Data breaches are more prevalent and more costly than ever. Smarter technologies seem to breed smarter hackers, making it difficult for IT to keep up. But sometimes IT unwittingly helps the bad guys by improperly using core tools, such as remote support mechanisms.
According to a Verizon report which examined more than 700 data breaches from 2010, a whopping 71 per cent of all attacks were conducted through remote access and desktop services pathways.
Given the cost and efficiency benefits of fixing a system remotely versus dispatching a tech, remote support isn’t likely to lose favor anytime soon. So how can companies take advantage of remote support while maintaining security and keeping data safe?
One important factor in remote support security is who is in control of the data. There are many choices of remote support technologies, but they mainly fall into two categories: software as a service (SaaS) and on-premise.
By design, any data that is accessed through a SaaS remote support tool is automatically passed through a third-party server, which means the third-party provider, or anyone who breaches that vendor, may be able to access the data.
SaaS is a great option for certain situations, and many SaaS solutions offer numerous benefits. But consider again that remote support tools generally allow access into every employee’s computer and a majority of company systems, and the obvious dangers of passing data through a third party become clear. Essentially, when you put your remote support system in the cloud, you’re agreeing to put all of your company’s data in the cloud.
With an on-premise model all of the data, and a formal audit trail, remains behind the firewall, leaving the company in control. This is a significant benefit for companies that must, for example, conform to the requirements of the Payment Card Industry (PCI) Data Security Standard (DSS), which holds the customer responsible for payment card data even when third-party hosted solutions are used. The customer is liable for any data breach even if the breach occurs at the remote support vendor.
A named-seat licensing model, which is used by a number of popular remote support software vendors, presents an inadvertent threat to data security.
In this model each license is associated with one set of login credentials. In order to cut costs, the named-seat model encourages the use of shared credentials and generic remote control login identities such as “Tech001,” “Tech002,” and so on. When a support representative needs remote control/access, they simply use an available credential.
This leads to two liabilities. First, accountability is lost between the actions that occur in a support session and the specific support rep that took those actions. Second, passwords associated with the shared credentials are rarely updated, introducing an enormous vulnerability as individuals change responsibilities or leave the company.
To prevent this, organizations should employ a concurrent licensing model, in which licenses are purchased based on how many help desk reps are active at a given time, and all reps use their own login credentials.
It doesn’t matter how many service desk reps an organization has; if only 100 reps log in at any one time then the customer needs to purchase only 100 licenses. Beyond the additional security aspect, this approach can provide significant cost savings for support centres delivering 24/7 service. Plus, because all reps have their own login, granular access permissions can be tailored for each rep versus a one-size-fits-all access profile.
Enterprise directory authentication
The concurrent licensing model provides an even stronger bulwark against data breaches when coupled with support representative credential authentication through an enterprise directory such as Microsoft Active Directory. Enterprise directory allows the rep to authenticate to the remote support solution using the same credentials they use when they log into their workstations, eliminating the need to remember a separate credential and credential sharing between reps.
Also, with directory integration, support rep privileges within the remote support solution can be managed through the centralized enterprise directory. So, for example, if a support rep leaves the company, that person’s enterprise directory credential would be disabled as part of the exit process, immediately removing access to the remote support tool.
Contrast this process with the named-seat model where credentials must be managed manually, and a former employee could still access the system via a generic login. Not surprisingly, failure to remove named-seat access for former employees is a major attack vector.
There are multiple ways to create a remote control connection between a support rep and an end user. For optimum security, companies should make sure the remote control connection is not maintained through an open listening port on the client computer. Open listening services that can be accessed through an Internet connection are a source of compromise because hackers can easily exploit that open pathway to access secure data.
Additionally, companies should make sure they aren’t using a peer-to-peer connection that allows the support rep to establish a direct, unsupervised, unaudited connection to a remote customer.
Regardless of the preventative steps a company might take, there is no way to completely protect your organization from data breaches. The best defense lies in identifying all of the potential risk factors and developing a strategy for mitigating those risks to the best of your ability.
Remote support offers numerous cost and efficiency advantages for organizations and, by following the tips outlined above, companies can reap all of its benefits without leaving doors open to harmful hackers.
Nathan McNeill, co-founder and chief strategy officer at Bomgar Corp., a provider of remote IT support solutions.