Some experts say telecommuting may compromise secure corporate networks. Is anybody guarding the back door?
Home is where the heart is. It's also where the back door to your enterprise is.
In the wake of the hack into Microsoft 's (Nasdaq: MSFT) network, many security administrators have turned their attention to what some believe is the greatest security challenge facing corporations: teleworkers.
Craig LaHote, a network administrator at SR Equipment in Toledo, Ohio, is struggling with it now.
"We're having a hard time controlling it. It's a real grey area with home computers accessing the network and the Internet," LaHote said. "We really have a hard time enforcing policies there. We have a policy but no real way to audit (users) except basically asking them to comply."
Technology falls short
The problem is both social and technical, experts say. For one, users on home machines behave differently, even if they're accessing work assets and if policies are in place. They tend to disable security when they can and tend to want more control over security.
It's a hard-to-define behavioral issue, one expert said.
"Technology will solve less than half this problem," said Fred Rica, a partner in the technology risk services practice at PricewaterhouseCoopers, in Florham Park, N.J. "The other portion is working with people's behaviors, and I'm not sure anyone knows how to do that with telecommuters yet."
On the technical side, the rise of always-on connections such as DSL (digital subscriber line) and cable at home means users will tend to leave connections open more. Without a personal firewall, such a computer is a gaping hole for intruders.
Come right in
Hackers can either access information off a home hard drive or use the computer to find their way back into the corporate network. Virtual private network (VPN) connections also allow email messages with dangerous payloads a free ride right into the corporate network.
"A lot of companies are talking to us about this very issue," said Fred Felman, marketing vice president at Zone Labs , in San Francis "People plug into their DSL or cable line and walk right past security. Or they have a VPN set up, and you're creating a secure tunnel for users who might use that tunnel to send a Trojan horse unknowingly. If that telecommuter is out on the Internet on one side and talking to the enterprise on the other side, you have no security. It's really scary to security guys."
At the same time, technologies such as anti-virus software tend to be less rigorously updated, and others, such as encryption, are hardly used at all, even if they're used at work, experts said.
It is enough to keep Jeff Uslan, security administrator at 20th Century Fox, in Los Angeles, from permitting telecommuters to access the Internet through their VPN lines. And that, Uslan said, is difficult to enforce, especially with many executives working from home.
"It's caused a lot of arguments from people who just expect Internet access at home," he said. "But I can't control them at home. I won't give them the slightest chance to open that back door. My greatest fear is the person screaming at me, 'How could this have happened?' "
