remote access

What is remote access?

Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a network connection.

Remote access solutions enable users to connect to the systems they need when they're physically far away. This is important for employees who work at branch offices, are traveling or telecommute.

Remote access enables geographically dispersed users to access files and other system resources on any devices or servers that are connected to the network at the main corporate location at any time. This increases employee productivity and enables employees to better collaborate with colleagues around the world.

Remote access gathered significant momentum during the COVID-19 pandemic as it made it possible for employees to work away from the office, where they might contract the virus. Many organizations embraced remote working -- or teleworking, as it is called in the government. Its functionality kept employees productive and the organization able to achieve its business objectives.

Today, remote work is still in widespread use, even as some businesses return to working in offices. Hybrid arrangements, such as in the federal government, offer authorized end users the option to work a certain number of days remotely per pay period.

A remote access strategy gives organizations the flexibility to hire the best talent, regardless of location; remove silos; and promote collaboration among teams, offices and locations.

Technical support professionals and IT teams use remote access to connect to users' remote computers to help them resolve issues with their systems and software. IT help desks are often kept busy handling service calls from remote users.

How does remote access work?

Remote access is accomplished with a combination of software, hardware and network connectivity. For example, traditional remote access before the wide availability of internet connectivity was accomplished using terminal emulation software that controlled access over a hardware modem connected to a telephone network.

Today, remote access is more commonly accomplished using the following:

• Software. Using a secure software solution, like a virtual private network (VPN) .
• Hardware. Connecting hosts through a hard-wired network interface or Wi-Fi network interface.
• Network. Connecting via the internet.

Remote access VPNs connect individual users to private networks. Each user needs a VPN client capable of connecting to the private network's VPN server.

When a user is connected to the network via a VPN client, the software encrypts the traffic before it delivers it over the internet. The VPN server, or gateway, is located at the edge of the targeted network, decrypts the data and sends it to the appropriate host inside the private network.

A computer must have software that enables it to connect and communicate with a system or resource that the organization's remote access service hosts. Once a user's computer is connected to the remote host, it can display a window with the target computer's desktop.

Two popular technologies for remote access are IP Security and Secure Sockets Layer/Transport Layer Security. The IPsec and SSL/TLS protocols provide security measures via encryption for remote connections.

Enterprises can use remote desktops to enable users to connect to their applications and networks. Remote desktops use application software -- sometimes incorporated into the remote host's operating system -- that enables apps to run remotely on a network server and be displayed locally at the same time.

Users can securely access on-premises and cloud applications and servers from anywhere, on any device with a variety of authentication methods, including remote single sign-on, which gives users easy and secure access to the apps they need without configuring VPNs or modifying firewall policies.

In addition, organizations can use two-factor or multifactor authentication (MFA) to verify a user's identity by combining multiple credentials unique to one person. These measures are essential for reducing remote access vulnerabilities and cyberthreats.

Remote connections via VPNs

VPNs are a common method of providing remote access. A VPN creates a safe and encrypted real-time connection over a less secure network, such as the internet. VPN technology was developed to enable remote users and branch offices to securely log in to corporate applications and other resources using remote access software.

Remote users have VPN clients installed in end-user devices. The VPN client establishes a secure connection via the internet or a corporate wide area network (WAN) to VPN apps in the corporate headquarters. Each office links to the external network using technology, such as firewalls, to ensure secure connections and access management.

In lieu of a VPN, users can securely connect to a corporate network if their endpoint devices have the proper networking software to establish a secure connection. It's increasingly common for remote workers to use company-configured devices that have the proper networking apps installed.

This is a safer approach than letting employees use their own laptops that might not be equipped to connect to the company networks. However, organizations must weigh the costs associated with remote access; these can include costs for VPN licenses, additional network access points for remote users and increased bandwidth requirements.

What are the types of remote access?

In the past, enterprises used modems and dial-up technologies to enable employees to connect to office networks using telephone networks connected to remote access servers. Devices connected to dial-up networks used analog modems to call assigned telephone numbers to make connections and send or receive messages.

