Working from home - IT security perspective
Dale Perkel
Hi All,
I had almost forgotten about this list since the last mail posted was on the 16th of September last year. Time for a revive!
After speaking to people in other countries and other businesses, it has become really apparent that allowing employees to work from home a day or 2 a week has really taken off – especially in the UK.
There are a few challenges for South Africa that are unique, especially around bandwidth, policies and the unstable power grid. However with traffic slowly getting worse, I’m sure many businesses are re-looking WFH programmes despite the cost.
So, are there any South African companies that have instituted successful WFH programs? If so, how were the challenges such as bandwidth, connectivity, management of employees, meetings, policies, etc overcome? I know this is a pretty broad question but need as much information as I can get at a high level!
Dale
Information contained in any e-mail or attachment from Multichoice Africa (Pty) Ltd (“MCA”) is confidential and may also be privileged or protected by other legal rules or law. You should not disseminate, distribute or copy this e-mail. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of MCA. Employees of MCA are expressly required not to make defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to MCA’s policy and outside the scope of the employment of the individual concerned. MCA will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising from such communication.
Barry Gill
We have a WFH policy in place already, though it is not a complete WFH for all, but we have employees scattered around the country where we have no offices so it counts regardless.
We have centralized all of our local systems and created an environment that allows for VoIP, Remote applications etc.
These all plug into our International systems seamlessly.
We already run a virtually paper free environment, so remote printing for the odd paper requirement is sufficient for our needs.
What we are in process of doing is moving ALL applications off of users laptops and onto remote session style software so that user equipment theft is not a concern from a data loss/intellectual IP loss perspective.
This does have risks associated with it for some staff if they are unable to connect they cannot work, but then they can come in to the office.
We are also looking at policy changes for office meetings to limit them to outside of rush hour travel plans so that employees are forced to use less petrol thereby reducing their overall carbon footprint and costing themselves less cash on a monthly basis.
Use it don’t use it.
Stanley De Jager
Hendrik Visage
>
> There are a few challenges for South Africa that are unique, especially
> around bandwidth, policies and the unstable power grid.
The powergrid shouldn't be an excuse, it should be seen as just
another attack/security point that
need some addressing... here in Nigeria they have sorted that on quite
easily: Diesel generators ;^)
>However with traffic
> slowly getting worse, I'm sure many businesses are re-looking WFH programmes
> despite the cost.
It should always be a cost saver, thus a business driven decision etc. etc.
and anybody venturing into such a can of worms, should have the cost
savings etc. figures
ready for management.
> So, are there any South African companies that have instituted successful
> WFH programs? If so, how were the challenges such as bandwidth,
> connectivity, management of employees, meetings, policies, etc overcome? I
> know this is a pretty broad question but need as much information as I can
> get at a high level!
Again, this needs to be looked at from a company to company, and
business unit to business unit
perspective.
I recall in my Honours year (User interface design or something)
course, the lecturer had an interesting example about
I think it was the old Receiver of revenue, that had the "option" of
"shipping"(they actually proposed scanning in the documents, and the
assesor could view it on his computer screens)
the tax returns from Johannesburg to Pretoria (where they had
more staff time available), but they decided to relocate the employees
to Johannesburg central or something for the processing of the
returns.... this type of example have lots of political issues
involved in not doing the document movement to ease the employees'
situation etc. etc. etc.
Just think of the cost savings in a document processing environment
like tax returns (non-IT high bandwidth solution(s)):
- phone/email/SMS/page office for a delivery
- a delivery truck stops at your door,
- two delivery men carry a huge box of documents into you study,
- pickup the already finished processing box, and leave you to your devices.
Once finished, rinse and repeat. Think in terms of the actual office
space saved etc. for this type of setup.
Thus, a WFH policy would have to be very tailored around the specifics
(the devilish detail), and since this IS a security list, the
questions
that should be raised would include:
- What about documents printed at home, or taken to home?
- security of the computers etc. at home? (what if the
computer/documents gets stolen? What about fires? Hijacking while the
documents are in transit?)
- Type of access allowed
- logical security of the home computers etc. against virii etc. while
connected to the corporate networks
- what type of access is needed to get work done? and the bandwidth
requirements?
Thomas Mockridge
home" setup. Might be worth picking their brain re: working solutions.
If you have some consulting budget..
At the risk of boring some readers: One of the considerations you
might be interested in is: think of every device on your network as
"hostile" suddenly there is little or no distinction between WFH or
internal desktop and all are equally hostile. (From a server admin
point of view.) This shift in thinking means your network is much more
secure and casual attacks from "inside" your network are better
protected against. Drive your app developers to use web based
solutions so no data resides on the remote device. Or use
Citrix/Terminal server to ensure the remote device stores no important
data. Backup recovery and security become centralised and much
simpler. Also your data is then protected against remote device theft
or loss. Remote setup is also trivial...could even access from
internet cafe or client pc's.
Again my 10 cents worth. (That was supposed to be a binary 2 but with
current inflation figures maybe it should be base 100 :-)
Thomas
John Ward
All too often people tar everything with the same brush. Your WFH solution should under no circumstances trust any user. Make sure your onion is well layered and access controlled.
J
--
Regards
John
DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to
this message by anyone else is unauthorised. If you are not the
intended recipient, any disclosure, copying, or distribution of the
message, or any action or omission taken by you in reliance on it, is
prohibited and may be unlawful. Please immediately contact the sender
if you have received this message in error. Thank you.
kadesemo
The same end-to-end secured layer access cuts across wfh and wfc.
Whilst one is on the move (airport, client, transit ..), the other is
away (at home).
Simple approach for me is
Notebook (encrypted - pointsec, Safe Boot et al)
Controlled Access (Integrity Agent, TrueVector (excellent tool),
Contivity VPN Odyssey, ...)
Managed applications - Application Manager (OVCM radia ...)
Lock-down but controlled audit (PC permission Mgt, Power Policy, Radia
connects...)
File/folder management (Folder Sync, Enterprise Vault ...)
Service (Desktop Doctor...)
and definitely AntiVirus...
There are differing tools and approach.
The logic remain same: secure the device, secure and control access,
manage and protect misuse of device...
Lastly regarding availability - go UPS/Inverters (in addition - here
and/or solar panel (probably rebate/incentive for staff to have solar
panel for the geyser, 'exit' lights and PC)
A. Kayode
www.linkedin.com/in/adesemmyk
On Apr 1, 4:44 pm, "John Ward" <ldj...@gmail.com> wrote:
> i concur, with the cisco and other types of easy vpn ( SSL etc) solutions
> available its good practice to create your onions in a clever fashion.
> Blanket access should be for certain people only and then again i prefer
> purpose designed access layers as apposed to wow that will work too
> philosophy.
>
> All too often people tar everything with the same brush. Your WFH solution
> should under no circumstances trust any user. Make sure your onion is well
> layered and access controlled.
>
> J
>