We are increasingly being approached by customers who want to understand what options are available for remote working, given the situation with Coronavirus (covid-19). In this post, we look at the different options available for organisations who want to explore working remotely, as an option or as part of contingency planning.
The process of contingency planning for corona is very similar to traditional BCP/DR planning – but for many organisations, they want clear and concise options now. You mustn’t look to undermine the security, integration or data protection obligations of your business.
Important: We want to emphasise that this article does not try and uncover every possible constraint, scenario or challenge, nor is it a replacement to comprehensive DR and BCP planning. The purpose of this article is to provide inspiration and ideas that may enable remote-working if that is something your business needs to explore.
As you would expect, with every option we discuss, there will be nuances, constraints and gotchas. So we would suggest you speak to your IT team, IT provider or another reputable firm with experience of these matters.
It is important to note that working remotely is not a new concept; many successful organisations function fine with a remote workforce. You will find the common trait amongst these firms is the effective use of technology. Whether in response to Coronavirus, or a general acknowledgement that remote working is a good thing, we will start with the basics:
Assess existing setup
There is a good chance that your existing IT and network setup may already have the features and capabilities to support remote-working. Before embarking on an exercise of investment or change, we would recommend organisations undertake a quick feasibility study to understand your existing skills.
Technical questions and considerations may include:
- Desktop environment
- Does your business have support for VDI (Virtual Desktop Infrastructure) or RDS (Remote Desktop Services)?
- Do your staff have laptops or desktops? Do you have any spare systems?
- If you have desktops, do you use Windows 10 Professional, Apple or other?
- Is your e-mail system accessible outside of the organisation, on phones/PCs/tablets?
- Does your business use Office 365 or hosted Exchange?
- Does your business have endpoint protection/antivirus?
- Does your business use 2FA/Two-Factor authentication?
- Productivity apps
- If your business uses Office 365, do you know the subscription level (i.e. E3, Business Premium)?
- Do you know if your Active Directory domain is synchronised to Azure?
- Firewall / Internet Edge
- Does your organisation have a firewall solution?
- Does the firewall support VPN or remote access?
- Are there any connection/concurrent user limits imposed by the firewall?
- Internet connection
- What internet connection does your business use? Do you know the upstream/downstream connection speed?
- Can the connection speed be increased if necessary?
- Does your business use MDM (mobile device management) software?
- Does your business have a BYOD (bring your own device policy)?
- What type of phone system does your business use? Traditional hard-wired, IP based, or hosted?
- Can you add remote-working options to your phone system?
- Do you have a list of all phone numbers or DDIs?
- Does the phone system have a mobile or windows software client?
Preliminary: Understanding working practices and options
Before we can consider the most appropriate technical solutions, you need to have a good understanding of your business operations, workflows, teams and their use of IT systems. You can also explore other, less traditional options for remote-working.
- How many staff members do you employ?
- In theory, how many could do their jobs using a remote terminal and phone?
- Are your staff members logically grouped into teams or departments?
- Business functions
- What software applications are used by your staff? Can you rank them by priority and importance? Are they custom applications or supported by a vendor?
- Working environment
- How many staff have a suitable location at home where they could work remotely? i.e. Home office, table, spare room.
- Do your staff have a suitable internet connection at home?
- Would you be willing to let staff bring their desktop PC or laptop home to work (subject to additional controls)?
- Is your business governed by any regulations or laws that may prohibit staff working from home?
- You may need to consider a policy or campaign to educate your customers to set expectations and be open.
- Other considerations
- Do you need to consider insurance implications if staff are working from home?
- Should your business consider subsidising expenses incurred by staff working remotely?
Access the workplace remotely
When we talking about the ‘workplace’ that really means your systems, data and working ‘environment’ (or a digital representation!).
1) Staff access their workstations remotely using VPN
If your business uses Windows 10 and has an enterprise firewall that supports VPN (virtual private networking), one option is to allow your staff to access their workstations from home remotely.
To do so, they would:
- Install a VPN client on their home PC
- Connect to the workplace using a VPN (and ideally, two-factor authentication)
- Launch RDP and remote onto their PC
There are some pre-requisites:
- A firewall that supports VPN.
