Update: H1N1 drives demand for secure remote access

Companies want to provide secure access to employees working remotely

The H1N1 pandemic is pushing companies to upgrade their secure remote access capabilities in order to enable more employees to work out of their homes and other remote locations in an emergency.

Vendors of remote access technologies are reporting an unexpected increase in demand for their products over the past several months as a result of H1N1-related concerns.

"What companies are really looking for is the ability to provide secure, remote access to more of their employees," said Michael Oldham, CEO of Portcullis Systems, a Marlborough, Mass.-based vendor of secure access appliances. "Most companies already have mobile workforces. What they are doing is planning for scale," he said.

Much of the increased interest has come from government agencies and larger enterprises, Oldham said. "They are the ones that seem to be more aware of the need for planning. We have seen a number of these organizations purchasing lately with H1N1 in mind," Oldham said.

Secure access technologies such as those offered by Portcullis and other vendors provide teleworkers with secure access to enterprise applications from any location, using a broad range of devices. They enable IT administrators to enforce security and information usage policies. These security enhancements are used to make sure that any devices connected to a corporate network from a remote location meets internal security requirements.

Such tools can be vital to enabling business continuity during a pandemic, said Sam Curry, vice president of product management and strategy at RSA, the security division of EMC Corp.

Last spring, when H1N1 pandemic fears were at their peak in Mexico, RSA saw a massive spike in demand for its SecurID authentication tokens from companies with operations in that country, Curry said. One company, which is among the largest producers in the food and beverage industry, placed an order for nearly 50,000 tokens to be delivered in a single day, he said. "They were fork-lifting thousands of these things directly to their operations in Mexico," to ensure they kept running through the worst of the crisis, Curry said.

The RSA tokens enable a company to implement two-factor authentication for accessing enterprise networks and applications. Many companies provide these tokens to workers who log in to company networks from remote locations. The Mexican company, which he would not name, already had a well-established infrastructure in place and easily implemented the additional tokens, he said. But most other companies would need to do some advance planning to quickly expand their remote workforce, Curry said.

As part of an effort to help companies support more teleworkers in a hurry, RSA recently introduced an on-demand authentication system that companies can use to enable workers to securely log in from remote locations. Instead of hardware-based tokens, workers get one-time passwords sent via SMS (short message service) to their mobile phones. A worker logging in from home would go to a self-service Web site and request a one-time password to be sent to his mobile phone. That password can then be used to securely log-in to the company's network.

Though the SMS-based approach is less secure than RSA's hardware tokens, they are ideal for when companies need to quickly support an expanded remote workforce, Curry said.

SonicWall, a vendor of secure SSL (secure sockets layer) VPN appliances has recently added a 10-day "spike license" option for large customers that need to temporarily support more employees working out of their homes and other remote locations. The license allows companies that are running SonicalWall VPN appliances to temporarily increase the number of users that are licensed to log in remotely via VPN. For example, a company that might have purchased a 500-user license would temporarily get the ability to support 2,000 users, by using the spike license option.

SonicWall has been offering a 30-day and a 90-day spike license option for some time, but decided to add a 10-day option to address requests from customers planning for the H1N1 outbreak,said Chris Witeck, director of product management at SonicWall.

"We have definitely seen larger organizations expressing much more interest in incorporating pandemic planning into their disaster recovery plans. We have seen them alter their (business continuity and DR) plans in preparing for H1N1," he said.

SonicWall has seen greater interest in its spike licenses after the company introduced the 10-day option, Witeck said, and the interest is not limited to the U.S. market. H1N1-related planning exercises have resulted in increased demand for SonicWall's products especially in Japan where concern over the pandemic seems to be especially high, he said.

Virginia's Arlington County government has been planning for the pandemic for close to a year. The government expanded its VPN capabilities and is ready to support approximately 30% of its employees if they are working from home, said David Jordan, the chief information security officer for the county. That number can be doubled quickly if needed, Jordan said.

Another VPN, which is being used by vendors, can also be pressed into service to enable technical and application support staff to do their jobs remotely in an emergency, Jordan said.

The county government has also arranged with Verizon to ensure it gets double its normal network bandwidth capacity to support an expanded remote workforce, Jordan said.

Market research firm Gartner Inc., in a report published earlier this year, said companies involved in pandemic planning should assume that 40% of their workforce will not be at their workplace for an extended period of time.

Securely supporting such a large percentage of remote workers could be a challenge because telecommunications carriers could get overwhelmed as their network bandwidth approaches capacity with more people working from home. Companies need to include a variety of strategies for supporting an expanded teleworker community, including staggering hours of operation and deciding in advance which operations can function with reduced staff, the report said.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies