We start this blog post with a heartfelt thank you to all NHS employees – to every one of them who have put themselves on the front line to care for others. We salute you.
UPDATE 1 – 9 April 2020:
Hot off the press, Gartner confirmed on 3 April that Working From Home (WFH) is here to stay. Think about it: Nearly 75% of CFOs are considering ‘Working From Home’ a permanent solution for their businesses. Even if only half actually roll it out, that’s still nearly 40% of businesses operations fundamentally changed. It’s the start of a working revolution.
With this in mind – the UK is in almost virtual lockdown, and most businesses are now managing their employees working remotely from home (WFH). In the run-up to the self-isolation, there was an urgent need to get systems set up, and fast and a lot of excellent advice was available to support businesses. (You can find Digital Craftsmen’s advice here to help businesses before the lockdown came into place.)
However as the new working environment looks set to become the business norm for the foreseeable future, you should now be asking yourself:
Will your solution continue to be as effective and secure as originally intended?
Do you actually have the right tools and solutions in place for what you need?
Our team are specialists in supporting businesses via remote services, and as a company, we have successfully worked remotely for over eight years. Our goal is to help guide businesses in these unprecedented times by sharing what we’ve learnt from our experiences. Of working across multiple cloud providers and a comprehensive understanding of the different technology solutions supported by a team of qualified senior solutions architects and cybersecurity experts.
Starting with this blog post we will be sharing a high-level overview of the main solutions available for managing remote working and a decision tree to guide you towards a more permanent structure that best suits your business and its specific needs.
Let’s start with a well done to the many business owners and IT directors who acted fast to deploy ad-hoc solutions to enable their employees to WFH. It was a tremendous effort to keep businesses operational in such difficult and fast-moving circumstances.
And now the economic impact is starting to be felt regardless of the industry sector. It’s worrying times for all and this is when we need to stand together, shoulder to shoulder as partners, ready to support and help each other where we can. Whilst SMEs are struggling in this new work world, cybercriminals are ruthlessly exploiting this opportunity of uncertainty to punish those who have not set up their networks properly. They’re actively finding weaknesses and vulnerabilities to launch attacks. Another factor to consider is cost implications. Your set-up might well be costing you more than it should and there is no simply not the time or in-house expertise to identify where and how cost savings can be made. This is where we can help.
Understanding if you have the right solution:
Whilst WFH solutions set-up have worked, for the most part, more often than not they’re not always going to be the right solution for the long term or permanent set-up – because unless you know exactly what you’re doing, the devil in the details tends to make these solutions less safe than they should be.
The most likely reasons for that are:
- chosen apps and services are not integrated
- business apps are ‘fat client’-based hence not working well (or at all) in remote environments
- endpoint security (i.e. protection of the laptop, desktop, tablet etc) at home is insufficient
In times of urgency, it’s an acceptable short-term risk to take to keep the business going. But it should be followed up very soon with a more permanent solution that better fits your business needs, existing IT infrastructure, and the strategic direction you are taking.
What you need is a system that is secure, safe, and integrates well into your IT infrastructure.
If you only need to make this a strictly temporary fixture, with plans to return to normal, then you probably can get away with keeping things as-is for the next few weeks. But for the longer-term – make sure your solution continues to be safe and secure. We can help you with that.
What solutions are out there?
We believe the WFH work environment is here to stay – so apart from all the environmental, societal and economical benefits, a permanent remote working solution requires an IT solution that focuses ultimately on endpoint security.
There are solutions for endpoint security in both office and remote working scenarios (e.g. Symantec Endpoint Security, or Microsoft Intune), but they do not alleviate the problem of an insufficient barrier between the inherently unsafe physical endpoint hardware, and the business infrastructure and intellectual property.
One solution to this problem is Virtual Desktop Infrastructures (VDI) – effectively, the remote physical hardware is degraded to a display terminal with some I/O devices (keyboard, mouse, camera, audio, etc). The only application running on each client that is allowed to connect to the corporate IT infrastructure is a display client connecting to the virtual desktop running Windows 10, Office 365, or other apps. The virtual desktop is deployed and operates in the tightly controlled and secured corporate IT infrastructure.
