We start this blog post with a heart felt thank you to all NHS employees, from the doctors, nurses, ambulance drivers, porters, cleaners, drivers, administration and catering staff - to every one of them who have put themselves on the front-line to care for those struck down by the Corona Virus. We salute you.
It's going to get worse in the days ahead, so for their sake's we should all be following their wishes, and follow government advice and work from home (wherever and whenever possible).
UPDATE 1 - 9 April 2020:
Hot off the press, Gartner confirmed on 3 April that Working From Home (WFH) is here to stay. Think about it: Nearly 75% of CFOs are seriously considering Working From Home a permanent solution for their businesses. Even if only half actually roll it out, that's still nearly 40% of businesses operations will be fundamentally changed. It'd be a revolution.
With this in mind - the UK is in almost virtual lock down, and most businesses are now managing their employees working remotely from home (WFH). In the run up to the self isolation, there was an urgent need to get systems set up, and fast and a lot of excellent advice was available to support businesses get set up and running working remotely. (You can find Digital Craftsmen's advice here to help businesses before the lock down came into place.)
However as the new working environment looks set to become the business norm for the foreseeable future, you should now be asking yourself:
- Will your solution continue to be as effective and secure as originally intended?
- Do you actually have the right tools and solutions in place for what you need?
Our team has been specialising in helping and supporting businesses through remote services support, and has been successfully working remotely itself for over eight years. Our aim is to support and guide businesses facing these unprecedented times by sharing our learning's, giving advice and insights of what's worked and what to look out for. We bring to the table our experience of working across multiple cloud providers with a comprehensive understanding of the different technology solutions supported by a team of qualified senior solutions architects and cyber security experts.
Starting with this blog post we will be sharing a high level overview of the main solutions available for managing remote working and a decision tree to guide you towards a more permanent structure which best suits your business and its specific needs.
It's a great credit to the many business owners and IT directors who acted fast to deploy ad-hoc solutions to enable their employees to WFH. All in all, it was a tremendous effort to keep businesses operational in such difficult and fast moving circumstances that few could have predicted would change the working landscape so fundamentally.
And now the economic impact is starting to be acutely felt regardless of industry sector. It's scary times for everyone and this is when we need to stand together, shoulder to shoulder as partners, ready to support and help each other where we can. Because whilst SMEs are struggling in this new world, cyber criminals are using this opportunity of uncertainty to punish those who do not have their networks set up properly, and finding the weaknesses and exploiting the points of vulnerability. There's also the cost implication, your set up might well be costing you more than it should and there is no simply not the time or expertise in current teams to identify where cost savings can be made. This is where we can and want to help.
Understanding if you have the right solution:
Whilst WFH solutions set-up have worked for the most part, more often than not they're not always going to be the right solution for the long term or permanent set-up - because unless you know exactly what you're doing, the devil in the details tends to make these solutions less safe than they should be.
The most likely reasons for that are:
- chosen apps and services are not integrated
- business apps are 'fat client'-based hence not working well (or at all) in remote environments
- endpoint security (i.e. protection of the laptop, desktop, tablet etc) at home is insufficient
In times of urgency, it's an acceptable short-term risk to take to keep the business going. But it should be followed up very soon with a more permanent solution which better fits your business needs, existing IT infrastructure, and the strategic direction you are taking.
What you need is a system that is secure, safe, and integrates well into your IT infrastructure.
If you only need to make this a strictly temporary fixture, with plans to return to normal, then you probably can get away with keeping things as is for the next few weeks. But please, for the longer term - always make sure that your solution continues to be safe and secure. We can help you with that.
What solutions are out there?
We believe the WFH work environment is now here to stay - so apart from all the environmental, societal and economical benefits, a permanent remote working solution requires an IT solution which focuses ultimately on endpoint security.
There are solutions for endpoint security in both office and remote working scenarios (e.g. Symantec Endpoint Security, or Microsoft Intune), but they do not alleviate the problem of an insufficient barrier between the inherently unsafe physical endpoint hardware, and the business infrastructure and intellectual property.
One solution to this problem are Virtual Desktop Infrastructures (VDI) - effectively, the remote physical hardware is degraded to a display terminal with some I/O devices (keyboard, mouse, camera, audio, etc). The only application running on each client that is allowed to connect to the corporate IT infrastructure is a display client connecting to the virtual desktop running Windows 10, Office 365, or other apps. The virtual desktop is deployed and operates in the tightly controlled and secured corporate IT infrastructure.
