, and mouse. No separate devices are needed in the home or office as it allows a laptop to function like a desktop computer in office, and also allows the laptop to be easily disconnected and taken home to work remotely.
Home Office Setup
When working from home on a regular basis, it’s important that you create a clear distinction between home and work life. If you’re working whilst spread-eagled on the sofa or lying in bed, you will be unlikely to achieve a high level of productivity and at the same time we have to consider health & safety implications. Working for any extended period of time in a workspace that has not been properly considered and set up, could lead to serious health issues. Below are few key products and accessories that you should consider to ensure a comfortable home office setup before you start as remote worker:
- Ergonomic desk chair
- Strong WiFi connection
- Adequate lighting
- Noise-cancelling headphones
- Dedicated Phone
- Choose a Dedicated Area
Remote sharing and Meetings
Additionally, there are some remote sharing tools like Cisco WebEx, Skype business, Google Hangout, Zoom, TeamViewer, Windows Quick Assist, Skype,Join.Me, Screen leap, Crank Wheel, Anydesk etc available to enable virtual collaboration between team members and with clients whenever and wherever needed. Companies would mostly opt for tools from well reputed companies who sell licensed products, as this gives them the peace of additional security which the vendor would incorporate in their own product. However, while choosing the most secure tools, cost could be an added disadvantage because most of these corporate vendors would sell licenses based on the number of users. When the number of people working remotely increases, the number of licenses that need to be purchased would increase as well.
Shared network drives enable the company to have a common repository for any particular team to store and share data. Most companies have security structures and permissions in place so that shared drives are accessible by specific teams or departments, without being able to view other department data. In any case, the employee will get to know up-to-date information about their team's activities
Email and Calendar Service
While working from anywhere - home or remotely, one of the major facilities that a company should provide would be the employees access to centralized resources which could include email distribution lists and centralized ticketing systems. The email client is an application for desktop that allows you to configure single or multiple email addresses. You can compose, send, receive, and read emails from third party applications and additionally you can configure Centralized business calendars that would enable any employee to view their team's schedules and meetings. This way an employee could be informed about what is happening in their team, whether it be someone's leave schedule or meeting schedule.
Email is a key application in all small, medium and enterprise organisations.
The table below shows in more detail different email services available in market and their considerable pros and cons.
|Service||Service Type||Storage Space||Max Attachment||Pros||Cons|
|Gmail||Free||15 GB||25 MB||Global use, highly efficient security||Advertising, Unclear user data policy|
|Zoho||Free/Premium||5 GB||25 MB||Custom domains,GDPR compliance and tough security||No free version, many non-email features might be distracting|
|ProtonMail||Free/Premium||500 MB||25 MB||Open source, security||150 messages per day limit, custom domains use|
|Outlook||Free||15 GB||34 MB||Data encryption, good collaboration with Microsoft and Hotmail||Slow speed and crashes and poor spam handling|
|Tutanota||Free/Premium||1 GB||25 MB||Free for private use, data encryption, anonymous email accounts||Inbox rules in Premium, pay for extra storage|
|Yahoo Mail||Free||1 TB||25 MB||Redesigned desktop, app and web, enormous storage capacity||No ability to set folders, too many ads (Pro to go ad-free)|
|iCloud Mail||Free||5 GB||20 MB||No advertisements, iCloud for Windows||Issues with synchronization, not easy for an average user|
|AOL Mail||Free||225 GB / Unlimited||25 MB||Free web-based email client,54 interface languages||Spam filtering is manual, 1 file attachment only|
|Free/Premium||65 GB||30 MB||Antivirus protection, 200 domains selection||Ad-free in Pro only, no labels for messages|
|GMX||Free||65 GB||50 MB||Up to 50 Mb attachment size, powerful search||Attachments limited in free version|
|G Suite||Chargeable||30 GB / Unlimited||25 MB||Corporate centralised management. 24x7 support and it comes with a package of other corporate software that can be very useful.||Can be expensive, depends on the amount of users and storage.|
|Microsoft 365||Chargeable||30 GB / Unlimited||25 MB||Corporate centralised management. 24x7 support and it comes with a package of other corporate software that can be very useful.||Can be expensive, depends on the amount of users and storage.|
2. Personal Gadgets and Portable Device Management
When you are working remotely in order to stay connected to your workplace, you will need to stay connected. Video conferencing, connection to your office servers and sharing files with your colleagues and employers are essential to any company, and at the same time since we are using more personal gadgets it is important to separate your living area from your work area. If you can’t carve out a separate work space in your home, be sure to collect your devices at the end of your workday and store them someplace out of sight. This will not only keep them from being accidentally opened or perhaps stolen but will also help in separating your work life from your home life. With your vital devices playing a major role in remote connection and mobility, below are some key points to take into consideration:
iPads and tablets are great tools for video conferencing but it is usually in edition to your laptop/computer. Most of us probably have laptops we can use for working on the go, but if you have a tablet then you've also got another powerful tool in your work-at-home arsenal that you might not have considered.
