Contact Us
JumpCloud Logo

IT Administrator’s Guide For Managing A Remote Environment

8 Steps to Success

IT administrators are now faced with the challenge of rapidly shifting their operations and their user bases out of their offices. Organizations likely had a handful of remote workers previously, but the all-remote model represents uncharted territory for many. Admins must now come up with creative solutions on the fly to ensure their organizations stay secure and productive.

At JumpCloud, we’re committed to helping admins be successful, no matter what technology you have in your environment – and we know that keeping your organization safe, secure, and productive is hard. We’ve developed this guide to help you take a systematic approach to assessing, securing, and managing your remote environment.

1. Take Inventory of Your Environment

As your users leave the office, make sure you have a clear picture of the office equipment they take with them and, more broadly, what resources and data they’ll need to access. Consider how you’ll control and monitor that the right people have secure access to the right resources.

Asset Management

You likely already have an asset management system in place, and a key first step to optimize your remote environment is to ensure you have up-to-date records about where your hardware is – particularly laptops and desktops. This includes tracking the machines’ serial numbers and who took each machine home. You can also sign out other peripherals, like charging cables and monitors, and tighten BYOD policies to limit work on non-managed devices.

Holistic Assessment

Once you have a handle on where your hardware is located, it’s worth taking a step back to look at what software platforms you have across your environment and to assess in totality what you need to manage and secure. If, for example, you have Windows®, macOS®, and Linux® in your fleet, you’ll want to select a system management and monitoring tool that is capable of supporting users on all operating systems. Such an assessment can help you identify security or authorization gaps in your tech stack that need to be addressed.

2. Identify Tools for Remote User Support

Another important step is to establish how you will support and troubleshoot issues for remote users. A couple of key tools should be in your arsenal.

Remote Computer Access Connection Software

Remote computer access connection software can serve both your IT support team and your users. With remote access software – like that by Splashtop – your team can provide IT support for remote machines, and your users can connect to the corporate network and files.

System Monitoring Software

System monitoring software can return telemetry about your fleet and help you ensure machines are configured properly. If you have a diverse set of operating systems, you need to implement an OS-agnostic solution that runs across all OSs and can report on installed versions and patches, applications, and full-disk encryption statuses, as well as log serial numbers and other hardware data points.

Additionally, system monitoring software can help you troubleshoot user machines and make sure that basic system health factors – such as available memory, storage, and CPU – aren’t affecting performance.

3. Establish or Expand Virtual Private Network (VPN) Usage

A virtual private network (VPN) can serve two important purposes: connecting remote users to the corporate network and encrypting traffic when users work on unsecured networks. 

With a provider like OpenVPN, you can deploy a new instance in the cloud and avoid the need to manage additional on-premises infrastructure while you and your team work from home. Up-front testing with a small group of users can help you identify issues – like necessary changes to firewall configurations – and address them before rolling out the VPN to your entire user base. 

If you need to scale your existing VPN, consider the increased bandwidth and number of systems you’ll need to incorporate. You can also offer guidance to users about when to use the VPN (i.e., working on an insecure network) and when not to (i.e., watching Netflix) to conserve bandwidth.

4. Secure & Configure Machines

A cross-platform system management solution will help you implement security configurations and keep remote laptops, desktops, and servers up to date. 

Ideally, you’ll be able to implement that enables you to take actions across your fleet, regardless of the target operating systems. Such a solution should allow you to patch and update systems, set security configurations, and run remote commands. It should also be able to return logs above authentication and other events on those systems. 

Although you’ll want to tailor your configurations to your unique environment and applicable compliance schema, these are a few best practice recommendations to get you started.

Recommended Fleetwide Configurations

  • Checkmark

    Enforce full-disk encryption

  • Checkmark

    Set lock screen for 120 seconds or less

  • Checkmark

    Disable removable storage access

  • Checkmark

    Disable CD/DVD drive (if applicable)

  • Checkmark

    Disable Control Panel / System Preferences Access

  • Checkmark

    Disable local guest and administrator accounts

  • Checkmark

    Restrict Windows Store/App Store

5. Implement MFA & Anti-Phishing Measures

Another important step for organizational security, whether users are in the office or working remotely, is to enforce multi-factor authentication (MFA/2FA) at virtually all access points. This includes workstations and laptops because users access most resources through their machines. It also includes web application single sign-on (SSO) portals and networks like VPNs. 

Although you might worry about the hassle for users, you should keep in mind that MFA is incredibly effective against a wide range of attacks, including brute force, phishing, and more targeted spear-phishing attacks. With a free app like Google Authenticator, you can easily centralize each user’s TOTP codes and make the process easier for them to manage. Hardware MFA keys, like those from Yubico, are another secure way to introduce MFA with a simple user experience.

6. Secure Application Authentication

Whether your target apps are hosted on-prem or as-a-Service, you’ll want to ensure users can securely authenticate to them from home.

For web apps, this likely means identifying an SSO solution to federate core identities from your central directory via protocols like SAML and OAuth to the target apps. That way, users can enter their core credentials in a web-based portal to access their SaaS apps, rather than entering separate credentials in each app itself. This process is more secure, as well as more convenient for users.

For legacy apps, this means ensuring that authentication is happening via LDAPS rather than plain text LDAP. You can identify insecure LDAP binds by looking through your directory service event log and checking whether any apps aren’t using a secure port. In the case that you use Active Directory®, for example, you’d want those apps to use port 636 and to address any apps that don’t.

7. Establish End User Training & Communication

Regular training for and communication with users is a cost-effective way to share best practice recommendations and help them keep safe, particularly when they work from home offices and on unsecured networks. There are a wide variety of topics you might cover, but we’ve developed several WFH-targeted guides to help get you started.

VPN Best Practices

Instruct users to use the VPN any time they’re on an untrusted network but to be mindful about bandwidth. If they’re streaming a video or using Google Meet to join a team meeting, they don’t need to use the VPN. They shouldn’t configure the VPN on personal devices or work with organizational data on unmanaged devices.

Home WiFi Best Practices

Encourage users to buy their router and modem instead of renting – which can also be more cost effective for them in the long run – and to use strong passwords on their router and WiFi networks.

Password Best Practices

Teach users about what makes a secure password, how to avoid repeating passwords between work and personal accounts, and how to recognize phishing attempts. You can bolster this by enabling users to change their core passwords directly on their machines, which helps them ignore email- and browser-based prompts to change their passwords that might be phishing attempts.

8. Best-of-Breed vs. All-in-One: Consolidate Vendors

It’s worth assessing whether you want to select a combination of best-in-breed solutions – like one vendor for SSO and another for system management – or whether you can select a single solution to achieve comprehensive access control and device management across your environment.

The ultimate goal is to secure every user and device, no matter where they’re located, from a central point of command. If you can reduce the number of vendors and point solutions in your environment, you can simplify management and reduce costs, which is particularly useful in the current economic environment.

Start a Free Trial Today

At JumpCloud®, we're dedicated to helping organizations navigate the shift to remote work, overcome new challenges, and stay secure. Click here to learn more about our full-suite cloud directory service and our remote work solutions.

Get Started