The ideal remote access policy will keep data secure without interfering with employees' ability to do work. Without knowing much about this particular situation, I'll assume that an SSL VPN will fit your needs, though an IPsec VPN will also work.
Practically speaking, there are a few considerations to keep in mind: Authentication methods, access control, deciding which systems or applications the employees need to access remotely and what types of devices they are permitted to use.
Some sort of strong authentication should be used, such as tokens, smart cards or out-of-band SMS messages. Of the above, SMS messages will probably be the easiest piece to figure out.
When it comes to access control, be prepared for scope creep if the project doesn't already include full network access for all employees; once word gets out that this system is available, everyone will want to use it and everyone will want to be able to access all the internal systems. To handle this, be sure to scope the physical gateway devices to handle a larger load then initially projected.
The toughest question will concern which devices can remotely access the network. Users will want to use their personal computers, cell phones, even Internet kiosks. This is something to discuss with company management in order to come up with a policy they approve of and are willing to enforce. While there is technology to limit users to specific devices, it is important to communicate the company's policies to users and what the consequences are for breaking the rules.
- What are the dangers of Web-based remote access systems? Read this expert response.
- Learn more about the potential risks of giving remote access to a third-party service provider.
Dig Deeper on Information Security Policies, Procedures and Guidelines
Related Q&A from David Mortman, Contributor
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ...continue reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security...continue reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.