Broadband technology changed all that, providing remote users with high-speed connection options to business networks and to the internet. There are several types of broadband, including the following:

• Cable broadband shares bandwidth across many users; upstream data rates can be slow during high-usage hours in areas with many subscribers.
• Digital Subscriber Line (DSL) broadband provides high-speed networking over a telephone network using broadband modem technology. However, DSL only works over a limited physical distance. It might not be available in some areas if the local telephone infrastructure doesn't support DSL technology.
• Cellular internet services can be accessed with mobile devices via a wireless connection from any location where a cellular network is available.
• Satellite internet services use telecommunications satellites to provide internet access in areas where land-based internet access isn't available, as well as for temporary mobile installations.
• Fiber optics broadband technology enables users to transfer large amounts of data quickly and seamlessly.

What are remote access protocols?

Common remote access and VPN protocols include the following:

• Point-to-Point Protocol enables hosts to set up a direct connection between two endpoints.
• IPsec is a set of security protocols used to enable authentication and encryption services to secure the transfer of IP packets over the internet.
• Point-to-Point Tunneling Protocol (PPTP) is one of the oldest protocols for implementing VPNs. However, over the years, it has proven to be vulnerable to many types of attack. Although PPTP isn't secure, it's still used in some cases.
• Layer Two Tunneling Protocol is a VPN protocol that doesn't offer encryption or cryptographic authentication for the traffic that passes through the connection. As a result, it's usually paired with IPsec, which provides those services.
• Remote Authentication Dial-In User Service is a protocol developed in 1991 and published as an internet standard track specification in 2000 to enable remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
• Terminal Access Controller Access Control System (TACACS) is a remote authentication protocol that was originally common to Unix networks that enables a remote access server to forward a user's password to an authentication server to determine whether access to a given system should be granted. TACACS+ is a separate protocol designed to handle authentication and authorization and to account for administrator access to network devices, such as routers and switches.

What is secure remote access?

At its most basic, secure remote access means that the methods used to connect remote users have security elements that protect the integrity of the remote connections.

Several technologies are used to facilitate secure remote access, including firewalls, intrusion detection and prevention systems, cloud access security brokers, VPNs, zero-trust network access, MFA, software-defined perimeters (SDPs) and WANs, secure access service edge (SASE), identity and access management, virtual desktops and secure cloud-based remote access.

Regardless of the location of the remote user, secure connectivity must be ensured for enterprise users and hosted systems, applications and other resources. This applies whether the network infrastructure is on premises or cloud-based.

What to include in remote access policies

Remote access policies are essential for managing remote workers' access. They're also important pieces of evidence that can be presented during a remote access audit.

Organizations must develop a formal policy that specifies the following:

• How secure remote access is implemented.
• The devices that can be used for remote access.
• The network services that support remote access.
• Who's authorized to work remotely.
• Rules for how end-user devices are configured for remote access.
• Penalties for failing to properly use remote access and violating policy.
• Procedures for reporting cybersecurity breaches.
• How remote access can be used in a business continuity situation.

Benefits and challenges of remote access

Being able to work from home or other remote locations is a key benefit of remote access. It expands the choices available to an organization's employees, providing flexible work schedules and more freedom to work when and where they want. Employees reduce or eliminate their commute times and are freer to deal with family concerns as needed in their workdays. In many cases, this empowers employees in ways working in an office doesn't, making them happier and more productive. With fewer employees on-site, organizations with remote access policies often can reduce the office space they use and all the costs that go with building, maintaining and furnishing physical facilities.

Among the challenges of remote access are the following:

• Reduced management control of employee activity.
• Increased costs associated with remote access, such as VPN licenses and network services.
• Potential IT security risks.
• Failure to properly patch all remote devices.
• Changes in company culture when employees have less face time.

The future of remote work

The use of remote access isn't likely to disappear; however, the technologies used for remote access will evolve. Growth of cloud-based remote access services could eventually reduce the need for VPNs and other existing technologies. For example, cloud-based SDP and SASE technologies could become the next generation of remote access.

Learn about the strategies, tools and best practices to provide anywhere access, while protecting data, systems and users, in our ultimate guide to secure remote access.