Think about it: tablets are tiny, lightweight, easy to hold, and powerful for most of your basic work tasks. Whether you use something web-based like Google Drive or Office365, or a word processor app like Apple’s Pages, you can also consider using your tablet for word processing. With generous screen sizes that are well lit, touchscreens, attachable keyboards and even dictation features that are reliable and very easy to use, tablets make it easy to draft all sorts of documents.
In terms of features, some gadgets and portable devices hold all the benefits of laptop/desktops as listed below.
- Access to email and calendar service
- Provide secure connection to remote desktops
- Remote communication & collaboration
- VPN connectivity, secure and scalable remote network access
- Use a high-quality headset and external webcam
- Online file-sharing and note-organization tools
- Video and text chat services for real-time conversations
Printers, Scanners & Shredder
Many academic institutions and public libraries use software, made by Pharos Systems, that charges users for each print or prevents students from abusing the privilege of free printing. You can take advantage of these features to print securely. In a typical work area, you have to enter your password into the printer before printing. Also, you should always use a password protected document to print and dedicated shredder to destroy all confidential document as there are more possibilities of a confidential document being exposed outside while working from home.
Mobiles and Smart Watches
The ability to use mobile technology to connect remotely empowers and enables employees and small businesses in many ways. For more than a decade, security practitioners have used traditional methods to secure remote and personal mobile devices. Users are sceptical about allowing third party applications on a personal device as they’re concerned about potential invasions of privacy and limited usability. For remote workers there are technologies that seamlessly integrate with mobile devices and cloud apps that can be relied on to get their work done; File storage, data backup and software services in the Cloud provide centralized access to business-critical information and applications on-demand. Smartwatches in particular are convenient to wear, have the capability of collecting data in a continuous manner and provide additional benefit to the participant including managing their calendar, text messaging and making phone calls. Additionally, smartwatches have a variety of sensors suitable for collecting physical activity and location data, thus can effectively perform all data centre and weightlifting works, including hardware replacement, with more precautions and guidance in compliance with health and safety.
Portable computing devices
Most enterprises and medium-sized organizations have started to replace laptops with portable computing devices as they have additional advantages for remote workers with roaming profiles, the ability to stay connected to office networks from client locations, data centres, in transit, during the commute etc.
Portable devices have many advantages over laptops such as portability, flexibility, convenience of assembly, power usage, dimensions & weight and providing information at your fingertips etc.
In the table below, I quickly compare the features and limitation of portable devices to give a better understanding of whether these may fulfill the specific requirement of remote worker expectations.
