Remote Workers

[nihil]

Nah! not the zombies in the EVP suite

We have discussed home/remote working on this site on a number of occasions, and I just came across this:

http://www.networkcomputing.com/chan...leID=207001247

As I have always expected and predicted, the trend towards employees working from home is on the increase, as it seems (financially) to be a win/win scenario.

Obviously this brings in a new set of security concerns and considerations? or at the very least, variations on the traditional themes?

Anyone got any thoughts and/or experiences on this? I am particularly interested in the regulatory compliance angle but please feel free to take the thread in whatever direction takes your fancy.

[hiddeninclouds]

My own choice would be going into the office. I'm more of a face to face communicator so I tend to create apps that fit the person requesting its expectations better than if I chat via im. My past job had offices worldwide that would work together on projects and it never seemed to produce as good of results as groups physically located together. :/

[d34dl0k1]

It's only possible to do it well with a masterful IT department. Imagine if something went wrong and all your employees mailed back their workstations at once.

[brokencrow]

I supported workers both at home and in the field at a mfg'ing company for over a year. Mostly sales reps, some engineers. They were primarily using company-issued computers, mostly laptops, some desktops, though many workers used their own PC's to work from home afterhours. The company had PPTP set up with Active Directory. That was pretty much the extent of our security, other than antivirus. No radius server.

There were numerous weaknesses with that setup. One was PPTP, often considered a less-than-ideal VPN setup. And then a lot of these guys were bringing in their company-owned PC or laptops chocked full of spyware. Spybot picked up 1900+ pieces of spyware on one sales reps computer. The guy acted like it was no big deal, but I thought it was a personnel issue and suggested so. I was PO'ed with the user's nonchalance. Another user, a field engineer, was having problems left and right with his laptop, I got it in and found it full of warez. Again, a personnel issue. And of real concern, to me anyway, was the amount of users who were onsite in China and to what extent they were subject to packet sniffing there. But that wasn't my dep't.

The crux of the problem from my point of view was the company had been rolled over several times into new ownership and IT had gone from a state-of-the-art Microsoft shop to a hodge-podge old hardware and software in just 4 years time. IT had been cut from 30 employees to maybe 5 people before being outsourced to my employer. Even though we had a AUP in place, there was no teeth in enforcing the thing. But having said that, IT was very much in transition while I was there. Spending, or the lack of it, was a serious issue.

The mfg'er was privately-held and not subject to Sarbanes-Oxley, but it was an ITAR (defense-related) facility. It certainly costs more to secure and support home workers than workers onsite. If you're going to do it right, anyway. So I'm not so sure it's win/win in that respect. Frankly I was shocked at some of the security issues onsite as well, but I won't go into that. Generally, our remote users didn't feel any responsibility for security, which may be a training issue as well as a policy issue too. I don't know how you train users who don't give a feck, except to throw the book at them.

[JPnyc]

As someone who does it, I can tell you there's defnitely problems but for the most part it works extremely well. Naturally everyone is always VPNed in when working and it probably does depend on your particular job. I think it's better suited to some jobs than others.

[phernandez]

+1 brokencrow!

My jaw dropped reading your account, gore. Seriously, home/remote workers should be put through some mandatory training. I'm pretty paranoid, but I can imagine less security savvy employees going about their "business" and exposing their company to countless threats.

[nihil]

It's only possible to do it well with a masterful IT department. Imagine if something went wrong and all your employees mailed back their workstations at once.

I certainly agree that it requires a different management style and support model, but in a way it is a bit of a double edged sword. Having everyone out of the office during a security alert means nothing gets done.............. at least your remote workers could continue as normal.

It certainly costs more to secure and support home workers than workers onsite. If you're going to do it right, anyway. So I'm not so sure it's win/win in that respect.

Hmmmm, as the saying goes "your mileage might vary" but I would guess that to provide a workspace in central(ish) London right now would cost $(USD) 40,000 per annum. That would buy rather a lot of offsite support.

I would suggest that the figures are lower in other major UK cities (pop. > 500,000), but not by that much. I could go to my largest nearby city (pop. 250,000+) and could probably get the same for say $12,000, given the state of the local economy there.

We appear to be going into a major economic downturn, and it is a lot easier to get rid of remote workers than an office block nobody wants?

[Info_Au]

I love working from home.

There is only one problem!
A part of my work requires to look at advanced sales and order stock accordingly.
The program used in the office(name not used) for this also has a section for accounts and i can see the need for Zero outside access for this as all account holders credit card details are stored here.

I bypass this by getting a girl/guy in the office to email me a "pdf" copy of file i need.
This is done with managers approval and person sending to me is high in Admin section so not all users in the office have this ability to send out files.

This worked fine for me when i was sick off work with Kidney Stone recently.
I'm trying to do more work from home now....Much nicer.
Saves company on Fuel.
Saves me time on travelling to work.

Although the wife now wants me to do more house cleaning now im home more....blah!

[brokencrow]

Touché, nihil. I hadn't figured on central London. Here in the States
we often just jam new workers in closets if we have to, with folding
tables for desks. And travel time and expenses to and from an office
are generally considered "commutes" and borne by the employee.

Just curious, Info_Au, your bypass, the PDF, is that encrypted or secured
in any way when it comes via email? Email in and of itself is not considered
secure unless used in conjunction with a product like PGP.

[Info_Au]

Quote/
Just curious, Info_Au, your bypass, the PDF, is that encrypted or secured
in any way when it comes via email? Email in and of itself is not considered
secure unless used in conjunction with a product like PGP.

The PDF is not encrypted.
Good point you have there on the emails to me.
Will let them know in the office about this.