Four noteworthy VDI solutions are available:
Here's a quick overview of how they work, and the typical business scenarios they address:
VMWare Horizon 7
+ A rich ecosystem of hardware appliances
+ Graphics acceleration available on both host and server
+ Desktop and applications only options
- Only available for on-prem or co-location
- Requires capex to operate the back-end
Windows Virtual Desktop
+ Close integration with Office 365
+ Most security certifications of all available solutions
+ Runs natively on Azure, hence worldwide availability and scalability
+ Seamless integration with on-prem and remote Active Directory
- No graphics acceleration available
- Only Windows 10
+ Supports Linux and Windows 10
+ Seamless integration with on-prem, remote, and simplified AWS-native Active Directory
+ Runs on AWS with global scalability and availability
+ Seamless integration with AWS management and security services
+ Targets IT development teams as throwaway desktop testing service
- Targets IT development teams as throwaway desktop testing service
- No seamless integration with Office 365 (less than Windows Virtual Desktop anyway)
Google Chrome Remote Desktop
+ Runs natively on GCP with global availability and scalability
- Offers only Linux desktop OS
- Targets IT development teams with clearly lightweight remote desktop clients
As is usual, there is no 'best' solution out there, as it all depends on your business requirements. Following are some typical scenarios in which each of the four solutions may serve you best.
Largely on-premise IT infrastructure with no plans in the near future to migrate to the cloud
There is in our opinion really only one solution: VMWare Horizon 7. The rich ecosystem of available back-end VDI servers paired with matching thin (hardware) client options make this an attractive solution for many verticals with remote or mobile workforce, or for businesses with a large dispersed workforce in fixed locations but with a centralised IT system.
Financial services are an option, too, where protection of business assets and intelligence is particularly paramount.
Business with some IT estate in the cloud (hybrid cloud solution) and business departments with standard office requirements
Where business process interconnections play a role with many cross-departmental interactions, the preferred solution should be Windows Virtual Desktop. It plays the perfect role for businesses largely using MS Office, together with a few domain specific client-side applications (i.e. non-browser based). In this case we recommend to also migrate from MS Office to Office 365 with Sharepoint at the same time.
AWS WorkSpaces works well in this scenario too, but it lacks the tight and rich Windows ecosystem Microsoft can offer on Azure for this type of usage
However, the choice is certainly influenced by the amount and complexity of IT estate in the cloud, and how much of it is integrated with client-side business applications. For example, if your cloud deployment comprises of your web presence, static media for the web presence, and similar, then the choice of VDI infrastructure is largely independent of your existing cloud IT.
Businesses with a cloud first strategy and a large IT estate already running in the cloud
Both Windows Virtual Desktop and AWS Work Spaces are both good candidates for endpoint security and control. With a cloud-first strategy and/or large IT deployments in the cloud, access to services is mostly if not exclusively browser based. What is needed in this circumstance is primarily a secure endpoint with a standard yet secure browser configuration.
Here, the choice of VDI infrastructure is largely driven by existing cloud service contracts. For example, if your cloud partner is AWS, then it does not make sense to use Windows Virtual Desktop just for endpoint security. AWS Workspaces work in this case much better due to its integration with AWS Security and Management controls. Conversely, if your cloud deployment uses MS Azure, it would make sense to use all but Windows Virtual Desktop for endpoint security and remote working.
Businesses with significant in-house IT development
IT staff is predestined for remote work. Even though a pure SCRUM or Agile environment almost prescribes teams to work together in the same office, this can be emulated and facilitated with continuous and permanent audio chats using e.g. Slack, Discord, MS Teams, Google Hangouts, Amazon Chime, or others.
With the exception of VMWare Horizon 7, all solutions offer extensive DevOps tooling and services in the cloud.
Google's VDI solution is clearly developed and marketed as throwaway temporary virtual desktop clients designed to perform QA testing on software products.
Other than that, either Windows Virtual Desktop or AWS WorkSpaces are suitable for remote working and endpoint security in this scenario.
We have only scratched the surface of remote working and endpoint security here. This overview is NOT intended as an exhaustive or ultimate guide to endpoint security. We have heavily generalised to illustrate possible ways of how rolling out remote working solutions may benefit you in the long run.
For a more complete and in-depth analysis of your requirements, and how we can help you make the most of a remote working solution, contact our award-winning and ISO 27001 and Cyber Essentials Plus certified solution architects here. We can offer a free consultation to sense-check the systems you have set up and give you peace of mind that at least on one aspect of your business, you have it covered. Book a call with us today.
Finally as part of our suite of remote specialist managed services, we offer businesses Secured Virtual Desktops, Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS).
If this is something you would like to find out more about, then follow this link to see how our VDI services means you have access to full time support, 24/7 saving you money on costs and ensuring all endpoints are secured.