|Category||Google Pixel Slate||Microsoft Surface Pro||Apple iPad Pro|
|Processor||8th Gen Intel Celeron, Core m3, i5, or i7||8th Gen Intel Core i5 or i7||A10X Fusion|
|RAM||4, 6, 8GB||8, 16GB||4GB|
|Storage||32, 64, 128, 256GB||128, 256, 512GB, 1TB||64, 256, 512GB|
|Connectivity||Wi-Fi, Bluetooth||Wi-Fi, Bluetooth||Wi-Fi, LTE, Bluetooth|
|Ports||Two USB-C ports, keyboard connector||Mini DisplayPort, Surface Connector||Lightning port, Smart connector|
|Cameras||Front: 8MP Rear: 8MP||Front: 5MP Rear: 8MP||Front: 7MP Rear: 12MP|
|Battery Life||Up to 13.5 hours||Up to 13.5 hours||Up to 10 hours|
|Weight||Starts at 721g||Starts at 775g||469g (10.5-inch), 677g (12.9-inch)|
|Biometrics||Fingerprint sensor||Windows Hello||Touch ID|
Limitations of Gadgets and Portable Devices
As mentioned above, there are many benefits and advantages of using gadgets and portable devices, especially when you are a remote worker. However there also some limitations and risks involved in terms of integrity, data exposure and data deletion. Below I highlight a few cons being faced in day to day life while using Gadgets and Portable devices.Data Security
Since large amounts of organisational or individual data are collected and stored, the issue of data security arises, and it becomes difficult to keep this data safe.Privacy Concerns
Controlling your personal information is very difficult and sometimes impossible, since anyone can take photos and video footage on their mobile phone, then post it online. Everybody has the ability to search for people online and maybe find unflattering photographs, or see them expressing controversial opinions in social media or blogs.Social Disconnect
There is always a high chance of disconnecting from a ‘real world’ social life since it becomes habitual to communicate via digital devices rather than through real life contact.Work Overload
In theory many business don't approve of remote work since they fear employees will slack off when working remotely but in reality it is often just the opposite since remote workers are more likely to overwork because personal life and your work are both under the same roof making it harder to switch off.Plagiarism and Copyright
As there are no policies defined or applied in personal devices, there are more chances of having copyright issues when you start using home editions and tools for office purposes as it becomes easy to copy, crack and reproduce.Gadgets Dependencies and Over Usage
Since some gadgets are easy to carry, there is a chance of excessive usage which leads to anxiety, depression and other health problems. In other words, depending too much on today’s technologies or gadgets can blind us to the future and we may look to gadgets o complete all tasks for us instead of using mental acumen.Addiction
We will sometimes surrender ourselves to gadgets and continue to use these devices after business hours. This may manifest as an addiction to social media, gaming, or any number of other tech-rooted engagements.Data Vulnerability and Deletion
Knowingly or unknowingly, sometimes personal gadgets are being used by other family members leading to data exposure, accidental sending of embarrassing emails or deletion of sensitive data.
3. Protection and Security Concerns with Remote Access
Remote employees are stepping outside office environment day-to-day, which presents a lot of risky IT behaviour. In the workplace employees would likely be observed doing something the company would not approve of, such as copying data to an external USB drive, access violations, etc. If these remote working access routes are unmonitored or not well protected, then the risk of a cyber-security break-in is significant. Below are some best practices to manage and secure office and home privacy while connecting remotely in on all kinds of devices including office & personal laptops, mobiles, smart watches, gadgets, portable devices etc.
Antivirus and Software Upgrades
Keeping software up-to-date minimizes the risk of hackers attacking software that has known security vulnerabilities. When using enterprise-level antivirus software such as Trend Micro and BitDefender for PCs, laptop and servers, their products are designed to update automatically, and protect you against the most advanced cyber threats on the planet. Both provide access to an admin platform which allows an administrator to configure policies that can restrict access to certain web sites, minimizing the risk for the end user entering fraudulent web sites unintentionally.
A more modern approach/solution will be Cylance, a new generation AV that uses machine learning and artificial intelligence to detect and prevent viruses and malicious infecting the PC/laptop.Bitdefender
We recommend using Bitdefender, as it achieves good results with our clients for Windows, macOS, Android, iOS Protection and automatically upgrades. Additionally there are free trial versions.
Other cybersecurity and anti-virus software like Norton Antivirus, Kaspersky Anti-Virus, Trend Micro Antivirus, Webroot Secure Anywhere Antivirus, Avast antivirus, McAfee, BullGuard are available on the market and provide different layers of protection such as real-time protection, removes malware, removes spyware, removes adware, dedicated ransomware protection, anti-phishing, anti-fraud and rescue mode. Additionally, they deliver features like secure VPN, safety online banking, webcam protection, parental advisor, vulnerability scanner, firewall, quiet mode, social network protection, password manager, anti-theft, etc.
For mobile devices we recommend Lookout, the market leader for mobile device protection. It also provides an admin-controlled platform, which is cloud (AWS) based, providing quick access across the Globe.
A password manager like 1password.com or lastpass.com can create strong, unique passwords for all of your accounts. So if one of your passwords does get caught up in a data breach, criminals won't have the keys to the rest of your online services. The best ones sync across desktop and mobile, and have autocomplete powers.
A convenient shortcut to remembering all those passwords is getting a paid password manager account or letting your browser remember them for you. But always remember that good practice is to have a password rotation every 60-90 days depending on the company policies.
In MFA a user is granted access only after successfully presenting two or more pieces of evidence. Two-step verification is an additional method of confirming a user's claimed identity to have secure connections. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism (such as a code sent over SMS), or a number generated by an app that is common to the user and the authentication system.
