Are you worried about users working remotely with unmanaged devices that can compromise security?
Are you being inundated with support calls from users who don't understand why they can't get to their corporate data when their VPN loses its connection?
In this article, we'll explore how CentreStack elegantly resolves security concerns related to the increasing number of employees working from home to achieve two critical outcomes:
1. Simplify remote access to the point where users need no training. Get rid of VPN headaches and support calls. Give users a mapped drive that feels the same as sitting in the office directly connected to the file server.
2. Make remote access just as secure as working in the office by insulating corporate networks from unmanaged devices. This eliminates the threat from unmanaged networks and devices that can be easily hijacked to create Trojan horses that use VPN connections as infiltration conduits.
Even before the pandemic increased pressure to work from home, remote work has been quietly establishing itself as the new norm. In the US, for example, it has grown by 91 percent over the past decade. In fact, from 2014 to 2019, it rose by 44 percent (Flexjobs, 2020). We don't need statistics to know that these numbers skyrocketed in 2020. And there's plenty of evidence that working from home is here to stay, even after the Main Street economy reopens. This point is reinforced by the corresponding shift in focus to Remote Access for managed service providers that used to be primarily focused on Security and Backup as their most important practice areas.
It's a bit ironic then that even though remote access has in many cases supplanted security as a top of mind concern for IT departments and service providers, it has introduced new security challenges that can be expensive to resolve. For example, some of the biggest problems we've heard from our IT partners include:
Increased security risks of remote access from unmanaged devices over VPN
Increased support and training costs for remote workers using VPN
Loss of control and security when cloud storage replaces VPNs for remote access.
IT departments can protect corporate data by ensuring that corporate devices are correctly updated and that the proper firewalls, antivirus software, and other defensive mechanisms are in place to protect the devices and networks they manage. But when an employee has to work remotely from an unmanaged device, or an unsafe network, the risks increase. Those devices become soft targets for hackers and are more likely to be infected with malicious software. In a sense, they become Trojan horses carrying malicious payloads when they connect to the corporate network over a VPN.
These security issues lead to increased costs as IT departments have to indirectly manage home networks for their remote workers and address the increased number of support calls from VPN connection issues. There's also the potential increase in cost if they provide remote workers with a properly managed device which they can use to connect to the corporate network
check out the incredible
CentreStack adds secure remote access and file sharing, disaster prevention and recovery, to file servers on-premises with easy cloud migration to private cloud storage. It is the real cloud file server solution you have been looking for!
CentreStack bridges file servers and cloud storage for secure remote access without the need of a VPN.
Accessing files and folders directly from within a web browser as if it is as interactive as from a desktop drive.
CentreStack leverage cloud storage for secure mobile file sharing from a web browser or from a mobile application.
CentreStack sets up a hybrid deployment between local file servers and cloud storage that can be seamlessly converted to cloud-only.
CentreStack resolves these issues:
Providing a mapped drive over HTTPS to keep unmanaged endpoints off the corporate network.
Mitigating ransomware with file versioning and behavioral heuristics, and with version control and backup.
Controlling unmanaged endpoints with device management and access policies
End users get a mapped drive that mimics onsite behavior. Simultaneously, the corporate network is never exposed to the unmanaged endpoint since it can only connect to file shares the user can access. Furthermore, access can only occur via an HTTPS connection to the CentreStack server in the DMZ (the safe area between the external and internal firewalls). There is no direct connection to the internal network!
The user feels that they are still working on the corporate network (with help from technical tricks like smart caching of frequently used files and data compression), even though the device is never allowed to access the corporate network.
"It’s really easy for my users. I can just tell clients, go to your “M” folder, all your files are there. They just get it. They can also download the app on any mobile device - it’s just really simple to set up and to use. It's also easy to manage and easy to sell."
Data stays on hosted file servers. Remote access is governed by existing permissions. Data privacy is further maintained through isolated management of users and access rights in each tenant.
Use existing AD users and NTFS folder permissions with a simple interface to identify remotely accessible file shares that automatically appear in user's mapped drives
CentreStack allows admins to run HIPAA or GDPR compliance checks and generate reports demonstrating compliance for file access and collaboration.
CentreStack also provides file versioning and behavioral heuristics, guaranteeing that your files can never be held hostage by ransomware. The behavioral heuristic allows administrators to set a frequency threshold beyond which the offending device gets quarantined. For example, an administrator can choose to quarantine any device which changes more than 20 files in a 10-minute window, limiting the scope of impact for ransomware to 20 files. And since CentreStack provides file versioning, these files can be quickly restored to their previous state.
The ability to stop executables and zip files from being run from the mapped drive
Auditing and reporting to keep track of any suspicious behavior
Endpoint encryption, remote wipe, and other data loss prevention features
The remote access solution extends the current internal Windows file server's reach to remote locations via HTTPS and web protocols. It is privacy by default.
The same corporation owns the internal Windows file server and existing IT infrastructure, including the new CentreStack server, and the files and folders on the file server are privately owned.
The internal Windows file server is the data repository for the newly added remote file access service. For employees, the files at work are the same files available remotely on mobile devices.
Since files never leave the current on-premise file servers, it is much easier to pass compliance auditing. The new remote access server is the only component that need additional work.
The same NTFS permissions that was in place to protect the internal Windows file server files will be the same permission control in place to protect the remote file access service.
Boost productivity for mobile workforces when they need to remote access corporate file servers.
Users have the familiar drive mapping interface for remote access to files.
Global file locking facilitates team collaboration by locking active files that are being edited.
Files and folders from corporate file servers cached on remote devices are subject to encryption and remote wipe.
Folders from the edge device can be back up to central corporate file servers and the on-ramp to private clouds.
Define different permissions for folders at different levels of the directory structure or inherit from NTFS permissions directly.
Web browser-based file manager and mobile applications make web and mobile access to files easy.
From internal Active Directory users to external clients and partners, you can define user rights for folder sharing.
Shared folders are put under version control and notifications are available for users subscribed to the folders.