According to a recent survey from PwC, companies that did make the switch to remote working solutions found had an " overwhelming success" with 83% of respondents (business owners) calling the shift to remote work a success for their company. Today we talk about the best remote work solutions for small business in Canada - and what not to use.
Making the switch to secure remote working in 2022
Remote working can result in cost-savings many times greater than the initial investment required in IT infrastructure.
In addition to cost savings, secure remote work solutions protect your business as well or better as a traditional local network.
Remote work can result in greater productivity, increased employee morale, reduced commercial rent costs, a greater ability to respond to client needs from anywhere, and reduced pollution as employees cut down on commuting by working from home.
Since you're thinking of remote work solutions for your business, here are 2 ways to get started with remote work the right way - securely, and built on best practices. If your only take away from this article is to not to use a VPN, that is a great takeaway! If the two ideal solutions we present need further clarification, just schedule a free consultation.
Getting started with remote working
You may have dabbled with insecure and risky remote work solutions in the past - without even knowing it! If you or your staff worked remotely, or accessed your small business company data without a secure BYOD solution in place, you put your company at risk.
Seemingly innocent and common actions such as checking email from a personal phone or using quick and dirty remote log in software with no computer security in place on the endpoint ( the computer used to connect to the company) are examples of common bad practices.
Now is the time to get started with good practices - whether your staff works remotely once or twice a month, or every day.
Choosing between the best remote working options in 2022
There are over a dozen remote working solutions available for businesses. Some solutions are interchangeable and some can be implemented together but service providers usually use a mix of different technologies and services to find the perfect blend of security, functionality, and cost.
Avoid Using a VPN
At the same time, there is also a lot of misinformation around this topic, especially in terms of security. For instance, a popular remote working option talked about often is a Virtual Private Network or VPN solutions.
VPN's can be a good solution but small business often use them without the right security in place. VPN's fail you when they are not paired with endpoint security because they don't allow you - the business owner - the person taking on all the risk and liability - to control, secure and manage the computer or device - known as the endpoint that is connecting to your company data.
You must control every device that touches your company data. Not doing so leaves you vulnerable to a lot of risk.
What's popular isn't necessarily true or useful or ideal.
This is why we are limiting our discussion to the top two secure remote working options that businesses can adopt. Starting with…
Cloud-based Remote Desktop using Azure + Windows Virtual Desktop
This solution is perfect for any business with a mix of Mac's and PC'.s It also works perfectly whether you own the devices connecting, or your employees do. It makes it super easy to onboard new remote employees, control connections to your company data, and protect data by blocking copying, downloading, etc. It does carry monthly subscription costs that some small business won't want. Let's dive in.
Cloud-based remote desktops help you overcome the risks of quick and dirty access. They also work faster and more securely than allowing staff to remote in to your server.
There are two main components involved in a cloud-based remote desktop system, the cloud and the remote desktop itself. Let's take a look at each separately.
Your servers and network (made up of individual devices) form the key parts of your IT infrastructure which can be either on-premises or cloud. If it's the latter, half the work is already done but for this explanation, we'll assume you have an on-premises infrastructure.
A remote desktop server emulates your on-premises servers by connecting your devices (employee laptops, for instance) to create a secure network outside the office building. Traditionally, this would mean setting up a dedicated server to host the devices which adds costs - not here.
Such an arrangement was the norm for most of the 21st century but in the last decade, cloud computing emerged. Tech giants such as Microsoft, Amazon, and Google decided to use their immense resources to create cloud servers that are interconnected and globally available. This meant that businesses could move away from the CapEx model of on-premises solutions to the OpEx model of cloud computing - you no longer have to buy, maintain, or upgrade hardware because you're not using your own hardware.
At the same time, cloud computing brought better security, better pricing (pay-as-you-go), increased resiliency, and virtually unlimited scalability. A cloud-based remote desktop replaces your on-premises server with the cloud, giving you greater scalability and better security at lower costs.