Mobile Device Management
Most organizations allocate heavy investment in protection for their workstations and PCs, but securing mobile and portable devices are equally important as they include a lot of sensitive data. To achieve this, mobile device management (MDM) offers a fantastic solution as it allows IT administrators to control, secure and enforce policies on smartphones, tablets and other endpoints.
MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, enforcing corporate policies, integrating and managing mobile devices including laptops and handheld devices of various categories. MDM implementations may be either on-premises or cloud-based.
Some major benefits and services providers offering MDM solution to secure and manage data on mobiles are shown below.VMware Air Watch
VMware Air Watch is an enterprise mobility software provider from VMware, providing technologies that help IT administrators deploy, secure and manage mobile devices, applications and data, as well as Windows 10 and Apple Mac computers. It supports IOS devices and android, with a great support team however integration is not easy and needs to install more connectors to support the tool.Citrix XenMobile
XenMobile is a comprehensive solution from Citrix for managing and protecting mobile devices, apps and data, and gives users the freedom to experience work and life their way. Its features include easy installation, connection from any devices and a moderate performance.IBM MaaS360
IBM MaaS360 is an enterprise-level mobile device management solution that has been developed by the world leader in computing technology. It allows businesses to manage and secure their devices while offering highly advanced tools for applications and content management. Installation and maintenance are hassle free, with a very good onboarding service from IBM. It does however need some fine tuning of some features on IOS devices, especially the data wiping task.Microsoft Intune
Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). Intune is included in Microsoft's Enterprise Mobility + Security (EMS) suite. It offers highly tuned software deployment with very good data wiping technologies, but there is the need to consider additional features on VPN deployment and devices searches.BlackBerry
BlackBerry offers a complete enterprise mobility management solution, including capabilities for mobile device management, mobile application management, mobile content management, identity access management, mobile security and containerization. It is highly secured and specifically used to separate personal and office environments, never allowing corporate data to be accessed by other 3rd party apps. However more function needs to be added for IOS devices and also licensing cost needs to rationalised.
Notable features and BenefitsVOIP / telephony
VoIP can be highly cost-effective compared to a traditional PBX solution, and is affordable without having to invest in additional hardware. If you operate from multiple sites, it allows for free calling between sites - potentially a significant saving in some industries.Apps like Viber, WhatsApp, Google Hangouts, Duo, Skype, Nextiva, Zoom and Talkatone provide all-in-one communication systems that offer voice calling, specifically designed for personal and businesses. However, tracking and management can become very complex while using free app for VOIP calls.Remote Desktop
One major benefit is allowing users to connect remotely to their computer, servers, VDI via advance remote desktop connection to perform their work. You will not get the convenience of laptops or desktops, but it will be very helpful if you want to perform critical cases and urgent tasks where there are production impacts for business.Citrix
Citrix Gateway provides secure delivery of Microsoft RDP. On establishing a full VPN tunnel, users can access their remote desktops through a browser and apps, they can access VMware Horizon View virtual desktops and other enterprise applications through Citrix Gateway.
Mobile VPN client
Mobiles with access to company emails, services, or data are vulnerable to data breaches. To avoid security breaches, Mobile VPN encrypts traffic, preventing interception of emails and online communication. MDM Gateway Servers now manage all network traffic from the device and provide an endpoint for the Mobile VPN tunnel. Secure Gateway Service lets you combine the secure reach and broad capacity of private networks with the convenience of the public internet to help mobile employees and remote locations collaborate and communicate better.
Integrated Firewall and VPN Solutions
Traditional networking products simply block unwanted traffic, passing authorized traffic between networks. Practical expectations are more than just packet filtering and security functions, such as Denial of Service (DoS) attack prevention and intrusion-detection systems become required criteria in a modern infrastructure. There are also software-based firewalls where we can allow/deny based as on company policies. Below are vendors offering solutions for VPN integration with firewall.
- Symantec's Raptor Firewall with PowerVPN
- NetGuard's GuardianPro and Guardian IPSec VPN
- Check Point Software Technologies' VPN-1 Gateway
- Computer Associates (CA's) eTrust Firewall and eTrust VPN.
