Now that many businesses are comfortable with working remotely, it’s time to review how to secure work-from-home users in order to achieve optimal business results. Do you want flexibility for your users? Do you want a system that is easy to scale and manage? We compare the top two ways of securing remote users so you can decide what is best for your business.
Option 1: Securing the Endpoint
An endpoint is any device that connects to a company network to access company resources, such as files, applications, etc. These devices can be computers, laptops, mobile devices, servers, or any other device that connects to the Internet. Each end user accesses and stores data either locally, or in cloud resources, from these devices.
Of course, wherever the Internet is involved, security is a huge consideration. Technology deployment protects both individual workstations and company data. For example, Virtual Private Network (VPN) software creates a secure connection from an encrypted device to an office network.
Securing the endpoint: The end-user’s encrypted device accesses and stores data locally, or in cloud resources, using technology to create a secure connection to the company network.
Option 2: Centralized Data Model
A centralized data model stores data in a centralized, virtual system. Each device logs into the main system instead of storing files locally or on the cloud. Examples of this model include:
- Remote Desktop Connection: Using a computer or device to connect to another computer in order to access files or utilize software, processing power, etc. This type of connection can also be used by IT service desk teams to access an employee computer remotely and troubleshoot technical issues.
- Virtual Desktop Infrastructure (VDI): Users access a fully virtual computer desktop through their devices. Persistent virtual desktops function like regular desktops and save all user processes. Non-persistent virtual desktops reset after each session, and are common in use cases like kiosks and call centers where storage of personal information is not desired.
The Centralized Data Model: Users access a centralized, virtual system for all data and company resources.
Securing the Endpoint
- Flexibility: Accessing data and files locally or on the cloud provides great flexibility for end users.
- Independence: The user’s device stores data locally and reduces dependency on high-speed Internet.
- Time: Remote “on the go” employees don’t have to worry about the time it takes to access data.
Centralized Data Model
- Scalability: Easy for the IT team to scale up or down as needed.
- Management: Easy-to-manage virtual desktop pools (groups of VDI sessions) at the same time.
- Agnostic: User endpoints are agnostic. Agnostic endpoints do not require procurement of standardized hardware, which reduces maintenance and costs.
Securing the Endpoint
- CAPEX Cost: Capital expenditure (CAPEX) is heavier in the endpoint model than the centralized data model. The IT team procures, sets up, and deploys physical hardware for each user.
- End-user Support: Requires more support for end users due to more flexible end-user configurations and the time needed to provision, deploy, and manage each device.
- Security Considerations: Security is limited until additional technology is deployed to secure each user’s network.
Centralized Data Model
- OPEX Heavy: Centralized data models are operating expense (OPEX) heavy. They rely on virtual computing to serve end-user needs, as opposed to physical workstations (CAPEX).
- Internet Requirements: A stable internet connection is critical for centralized data models.
- Higher TCO: Total Cost of Ownership (TCO) will typically be more expensive for virtual desktops over traditional endpoint models.
Which One is Better?
Which method should you use to secure your work from home users? It depends on the business. Your business needs should drive your technology strategy, not the other way around. Study your options and needs and secure your work-from-home users for optimal results for your business.
Some businesses love the flexibility of being able to just deploy a workstation that meets the operational and security needs of the business. Some would rather centralize and not worry about the devices accessing the data, as the system limits the devices access to the data. Other businesses use a hybrid model in order to support different types of users and needs.
Watch it on YouTube
This information was taken from a recent webinar we held discussing cybersecurity considerations for work-from-home users. Watch the recording below for more work-from-home tips, as well as a case study of the City of San Diego’s experience transitioning to remote office setup during covid-19.