Most IT execs surveyed fear remote user risk

IT departments are under pressure to make corporate networks more accessible to remote workers and a range of external users despite fears over the increased threat of data leaks, malicious content and hacking that this entails, according to new research.

91 % of the 381 UK and North American IT executives polled in the survey by AEP Networks admitted there is a bigger risk of sensitive data being exposed to ‘unauthorised eyes’ when networks are made accessible to remote workers and external users such as contractors, partners and customers.

89 % highlighted the greater threat of malicious content such as viruses because of wider network accessibility and 85 % noted the increased possibility of hacking.

But this opening up of the network is fast becoming inevitable, with 97 % agreeing that today’s networks are more accessible to a variety of internal and external users and devices than five years ago. 94 % either already allow or plan to allow access to remote workers, while a large number already permit or plan to permit access to the following types of user:

• Suppliers/partners (39 %)

• Company guests/visitors (28 %)

• Outsourced workers (36 %)

• Contract staff (57 %)

• External IT support and maintenance (59 %)

• Customers (32 %)

Reginald Best, chief operating officer of AEP Networks explained: ‘On the one hand, IT is rightly under pressure to open the network door to partners, suppliers and customers to improve efficiency and enhance business processes. On the flip-side, they’re sweating over how to prevent unauthorised access, protect company information and deflect malicious attacks.’

The major areas for IT security budget increases over the next 12 months include secure remote access, mentioned by 48 % of the survey, network access control (NAC) (41 %), identity-based network security solutions (37 %) and encryption (35 %).

Best added: ‘Technologies such as identity based security systems, secure remote access and NAC need to be tied together under a policy driven network security strategy. This policy networking model argues for a suite of solutions which interact with existing network systems to enforce rules and policies controlling who and what can be admitted to the network and the resources and information they’re allowed to access.’

‘What systems should specific types of remote workers be allowed to access? What should you do about visitors who don’t have the required antivirus on their machines but need to work on your network? And what about providing a safe level of access to users who want to log in from third party locations such as Internet cafés? How does the organisation track and audit access? These are the types of issues for which organisations need to develop policies,’ said Best.

Concluded Best: ‘Once there is agreement on these areas, the various components of the policy networking environment can interact with existing directories and authentication systems to verify users’ identities and rules governing their access to the network. Those that don’t fit with policy or display offending behaviour might be put into quarantine, given a lesser degree of access, or denied access altogether.’