- Two-factor authentication is recommended.
- Your desktop PCs need to support Remote Access and have RDP enabled.
- Some necessary changes and instructions for staff.
2) Staff access the VDI/RDP environment remotely, using a VPN or otherwise
For organisations who already use VDI/RDP, accessing the workplace can be an easier task (depending on your policies)
- Install a VPN client on their home PC
- Connect to the workplace using a VPN (and ideally, two-factor authentication)
- Launch RDP/Citrix/VMWare and launch a VDI session
- Ensure your IT policies and ACLs allow remote-access
- Launch RDP/Citrix/VMWare and begin a VDI session
3) Install remote access software on each PC
This is not a recommended solution, but potentially a quick-fix if your business doesn’t have a VPN, RDP/VDI or similar
- Purchase remote access software such as Teamviewer, LogMeIn or similar.
- Install on each workstation.
- Ensure you enforce security policies and two-factor authentication. This is vital.
- Staff launch the remote access client at home, select their PC and connect.
4) Staff access the workplace remotely using VPN
If your business has VPN support, staff members can follow the steps contained in Item (1) but instead of accessing their PC – they can natively access servers, applications and systems from their home PC. This is only possible if your business uses web applications – but it still presents a valid option.
Alternatively, if the staff members bring their work PC home, they can VPN in, and their applications and systems will function as normal.
This is a relatively easy option, but it does rely on your business and staff members having a reasonable internet connection (particularly the upstream)
5) Cloud-Native Approach
If your business natively uses Cloud technologies such as Office 365 and Sharepoint – then you may have a range of secure options at your disposal with very little cost outlay or disruption to your business.
- Users will have access to Microsoft Office on the web or desktop applications
- Staff can access company documents in Sharepoint, securely and from home.
- Teams, Yammer, Office and Sharepoint all promote secure, remote-working in a flexible manner.
For staff to work from home, we are assuming they have a suitable PC or laptop that they can utilise. There are several options you can consider:
- Allow staff to use their home PCs – this is only recommended if you use RDP/Citrix/VDI with a suitable 2FA client and admission policy.
- Allow staff to bring their PCs home – this will require MDM/Endpoint Protection and enhancement of security controls on the device (i.e. patching, endpoint, etc.). Realistically, you will also need a VPN or RDS/VDI solution.
- Purchase new PCs or laptops for remote working. A new desktop PC can range in price from £400 to £600, while laptop prices also start at £400-£500.
- Use cloud desktops. Amazon workspaces, Azure WVD and other providers can provide a temporary desktop resource – without the need to purchase new hardware. These desktops are hosted in the cloud, and a secure link to the workplace can be established.
If you can facilitate remote working, you need to consider how your staff will collaborate and communicate during their time away from the office.
E-mail is a prominent tool of choice for communication. Provided your business uses a modern platform such as Microsoft Office 365 or Exchange, accessing the e-mail environment remotely is a relatively easy task. The downside of e-mail is it doesn’t scale for teams or conversations between multiple parties.
Office 365 makes it easy for staff to access e-mail remotely and in a secure manner – with compliance and audit trails.
Microsoft Teams or Instant messaging
A business chat tool such as Microsoft Teams is an excellent compromise between e-mail and voice. Real-time video, voice and chat enhances communications and ensures a level of real-time collaboration and communication is maintained. Teams works on both desktop, web, tablet and mobile – so it is very adaptable to your needs.
Voice and video
If your business does have an IP phone system, you need to explore staff having an IP phone at home, or, installing a phone system client on their mobile or PC.
If you don’t have a phone system that can quickly (or cost-effectively) extend outside of your organisation, there are alternatives:
- Subscribe to Microsoft Teams and add the phone system features. This will give each staff member a DDI that your real DDI can be diverted to. Teams also support video and chat. Take a look at our guide Enterprise video conferencing with Microsoft Teams (for less than £1k)
- Subscribe to a hosted or cloud phone system with DDIs, then divert your real DDI to your temporary number.