Four noteworthy VDI solutions are available:
Here’s a quick overview of how they work, and the typical business scenarios they address:
VMWare Horizon 7
+ A rich ecosystem of hardware appliances
+ Graphics acceleration available on both host and server
+ Desktop and applications only options
– Only available for on-prem or co-location
– Requires CAPEX to operate the back-end
Windows Virtual Desktop
+ Close integration with Office 365
+ Most security certifications of all available solutions
+ Runs natively on Azure, hence worldwide availability and scalability
+ Seamless integration with on-prem and remote Active Directory
– No graphics acceleration available
– Only Windows 10
+ Supports Linux and Windows 10
+ Seamless integration with on-prem, remote, and simplified AWS-native Active Directory
+ Runs on AWS with global scalability and availability
+ Seamless integration with AWS management and security services
+ Targets IT development teams as throwaway desktop testing service
– Targets IT development teams as throwaway desktop testing service
– No seamless integration with Office 365 (less than Windows Virtual Desktop anyway)
Google Chrome Remote Desktop
+ Runs natively on GCP with global availability and scalability
– Offers only Linux desktop OS
– Targets IT development teams with clearly lightweight remote desktop clients
As is usual, there is no ‘best’ solution out there, as it all depends on your business requirements. Following are some typical scenarios in which each of the four solutions may serve you best.
Largely on-premise IT infrastructure with no plans soon to migrate to the cloud
There is in our opinion really only one solution: VMWare Horizon 7. The rich ecosystem of available back-end VDI servers paired with matching thin (hardware) client options makes this an attractive solution for many verticals with a remote or mobile workforce or businesses with a large dispersed workforce in fixed locations but with a centralised workforce IT system.
Financial services are an option, too, where protection of business assets and intelligence is particularly paramount.
Business with some IT estate in the cloud (hybrid cloud solution) and business departments with standard office requirements
Where business process interconnections play a role with many cross-departmental interactions, the preferred solution should be Windows Virtual Desktop. It plays the perfect role for businesses largely using MS Office, together with a few domains specific client-side applications (i.e. non-browser-based). In this case, we recommend also migrating from MS Office to Office 365 with Sharepoint at the same time.
AWS WorkSpaces works well in this scenario too, but it lacks the tight and rich Windows ecosystem Microsoft can offer on Azure for this type of usage
However, the choice is certainly influenced by the amount and complexity of IT estate in the cloud, and how much of it is integrated with client-side business applications. For example, if your cloud deployment comprises of your web presence, static media for the web presence, and similar, then the choice of VDI infrastructure is largely independent of your existing cloud IT.
Businesses with a cloud-first strategy and a large IT estate already running in the cloud
Both Windows Virtual Desktop and AWS WorkSpaces are good candidates for endpoint security and control. With a cloud-first strategy and/or large IT deployments in the cloud, access to services is mostly if not exclusively browser-based. What is needed in this circumstance is primarily a secure endpoint with a standard yet secure browser configuration.
Here, the choice of VDI infrastructure is largely driven by existing cloud service contracts. For example, if your cloud partner is AWS, then it does not make sense to use Windows Virtual Desktop just for endpoint security. AWS Workspaces work in this case much better due to its integration with AWS Security and Management controls. Conversely, if your cloud deployment uses MS Azure, it would make sense to use all but Windows Virtual Desktop for endpoint security and remote working.
Businesses with significant in-house IT development
IT staff is predestined for remote work. Even though a pure SCRUM or Agile environment almost prescribes teams to work together in the same office, this can be emulated and facilitated with continuous and permanent audio chats using e.g. Slack, Discord, MS Teams, Google Hangouts, Amazon Chime, or others.
Except for VMWare Horizon 7, all solutions offer extensive DevOps tooling and services in the cloud.
Google’s VDI solution is clearly developed and marketed as throwaway temporary virtual desktop clients designed to perform QA testing on software products.
Other than that, either Windows Virtual Desktop or AWS WorkSpaces are suitable for remote working and endpoint security in this scenario.
We have only scratched the surface of remote working and endpoint security here. This overview is NOT intended as an exhaustive or ultimate guide to endpoint security. We have heavily generalised to illustrate possible ways of how rolling out remote working solutions may benefit you in the long run.
For a more complete and in-depth analysis of your requirements, and how we can help you make the most of a remote working solution, contact our award-winning and ISO 27001 and Cyber Essentials Plus certified solution architects here. We offer a free consultation to sense-check your remote working setup and offer peace of mind. Book a call with us today.
Finally, as part of our suite of remote specialist managed services, we offer businesses Secured Virtual Desktops, Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS).
If this is something you would like to find out more about, then follow this link to see how our VDI services mean you have access to full-time support, 24/7 saving you money on costs and ensuring all endpoints are secured.
Contact us on 020 3745 7706 or email [email protected]