One of the most popular, enterprise-level solutions for this is using Microsoft Azure with Windows Virtual Desktop. Your remote desktop runs on the same secure and powerful data centers that are used by other Microsoft services. This means that you get access to high-performance servers that are globally scalable and have low latency. And of course, this is an excellent remote work solution for small business too.
Pros of Microsoft Azure + Windows Virtual Desktop
Cloud computing on its own is generally considered one of the safest options for IT infrastructures as it has better security features right out of the box than most on-premises solutions do. Furthermore, remote desktops are also safer than common remote working solutions such as virtual private networks or VPNs as a separate, dedicated server exists only for the business. In other words, everything stays within your private slice of the cloud.
Resiliency is a foundational tenet of cloud computing and this extends to cloud-based remote desktops as well. Windows Virtual Desktop running on Azure is one of, if not the most resilient options available to small-medium-businesses (SMBs). It has a wide range of resilient features including automatic backup and fast disaster recovery. In fact, it can bring your entire infrastructure online in just minutes if the previous data center failed.
Fastest onboarding for each user:
Scalability isn't only about increasing hardware capabilities but also about increasing the number of people using it. As your business grows, you'll add more people and devices to your remote desktop server. Fortunately, Azure and Windows Virtual Desktop aren't just better at raw hardware scaling but they also have faster onboarding processes than other remote working options. You can onboard and offboard staff quickly with just basic technical know-how and you can do it from anywhere in the world - not just Canada.
Cons of Microsoft Azure + Windows Virtual Desktop
Higher operating costs:
As we said, cloud computing shifts you from a Capital Expenditure (CapEx) model to an Operating Expenditure (OpEx) model which means that while your upfront hardware costs dedicated to remote working will be virtually eliminated, your monthly carrying costs will increase. That said, there a few factors to consider when calculating your CapEx and OpEx in this scenario. For instance, you no longer have to pay for depreciating assets and servers that lose $20,000 of their value in five years and make full migrations mandatory when they do. Highest monthly carrying cost. Especially if doing graphic intensive work. With Microsoft Azure, you don't have to worry about outgrowing your older hardware since the cloud scales horizontally, that is, you can simply keep adding more virtual CPU, RAM, disk, etc as your business grows. Additionally, your on-premises systems require regular maintenance and constant administration - the cloud doesn't. Most cloud services are serverless and fully-managed which significantly reduces your IT workload.
Potential vendor lock-in:
Although all major cloud vendors tout a "no vendor lock-in" policy, the truth is, over time, you're going to make investments into the cloud service you're using but they still have the right to terminate your license if you violate their Terms of Service (ToS) which though isn't very likely, is still possible. Is there an alternative to Microsoft Azure that won't do it? Not really, all cloud vendors have the right to stop serving you if you break their ToS. If this happens, you'll have to rush to find a new vendor and switch to other remote working options in the meanwhile.
Static software loadout:
The software loadout and services ecosystem isn't as populated or customizable as an on-premises system can be which can be an issue if your staff members need to use different software. On the other hand, if you're looking for interdepartmental consistency, the static software loadout shouldn't be an issue.
Remote Work Solutions with Azure Active Directory + Microsoft Intune and Microsoft 365
Pros of Azure AD + Intune
Simple to use:
This is one of the simpler remote working solutions and allows employers to keep a hands-off to adding new computers as well as reissuing computers to new staff. Intune supports self-service enrollment, giving employees the ability to join the remote workplace quickly and securely, speaking of which…
Azure AD with Intune isn't as secure as a cloud-based remote desktop server but powerful security features do exist - and this solution can meet all your compliance requirements too. Employers can create strict security policies that can be pushed automatically when an employee joins. Each device can be encrypted and password-protected for additional security.