SMART and Secure Tunnel IP-VPN
Smart IP-VPN connectivity spreads worldwide and sharing sensitive data among organization requires network design to be in place to enable secure connections to the workplace. The network becomes complex in design, since multi-layers are involved and there are few network solution vendors who integrate Mobile VPN, cloud acceleration, security, SD-WAN and provide one service to ease the networking operations. Examples of which are below.Cato
Cato built a cloud-native network, as a single, converged cloud service and which extends global networking and security capabilities down to a single user’s laptop, smartphone, or tablet. Mobile and remote users can dynamically connect to the closest Cato end device, and their traffic is optimally routed over the Cato global private backbone to on-premises or cloud applications. Cato build a design which is simpler, more integrated and also replace MPLS and Mobile VPN with Cato Cloud.Cisco
Cisco offers several Layer 2 and Layer 3 IP/MPLS-based solutions to assist in migration and consolidation, and to support a broad range of services within the mobile operator’s infrastructure. Also, mobile operators can use a single network infrastructure and management environment to offer customers connectivity for ATM, Frame Relay, Ethernet, Point-to-Point Protocol traffic with Cisco Any Transport over Multiprotocol Label Switching and to carry customer IP traffic in Layer 3 VPNs.BT MPLS
BT provides Point-to-point MPLS VPNs providing Layer2 point-to-point connectivity between two sites. A virtual private LAN service provides ability to span VLANs between sites. L2 VPNs are typically used to route voice, video, traffic between substation and data centre locations. Since we have layer 2 protection all traffic is encrypted and highly secured over virtual private LAN service.
Network Enhancement & PeeringMesh network
While working from home you may need to carry laptops, portable gadgets or mobiles in all rooms, but standard routers fail to send the signal traffic to all areas in the home. Mesh network routers and nodes give you several access points, covering all the rooms in your home with the wireless internet connectivity you need.Network Peering
As technologies advance, many service providers like Microsoft Azure and AWS come with Network Peering connection which establishes connection between two datacentres enabling you to route traffic between client to site, Site to site, On-premises to cloud etc. Peering connection helps you to facilitate secure data transfer and provides a simple and cost-effective way to share resources between regions or replicate data for geographic redundancy.DMZ Network
Key services like email, web servers and FTP servers have more exposure from an external network and because of the increased potential for attack, they are placed into an isolated network to protect the rest of the subnetwork being compromised. This can be protected by a DMZ Network which acts like a firewall to an untrusted network. This additional firewall will be responsible for protecting the DMZ from exposure to everything on the external network.Home Network Security
The home network should be secured and protected similar to the office network since home networks are more vulnerable and are exposed to internet traffic. In many cases, once a wireless router has been installed we don’t spend time to secure and monitor the traffic through the wireless router as long as our devices are set up and connected. We have to perform self-auditing and plotting since internet traffic is prone to exploitation by cybercriminals, data breaches, ransomware attacks, and many other online threats. It is advisable to follow the guidelines below to have a secure home network.
- Enable network encryption
- Use a strong network administrator password
- Change the default IP address and login details on the wireless router and Wi-Fi credentials
- Disable remote access and keep the software up-to-date on the router
- Place the router to make sure outsiders/neighbours don’t get Wi-Fi signals
Cloud Computing and Data Encryption
As everyone is aware, cloud computing services started governing more IT sectors by delivery of different services through the Internet which includes data storage, servers, desktops, databases, networking, software, analytics and intelligence. You also only pay for the cloud services you use which helps you lower your operating costs along with providing other benefits. I am going to cover a few of the major service providers for cloud computing and discuss their enhanced data encryption and protection features.Google Cloud
Google cloud platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail etc.Gmail uses enhanced encryption long-standing protocol which allows encrypted and signed messages to be sent using standard email delivery and uses public key cryptography to encrypt the message on send and decrypt the message on receipt with a suitable private key to keep message content private.
Some quick tips are to check if your composed and received messages are encrypted (it will only work if you have S/MIME enabled on your account).
- Start composing a message
- Add recipients to the 'To' field
- To the right of your recipients, you'll see a lock icon that shows the level of encryption that is supported by your message's recipients. If there are multiple users with various encryption levels, the icon will show the lowest encryption status
- To change your S/MIME settings or learn more about your recipient's level of encryption, click the lock, then View details.
- Open a message
- On an Android device: Tap View details and then View security details
- On an iPhone or iPad: Tap View details
- You'll see a coloured lock icon that shows you the level of encryption that was used to send the message.