Calls between staff members are free, and in both cases – call recording and compliance features mean you retain control and visibility (whether for compliance, privacy or productivity reasons).
If your staff members have laptops with webcams, or if your business is willing to purchase webcams – then video is an excellent option for working remotely. Microsoft Teams has native video support, and with a couple of clicks, staff can video conferencing each other, or entire groups. Support for groups makes it possible to emulate team meetings remotely, with no added cost. Webcams such as the Microsoft Lifecam cost less than £80
Intranet and Business Social Networks
Depending on your business, collaboration may be a crucial part of your organisation operates. Keeping staff informed and up to date with developments when they are working remotely should form part of your planning. Intranets were a standard tool to promote communication in a business (i.e. Sharepoint is an excellent tool for this). Many other organisations (80% of Fortune 500) choose to use business social media platforms such as Yammer. Yammer is included as part of Office 365, and it is a tool we would recommend if your business is embarking on this journey.
Chances are, your business will be using Microsoft Office. If your company uses Office 365 – then you have several additional options at your disposal:
- Office 365 subscriptions may include Office on 5 x different devices. These devices may include your work PCs, staff PCs and mobile devices.
- Office 365 includes Sharepoint – which can act as a central documentary repository for business documents. The use of Sharepoint as a cloud repository gives range to a whole host of options.
Security when working remotely
If you choose to facilitate remote working, you should not (under any circumstances) look to compromise or jeopardise the cybersecurity or integrity of your business.
You must consider:
- Data protection, privacy and GDPR issues.
- The integrity and security posture of devices accessing your network. Systems accessing the workplace must have the same, or better, controls and protections than those already in use (i.e. Endpoint protection, MDM, etc.).
- If you permit remote access, enforce strict remote-access policies that use two-factor-authentication and Geo-IP restrictions (i.e. if your staff are in the UK, don’t allow remote access from outside the UK!)
- Make sure your systems have audit, compliance and access logging enabled.
- Review logs and remote access sessions, investigate any anomalies.
- Operate based on least privilege. If staff only need access to one app or server, focus on that. If your teams are based in the UK, only allow access from the UK.
You may opt to use technology such as Microsoft Intune to secure devices or Azure Active Directory to control access control, admissions and policy enforcement.
How much will remote working cost?
It depends. Inevitably, there will be a cost or investment in time to enable remote working. Costs may include:
- Hardware purchases (i.e. Firewalls, Laptops or Desktops)
- Software purchases/subscriptions (i.e. Office 365, Remote Acess Software, 2FA)
- License costs (i.e. Capabilities, user licensing, feature unlocks)
- Consultancy and labour (i.e. IT firms to implement, advise)
- Other expenses (i.e. Insurance, staff cost contributions).
The good news – with the use of cloud technologies, it is possible to pay on a month-by-month basis. Whether for a DR scenario or Coronavirus, this means your business only pays for the resource it uses, and while it uses it. Cloud subscriptions are typically opex based so there this may avoid significant upfront purchases or assets on your books.
With so many different combinations of technologies and options available to facilitate remote working – it can be overwhelming. If the coronavirus situation develops, working remotely will be a valuable tool for any modern business.
Whatever your views on the Coronavirus – it has prompted many businesses to explore remote working, or revisit their BCP/DR planning.
While it is considered best practice to have a DR/BCP plan in place, we do recognise that many organisations may not have implemented/maintained a DR plan, or fully explored the consequence of remote working.
- We would recommend that you read through the options, discuss with your IT team/IT provider and your colleagues.
- Technology and cloud services greatly enhance the ease and simplicity of working remotely. With flexible month-by-month subscriptions, cloud is a flexible option.
- Your business may already have the capabilities and tools at its disposal to allow remote working – they may just need to be configured and the security-enhanced.
- Alongside technical controls; consider items such as policies, controls, guidelines and instructions.
- Also consider any regulatory, privacy, security, insurance or compliance implications (outside the scope of this blog post).
If your business would like assistance or guidance related to remote working or wants to understand its options, please speak to our solutions team. Call +44 1624 777837, e-mail firstname.lastname@example.org or click ‘Request a Quote’ on our website.