Flexible software loadout:
Your workforce uses a shared set of software tools so wouldn't it be nice to automate the installation of all the tools and software a new employee would need? Well, you can. Using InTune, your IT provider can automate new device setups with everything that is standard to your team - a custom solution to meet your needs. Having a flexible software loadout is no longer just a luxury for huge companies- it's a best practice any small business should have, today.
Cons of Azure AD + Intune
Extensive configuration required:
Although this remote work solution is easy to use and offers automatic enrollment, getting it to that point is not. Compared to the other two, a remote working system like this would take the longest time to configure and deploy initially. This means that the upfront consulting and development costs can outweigh the cost savings. If your requirements are complex enough, it might even outweigh several years' worth of a hosted cloud desktop solution.
Strict compliance penalties:
This system grants access to devices when devices comply with the security policies set by the administrator. However, this type of locked-down configuration can force devices to be wiped clean in case they fall out of compliance which may result in downtime and loss of productivity. Of course, your IT provider can program preference in to place.
BYOD not suitable:
This approach does support self-service enrollment but it's still not very well suited to bring-your-own-device (BYOD) use cases because employers cannot lock staff down on their personally owned devices.
The Importance Of Device Management
A big part of a remote working system is connecting work computers and granting access to work data.
This leads to a common misconception that basic device management, such as connecting them to the same workplace group or using third-party tools such as GSuite tools to connect devices is enough.
However, this ignores one of the most important requirements of any remote working solution - security.
There are various services in the market that can be used to manage devices and grant access to files that are very attractive to businesses because:
- They are very inexpensive to deploy (some are even free)
- They have no recurring monthly costs for IT help (because there is no IT staff)
- They offer the most flexibility as each user (employee) is the administrator on their own device (usually personal computers)
Laying out these "advantages", and putting on our security lens, we can clearly the security vulnerabilities.
First, there are no secure endpoints which means your business information isn't secure and can easily be made public.
Second, a device management solution on its own, doesn't have any active threat filtering or disaster recovery capabilities. So device management isn't ideal for detecting and preventing threats, or recovering from a virus or ransomware. If you were to lose your data, there would be no way to recover it.
Other problems posed by a standalone device management service include severely limited visibility and control. As an employer, you will only have access to information that is shared to you by your employees. Even your IT team has no control over what your employees do with the data - you only have basic access control (granting and revoking access to employee devices).
So what's the best way of managing your employee's devices? The ideal remote working solution will integrate device management into other important layers of overall security, including active threat detection, intrusion detection, important security policies and controls, backup and recovery and much more.
Both of the remote working solutions we just talked about have device management capabilities baked right in, along with a wide range of additional control features that are needed for secure remote working and meeting your IT security and compliance needs in this ever changing landscape.
Implementing the right solution
Platforms like GSuite, Zoom, and Slack are band-aids. They are fine for simple and non-business-critical workflows. A big reason behind the popularity of tools like GSuite and Slack is their ease of use. Employers need little to no technical knowledge to set them up but this is also a major security vulnerability because it is equally easy for individuals with malicious intent to break into your infrastructure. G Suite, now called Google Workplace, has implemented some endpoint management features, but Microsoft is still far ahead of them.
The business challenge you face is that you need a secure and scalable long-term solution.
The two remote working solutions we have discussed in this article are the kind of solutions that businesses should be exploring to make remote working viable and just as effective as office work - perhaps even more.
A cloud-based remote desktop is the best possible remote working solution. It provides the highest levels of security, is extremely scalable, and resilient. On the other hand, remote work solutions using Azure Active Directory and Intune is another great solution, especially for businesses already using Microsoft tools.
However, the biggest hurdle standing in most businesses' way isn't the cost but the implementation. That's where your trusted IT partners come in. TUCU Managed IT Services Inc is a top rated, trusted, Toronto IT Company specializing IT security solutions and cloud consulting services. Schedule your free consultation to discover how we can help you.
Ready to make some changes?
Speak to our Toronto IT Consultants for options & an estimate.