The advent of COVID-19 has paved the way for multiple requests to help your clients with remote work setup. It is never as easy as it sounds! With numerous problems starting from endpoint security, lack of remote work infrastructure, you must already be wondering about questions like do I secure a VPN or go for a solution like Splashtop. Does each employee get a device, or should I only support BYOD? Here are a few common points on how you can go about securing a safe WFH setup without losing focus on what's essential, as done by fellow MSPs.
Hardware VPNs set up by far come across as the right solution for users with existing assets. That being said, you'll find that a software VPN typically has better pricing, and that access is a little easier to configure for your customers.
But before you can start, you need to be asking yourself some questions:
Choosing the correct VPN server is exceptionally pertinent, as you need to determine where you will put your VPN server. Though most popular solutions dictate that it be placed where whatever network accesses the VPN server as that's where the client connects. It is much safer building your server in a cloud environment where you can scale performance up or down without needing to worry about hosting & network complications. Your VPN server won't require much processing power, but you need to be flexible with that for events where you will see a spike in usage.
Note: However, it is warned that OpenVPN, while free, doesn't have the most user-intuitive GUI.
If you are using LDAP like most MSPs - probably Active Directory, setting up LDAP will make life easier for your customers so they can use existing credentials. If you want to get more robust, you can dual-home the network of your VPN server and assign different network groups based on AD groups for organizations that may require access segregation.
With Microsoft's free six-month license, this software has become so popular that in the very first week, it crashed in Europe. However, it remains a very convenient solution to be taken advantage of in setting up for small clients.
However, it is observed that the groups and naming schemes, when not clearly defined, may find it become too "crowded" with multiple groups in similar names. Though it's debated on whether it's a network issue or a usage issue, you can (and should) implement naming policies and expiration policies for O365 groups, and therefore teams.
The naming policies allow you to dictate a prefix or suffix for the name, such as a location or department. Additionally, you can configure blocked words, such as "credit cards," or "employee SSNs" or something silly.
The Expiration Policies will self-police groups into being removed if they aren't actively used. Team owners will have plenty of notification to renew the group if they feel it is still relevant, otherwise they will be soft-deleted for 30 days before being completely removed (admin configurable retention).
It is safer only to put in place hierarchical access in the organization that abides by the guidelines you implement.
OPNsense firewall seems to be a popular choice, as it's regarded to be secure, and the administrator is only limited by the hardware you install it on. Since about any desktop or server CPU in the last nine years has AES-NI hardware acceleration, it doesn't take much equipment. If you want to keep your current firewall, it is also possible to configure PFsense as just an OpenVPN server or install OpenVPN on your favorite Linux distro. OpenVPN looks like https traffic, so you can even load-balance it behind Nginx if you need more than one server to handle the load.
Microsoft's Azure is firmly catching up on the cloud-platforms market over AWS. The primary advantage being how it can be up and running in a matter of ten minutes! First, you create a directory, then add users. It can have Linux or Windows of various sizes and can bring your licenses.
Ensure all helpdesk and techs have a laptop and headset that stays at home and is ready to use in case the building gets closed down.
Make sure your phones are VOIP, and for any service locked to our office IP, they can be connected via a VPN.
Citrix seems to be a trendy and quick solution. Contacting any MSP doing Citrix, Azure, AWS would work can get you set up and running in no-time.
Think of remote apps. Either procure a few remote desktops and then a VPN to the client’s office or (if the app is small) migrating the app into the cloud and doing a hybrid environment if you still need AD access on your local environment.
For the phones, it is advised to look at a platform that provides mobile-first support. And the following applications seem to be the most popular ones of choice.
It is possible to run any of the above applications from either a web browser, mobile app, or Desktops app.
The cold hard truth is that unless you are a big-ticket MSP used to handling high volume work from home setups, you will struggle. But not for long. Know that it is hard having to get into multiple home machines by the dozen all at once.
Here's where the Team viewer and Google remote desktop come in handy.
Note: Be advised that you have to install a full extension.
It is no doubt that if we talk about a perfect situation for cybercriminals to prey on victims, it would be very similar to the current scenario.
Global fear of a situation that changes every day. A lack of information and an abundance of misinformation puts millions in a state of anxiety.
The current scenario seems to be the perfect diabolic concoction for anyone with malicious intent to take advantage of business email compromise, data breaches, and various other cyber crimes!
Hence fellow MSPs like you have already started rethinking their endpoint security and cyber safety. With the following tools popularly recognized to be most efficient in covering their security needs.
With these uncertain times where many MSPs are struggling with a surge of incoming requests and are finding it hard to cater to existing customers, it is not uncommon for you to think if you should invest more in selling.
It is agreed that times are tough, and it's pertinent to set up processes, talk to clients, assure functionality. But in the bigger picture, problems are temporary. Though these problems are essential, however, sales remain the oxygen that fuels these other activities. That said, trying to sell while managing clients, deals, documents, and projects in one single PSA tool seems ridiculously confusing. Many modern MSPs have already made the switch to a cloud-native sales solution like Zomentum that fast tracks your sales cycle and maximizes your productivity. Sign-up for a free demo today!
Disclaimer: The author does not claim expertise within the field of IT solutions, all the tips were gathered from the good folks of the MSP reddit thread.