Get In Touch
Get In Touch

How to deploy an effective Remote Working Strategy - from a work-from-home expert

Mar 25, 2020 3:36:46 PM

At OSS Group we are a company that embraces a flexible working model, staff can work, by arrangement, at the office or from other locations. Some of our staff live many miles from the office and many of them almost never “physically” see each other. 

I work on the “OSSG Consulting Team” I am a “Systems Admin” so this role means I am on call and frequently work in the middle of the night – fixing or maintaining systems while no one is using them, so for me and members of my team, if we are going to start work at midnight and work till 5 am, then working from home is very desirable.  

If we are on call, working from anywhere is vital! The delay to return to the office is too great, so all we need is an internet connection and we can respond to a page-out.

The current COVID-19 drivers around social distancing are not really going to challenge our teams, we are pretty much all very familiar with working remotely, it’s just part of our normal working life.

It’s because of this I thought I may share some of my observations around remote working, these insights are as both a user and someone who has been involved provisioning and supporting other users with remote access.  

This article therefore, is designed to help you consider this decision, and help you formulate a strategy for a remote access solution, if you choose to go ahead with one. 


Deployment – The first, and perhaps the biggest challenge…

There are four basic deployment methodologies: 

  1. IT Department Configured: This can be a manual deployment or an automated deployment.
  2. Automated: If your companies’ laptops are integrated into a management system then you may be able to deploy the solution remotely without the users having to do anything other than enter the credentials.
  3. Manual: as the name implies is where the user takes their laptop to the IT department and someone there sets up the remote access ready for them to use.  Manual deployment can work well if you do it over time as new laptops are supplied, and if your users all have laptops. However, if you are now suddenly trying to get 100+ staff able to use a VPN this may not be feasible.
  4. User Self Service: Some commercial products have a self-service portal that can sign a user up, manage the security of credentials and even deploy custom software based on the system they are signing up from – This is the holy grail of VPN provisioning, but that can come at a price.

    If you are working with a simpler system, you can create good documentation, a “walk through” process where a user can follow instructions and set it up themselves.  However, if you have a mixed environment of laptops or if this is to be available on a BYOD situation then you may have to document this for Windows, Apple Mac and possible Linux.
    And then perhaps even different versions of each operating system. – This can become quite arduous to maintain.

You will also most likely need to do some training or documentation for users on how to use the VPN and how to access company resources when it is established.

Of course, what works for your company depends on many factors, and may even end up a mixture of both approaches. I have experienced environments where some staff were IT department configured and some staff could take the self-install solution and run with it.

If you are evaluating a commercial “full-service” VPN product then be sure you consider the deployment, user education and account management in your evaluations.  What seems like a high initial entry cost may not actually be quite so high. 

Security – How secure is secure enough?

Any VPN will represent a potential security vulnerability, it’s another way to enter the company, so it needs to be secured like every other entry point.  The system needs to be updated and maintained and you need to be sure the credentials for the users are secure and updated in line with the security policies of the company. 

Another concern for Security with any “remote access” is data egress, particularly:

  • How can we see if it happens
  • How can we stop it? (this is often easier said than done!)
  • Do we just have to trust an employee? 

Like all security it’s a balance between allowing people to effectively do their jobs and protecting the company and its customers.

So, you need the security team involved to see how it can fit into the security landscape for the company.

BYOD – Bring Your Own Device – What’s your policy?

If as a company, you have a network of desktops rather than laptops, or perhaps if  you are using a “thin client/terminal services” environment, BYOD may be an attractive option.  

As a company do you really want to buy every user a laptop as well? Don’t forget you also have to maintain those laptops.  If an employee has a home computer and can use it, that’s a real saving for the company, and this may be a far more comfortable way for them to work. 

With most remote access solutions, once the device starts the VPN, That device becomes a part of your network.  But you didn’t build this device and have no control over this device? Do you trust it?

You must consider the security risk it represents and evaluate how you can address the potential security issues.

Ultimately, the key question to be asking in your planning is will we allow BYOD access? And if so, how will we protect our systems from the device used?

Security should always be first and foremost in this decision making process, but it’s always important to consider the impact on your employees. When providing employees with these flexible working options you need to encourage good practices, this can improve company culture by allowing them to work flexibly and feel trusted. 

Remote working – getting the job done 

So far, we have just thought about the “mechanics” of remote access, full remote access that means that everything you use in the office today Is available as if you were in the office.  

But do we need this to do our jobs? For me that is the case for a large part of my job.  However, you may be able to offer many things in a secured format directly from the internet. In fact, you may already be using things like office365 that are available on the Internet, so a few changes to secure them and they can be used directly from the Internet.

Team Communication and Collaboration

This is not exclusive to remote working, but one of the things to consider is how will the remote team communicate and collaborate, you must be sure they can access all they need.

Access to this may not require a VPN, they do of course have to be secured, so how will you secure them while letting the team access them remotely?  

Phone: Everyone has a mobile phone, of course if this is a personal phone, not a company phone then some negotiation may be required to decide how it can be used for business purposes.  

Products like Skype can also be loaded to most mobile phones and offer voice and video calls.

There are remote soft-phones for some voice over IP phone systems and these like Skype can be a mobile phone or desktop app. 

E-mail: Of course, e-mail is going to be at the forefront of communications, the de facto communications medium in business today.  

Chat: Products like Teams, Slack and RocketChat have changed how dispersed teams can communicate, Chat clients don’t do much that you can’t do via e-mail, but it creates a stream rather than a pile of confusing mails in your inbox.

At OSSG we use this for general discussion on topics and for collaborative discussion.  It is also a great social platform, I have had a position in my life where I was working remote for extended periods of time, and it gets lonely, good to be able to see other conversations and to engage with other members of your team.  Even if it's not always work related if it is good for the team.  

File Sharing Collaboration: You will of course already be sharing files today; it may be as simple as a NAS device in your network offering a “shared drive” this has been the standard thing to do for many years.  However, as a company you may already have other file cloud-based sharing services you can use – with some user education, that can enable remote working without the requirement for a VPN to access the files.  Of course, how this may or may not fit into your security profile has to be considered.

Virtual Meetings: There are a million different cloud-based meeting solutions, I have used some fantastic hardware based self-hosted solutions, this needs a whole set of considerations for your own personal circumstance.  I do think as well people often get hung up in video meetings, a conference call is often all you need, even today most of us don’t like to be on a video call for business – screen sharing is often pivotal but many products can deliver this – no VPN required.

I hope my thoughts and observations have given you some food for thought and some ideas of where to investigate.

As a company OSS Group, from working with our own team and customers, are very experienced in remote working.  We are keen to help you start or improve your remote working options for your team.

You May Also Like

These Stories on On-Premise Infrastructure

Subscribe by Email

No Comments Yet

Let us know what you think