Secure remote access for your scattered workforce

April 22, 2020 Claranet Limited
By Thom Lavelle
Networks and Connectivity Specialist

Although the trend in home working has been on the increase for some time, not everybody was ready for the widespread and immediate change in recent weeks. As a result, several new challenges have risen to the surface.

For some, remote working comprises of company-supplied and approved equipment – locked down to protect the corporate network environment from viruses, malware, or misuse. However, for a large percentage of people, remote working has meant using their own personal devices for work.

This “Bring Your Own Device” (BYOD) approach may have allowed organisations to roll out rapid remote working to their employees, and avoid potential issues around procuring and managing additional hardware. However, this does come with a risk – how do you secure BOYD users to protect the integrity of your corporate environment?

Claranet’s Remote Worker SSL VPN solution addresses these challenges. Here is a quick whistle-stop tour of what our SSL VPN solution (backed by market leaders, Pulse Secure) can offer our MPLS customers, whether you’re in the BYOD camp or not.

Connect from anywhere
Using our SSL VPN means you can connect into your Claranet MPLS solution from non-Claranet circuits. All you need to take advantage of the service is some form of internet connectivity. 

No client? No problem
Access to the SSL VPN can be client-based or client-less. If rolling out VPN client software to an estate isn’t currently an option, then client-less, web-based access is the solution. 

Client-less access is achieved by users logging on via a web portal. Once connected, the user is presented with a landing page that provides access to resources within the corporate MPLS environment in the form of bookmarks. These bookmarks can be web links to intranet pages, internal systems, network shares, or remote desktop/terminal server sessions. 

The landing page can not only be customised depending on the user requirement, but also depending on if the device that the user is connecting from meets certain requirements. More on this below. 

Keep it secure
In addition to integration with your Active Directory environment, our SSL VPN platform supports multi-factor authentication for that added piece of mind. In fact, Claranet provide an additional two-factor authentication service that can be used in conjunction with the SSL VPN platform. 

But what about BYOD?
It’s important to ensure that any device connecting to your corporate environment is not going to compromise the integrity and security of your network. Using Host Checker, a client-side agent, access over the SSL VPN can be limited or denied entirely depending on if the end user's device passes certain checks. 

These checks could be to ensure that the end user's device has up-to-date anti-virus or anti-spyware software installed. It may be to check that the device has a specific Operating System version on. It could ensure that specific files, certificates, or registry keys are present. Using these checks, it’s possible to separate users on corporate hardware and users on BYOD hardware, allowing you to manage risk and apply different levels of access to your network depending on their level of compliance.

On client-less access, Host Checking can be used to determine what resources are available on the landing page once a user logs in.  

Effective user management
In addition to connecting your remote workers into your corporate environment and ensuring that the devices that they are connecting on are suitably protected, it is also important that the right people in your organisation have access to the right resources. Need to restrict users with non-compliant devices from certain resources? Have contractors that only need access to project specific resources? Manage multiple teams who require specific access? No problem. 

That's because roles, resources, and policies can be defined and enforced. Integration with your Active Directory means that you can map these roles directly to your AD groups and users, reducing the complexity of management.  

Sign on once
On the subject of reducing complexity, our SSL VPN platform allows Single Sign On. With SSO, users no longer need to enter multiple sets of credentials for multiple applications. Once configured, it allows users who are logged in to the SSL VPN platform to access multiple applications and resources that usually require an additional login, without the need to re-enter credentials. 

There are a lot of challenges ahead as we chart new territory. But your remote worker solution does not need to be one of them. Claranet are keen to work with you to identify how we can help you overcome your remote worker challenges, so please get in touch to see what we can do to help. 

Previous Article
Here to help
Here to help

We understand the immediate challenge of equipping your entire workforce to work from home and ensuring the...

Next Article
Two ways to separate work and home networks
Two ways to separate work and home networks

With all the family at home on their devices, network connectivity for remote workers is now a burning issu...