Remote Office Access Method (inspired by ISAM, VSAM in old days) has undergone significant changes over the past decades due to technology advancement. The need arises to provide better efficiency for system support especially if expertise is required from overseas.
In early days, when remote access is required via dumb terminal with dial up connection, call back is required to authenticate the pre-registered phone number.
With routable network, 2-factor authentication via secure token is required to permit the remote session from Virtual Private Network (VPN) connection. This requires complex pre-registration of the user identity associated with the token in generating the one-time password (OTP).
The evolution continues into 2-step authentication with OTP in different form factors: SMS, apps in consumer mobile device or designated email.
Enrollment becomes easier with guided self-service making admin-less. Access technology is also evolving from full tunnel VPN to split tunnel VPN through Transport Layer Security (TLS) via web browser or apps in workstation with rich desktop experience as if sitting in the office. Mobile apps are also enhancing without the complex Mobile Device Management (MDM) enrollment in accessing corporate information like email, infranet portal.
All these promote mobility and make roaming life easier especially in the pandemic situation. Then, how do we secure? While all these 2-factor authentication, end point status check or lock down, Data Leakage Protection (DLP), anomalies detection and so forth are in place, they are simply technical enforcement. It can’t protect a legitimate access, or insider. Files cannot be download but can be viewed with someone else without the need to know in remote screen. Ultimately, administrative control is required with serious consequence of breach as deterrent to secure.