With a global demand for distributed workforces, managed service providers (MSPs) need to prepare their clients to work from wherever, even from home. Preparing clients for remote work is easier said than done, however, so we’ve compiled a list of five things MSPs need to consider in order to streamline the process while keeping their clients secure.
5 Considerations When Preparing Clients for Remote Work
1. Device Management
A client user’s system is the conduit to all of their other IT resources. As an MSP, managing these systems and devices is critical in order to maintain security. When client users are working from home, MSPs need to take extra measures to keep these systems secure and under control when they can’t access them physically.
As far as the devices themselves are concerned, laptops are a must, enabling client users to work regardless of where they find themselves. In order to manage systems, remote monitoring and management (RMM) solutions are another must, providing MSPs insights into remote systems and allowing them to take over remote systems for support purposes as well (more on that in #4). If clients prefer a Bring Your Own Device (BYOD) policy, MSPs may need to invest in a mobile device management (MDM) tool to lock down client smartphones and tablets as well.
A key device management solution to remember is the directory service. Active Directory® offers Windows® device management, but it requires on-premises implementation, so managing a client’s AD instance remotely may not be feasible for some admins. That doesn’t mean, however, that MSPs are out of options.
Although many MSPs use MDM and RMM for managing user devices, a cloud-based directory that’s compatible with all operating systems can take over some device management capabilities through remote system security policy enforcement similar to GPOs. A cloud directory service also centralizes client users’ identities, making a unified set of credentials they can use to access their other resources.
2. Access Control
With remote devices locked down, controlling how remote client users access their resources through said devices is next on the list. MSPs need to ensure that their clients’ user identities are provisioned according to the principle of least privilege, limiting each individual’s access to the absolute minimum they need to properly do their jobs.
Beyond that, MSPs need to ensure that this remote access is completely secured, and can subsequently be managed remotely. A virtual private network (VPN) is a sure-fire way to do so, but requires technical configuration and client end user training in order to operate properly.
A cloud directory service provides protocol-based access control through SAML, LDAP, and RADIUS to achieve many of the same responsibilities of a VPN regarding remote access to applications and infrastructure — both in client offices and in the cloud. These protocols use encryption to keep the passing of credentials out of reach of attackers. MSPs can also integrate their VPN directly into their cloud directory service, incorporating authentication into the same identity that’s used to access systems.
3. Additional Security Measures
Although tight device management and access control are paramount to promoting client security, there are other measures MSPs should employ to make sure that remote client workers are as secure as possible.
Multi-factor authentication (MFA) is one of the top methods in use today for preventing brute force attacks, bulk phishing, and even attempts targeted at a specific user with compromised credentials. MSPs should enforce MFA at every possible access point to secure authentication processes. That includes at the device level, as well as across applications and even VPN connections to on-prem resources and infrastructure.
Another key security measure is the fleetwide enforcement of system policies (as mentioned above under Device Management). System policies like GPOs provide group-based management of system security settings like full disk encryption (FDE), screen lock, and removable storage control. By enforcing policies across remote client environments, MSPs can ensure that client systems are secure from the get go, setting up users for future success.
4. End User Support
Many MSPs already invest in remote support solutions, such as Voice over IP (VoIP), video chatting, and screen sharing tools. Ticketing software is often used to keep track of client support requests, too.
These solutions are hardwired into many MSPs’ stacks, but can be bolstered by the addition of a self-service password management tool. Password management is critical to identity management, and can often fill up an MSP’s support request box. Establishing self-service password management through a client user’s system cuts down on password change tickets, saving MSP time and money. It also makes the end user’s experience by allowing them an easy route to change their passwords, and even carries anti-phishing benefits by steering clients away from potentially phony web-based password change windows.
Clients and their end users need to be prepared for the fact that remote work is quickly becoming a major part of the future of work and all of the potential changes that come with it. As such, MSPs need to instruct their clients on security best practices while working from home, such as providing a crash course on how and when to use VPNs.
These five considerations only scratch the surface of everything an MSP needs to do in order to shift their clients to a fully remote work model, but they’re a great place to start.