“Highly Recommended: Great for small businesses since they use Gmail as a primary email communications tool”Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centres.
In my opinion Azure provides the best encryption and protection for documents, email, files for all platforms and some of the best feature are:
- Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business content
- Control oversharing of information when using Outlook (warn, justify or block emails)
- Protection for on-premises Exchange and SharePoint content via Rights Management Connector
- Azure Information Protection content creation by using work or school accounts
- Azure Information Protection software developer kit for protection for all platforms – Windows, Windows Mobile, iOS, Mac OSX, and Android
- Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection)
- Azure Information Protection scanner for content discovery of on-premises files matching any of the sensitive information types
- Azure Information Protection scanner to apply a label to all files in an on-premises file server or repository
- Microsoft Information Protection software developer kit (SDK) to apply labels and protection to emails and files for all platforms – Windows, iOS, Mac OSX, Android, and Linux
“Highly Recommended: Great for email, files, SharePoint and Microsoft Documents protection “AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from global datacentres. Millions of customers — including the fastest-growing start-ups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.
AWS provides strong encryption of content in transit and at rest, provides the option to manage your own encryption keys and, including the below features:
- Data encryption capabilities available in AWS storage and database services, such as Amazon Elastic Block Store, Amazon Simple Storage Service, Amazon Relational Database Service, and Amazon Redshift.
- Flexible key management options, including AWS Key Management Service (KMS), allow customers to choose whether to have AWS manage the encryption keys or enable customers to keep complete control over their keys.
- AWS customers can employ Server-Side Encryption (SSE) with Amazon S3-Managed Keys (SSE-S3), SSE with AWS KMS-Managed Keys (SSE-KMS), or SSE with Customer-Provided Encryption Keys (SSE-C).
- AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
“Highly Recommended: Great for server, storage, database layer of protection”
4. Remote Data Centre Management
There is always less scope in managing the datacentre remotely as it needs physical intervention, but we have defeated this concept to some extent by hardware virtualization.
For example, the traditional approach to performing hardware scale up, scale down, power up of servers and storage needs physical presence, however in a modern infrastructure we have reduced human effort, time and money by performing such tasks through virtualization software.
I am going to cover few areas where we can minimise the number of visits by adapting remote tools and technologies, and only attending the datacentre if absolutely needed:
- Reducing human effort, time and cost can be highly achievable by transformation to cloud services and virtualization to avoid physical storage and servers
- Configuring remote monitoring tools like Datto RMM, SolarWinds etc
- Configuring KVM switches to control of different computers is switched by a button, On-Screen Display (OSD) controls found on a console screen, switch keys, or hot keys
- Configuring Integrated Management Module to full remote power control over your server with power-on, power-off, and restart actions. In addition, power-on and restart statistics are captured and displayed to show server hardware availability
To enable your business operation to continue, no matter the disruption, we need backup and disaster recovery services to make sure your data is secure and can be restored very quickly. To protect and keep a copy of data through backup and remote copy tools, there are excellent solutions provided by some of the below service providers irrespective of data hosted in cloud or on-premises.Druva
Integrated backup, eDiscovery and compliance monitoring. Simplify endpoint data protection, ensure regulatory compliance, and improve data visibility for the mobile workforce. Highly recommended for personal computing like desktops, laptops and also for mobile devices like smartphones and tabletsActifio
Modernize your backup, improve your RTO, RPO, & retention SLAs, on-premises, in private, public, or hybrid clouds, all while reducing cost, risk, and complexity. Recommended for long term-data retention and backup & recovery solution for any private/public cloud.Veritas
Proven, modern, and integrated technology that brings together availability, protection, and insights. Veritas ensures predictable availability, application resilience and storage efficiency across multi-cloud, virtual and physical environments. Recommended for enterprise large level data backup, CloudPoint, desktop and laptop, system recovery.Veeam
Veeam Backup & Replication delivers availability for ALL your cloud, virtual and physical workloads. Through a single management console, you can manage simple, flexible and reliable backup, recovery and replication of all your applications and data to eliminate legacy backup solutions forever. Recommended for mixed environment as it supports all platforms, workload, cloud, apps.
|VMWare||Azure Stack||SharePoint||Dell EMC|
|Hyper-V||Office 365||Active Directory||Dell EMC|
|Nutanix, AHV||IBM Cloud||Oracle SAP||Nutanix, Lenovo, Pure Storage|
Recovery Point offers comprehensive integrated back-up, cloud and traditional disaster recovery solutions to meet the different RTOs/RPOs of your business. The latest in IT security best practices is architected into all our solutions, providing you with the peace of mind that your data is secure. Recommended for backup and desktop since Recovery Point provides customers with a high-performance virtual desktop infrastructure (VDI) resilient solution.
