Most often, vendors are proposing security solution in a basket of features. They claim for security suite with unified console and dashboard. It is necessary to assess and identify the baseline security in business requirements what are the necessary protection. Otherwise, it will cost more, and more to manage in terms of support, maintenance, skillset, user experience.

Some guiding questions are to facilitate the decision. The answers are situation and organization specific. Taking remote access as an illustration here. Who are the users accessing the infrastructure or system:
  • From own organization?
  • From business partners (vendor or contractor)?
  • General public?
When is this service needed? This will decide:
  • Resilence arrangement
  • Maintenance window
  • Business continuity
  • Disaster recovery
  • Recovey Time Objective
  • Service level pledge
What service needed after connection established
  • Infrastructure (e.g. storage, email, intranet)?
  • Business applications?
Where do users access
  • Within organization network (due to network segmentation)
  • From business partners network
  • Internet
  • Organization device or any device?
Why this remote access is needed
  • This is the business justification, for example
  • Speedy vendor support without traveling to site
  • Enhancing productivity especially in COVID-19 to keep physical distance
How do remote access is authenticated, need to identify from both network and application perspectives
  • Password only
  • Domain trusted
  • 2-factor (different means to choose)
  • RDP, thin client, thick client?
  • In case access credential is lost, how is the identity re-established
Based on this preliminary information, the remote access model is more or less shaped for risk-balanced solution sourcing.

Leave a Reply