5. Remote Data Wiping
It’s very important, and highly essential, to talk about data lifecycle management - managing the flow of an information system’s data throughout its life cycle: from creation and initial storage, to the time when it becomes deleted without leaving any footprint. As technical experts, we have to impress upon the customer the importance of assuring data integrity and consideration of risks before they make their decision about who and how many employees are given the option to work remotely. Especially as there is a large chance of data-leakage and significant danger of breaching legislation in remote working.
There are a number of steps you can take to protect your business, especially where there is a particular reason to suspect a future breach of confidentiality may occur. Data protection rules are also in force for companies, authorities and associations that process personal data, including scrubbing company and confidential data on personal and office devices, ensuring they are securely deleted from any storage medium.
An enterprise wipe will remove corporate email, policies and any managed applications or distributed documents from a device, leaving all personal information intact. Devices widely used when remote working, that should be taken into consideration when looking at data wiping include personal & office laptops, iOS® and Android, SD cards, flash devices, USB sticks, mobiles and smart watches.
Below is some information regarding service providers and their solutions geared towards remote wiping.Blancco
For secure remote wiping, we need certified, approved trustable organizations like Blancco who offer secure erasure & diagnostics for smartphones, laptops, loose drives and servers. Blancco data erasure products also come with a tamper-proof certificate, which contains proof that the overwrite has been successful and written to all sectors of the device, along with information about the device and standard used.Blackberry for mobiles
Blackberry offer a remote data wiping process that allows you to remotely erase data from a user's device when a violation or breach of security policy is detected, a user’s network permissions are changed or revoked, or the user’s employment is terminated. When data is wiped, the secure container on the device where files and folders that the organization owns are located is physically rewritten with zeros to prevent data recovery. This is different from an ordinary file deletion, where only the pointer to the file in the file allocation table is deleted.Android device Wiping
Use the Find My app to locate your missing device, even if it's gone offline. If you lose an Android phone or tablet, you can find, lock, or erase it as long as you've added a Google Account to your device and have Find My Device turned on.
- Go to android.com/find and sign in to your Google Account.
- The lost phone gets a notification.
- On the map, you'll get info about where the phone is.
- Pick what you want to do. If needed, first click Enable lock & erase.
- Important: If you find your phone after erasing, you'll likely need your Google Account password to use it again. Learn about device protection.
For Apple devices like iPhone, iPad or iPod touch, use the Find My app to locate and remotely erase the device by signing into iCloud, provided Find my App is enabled in the devices. To prevent anyone else from accessing the data on your missing device, you can erase it remotely. When you erase your device, all of your information (including credit, debit or prepaid cards for Apple Pay) is deleted from the device and below are the steps.
- Open the Find My app and tab the Devices tab.
- Select the device you want to remotely erase.
- Scroll down and choose Erase This Device
- Select Erase
The world of IT services is currently incredibly busy. Right now, there is an urgent need for many companies to set up remote working for their staff so that they can continue their day-to-day business operations without compromising deliverable qualities and service level agreements between the organizations. Working from anywhere allows both sides, management and employees, to avoid unnecessary expenses, save time and eliminate the hassle of the rush hour commute. Particularly in these extraordinary days, working remotely provides a great benefit for business organisations and boosts the creation of different applications which cover and support all aspects of daily life.
Most business continuity plans cover how to get the business back up and running during disasters, but most of the time their strategy covers only infrastructure components like storage, servers, desktops, databases, networking. Unfortunately, though, there is often a slip in considering the availability, capability and affordability of remote workers and setting a plan to ensure remote workers have a proper setup and guidance to on remote working practices. We believe that switching to a remote work setup within a very short time will now form part of the wider scope and requirement of any business continuity plan, which will decide the strength and future viability of any company.
Stakeholders, vendors and employers are not reluctant for remote working as long as there is no impact on deliverables. However remote workers need to also take the responsibility of ensuring they do not misuse company data and belongings, or take advantage of their new-found freedom but instead follow all company best practices and work ethics no matter where they are working. Let’s be self-certified remote workers and always deliver the best of best.