Secure remote working, whether it means mobile staff dialling up or using WiFi in cafés, or teleworkers coming in over broadband, means you need encryption over the link, even if wireless is not involved.
Putting in a VPN is not the end of it though: an important part of keeping remote users secure is making sure their data is either backed up directly, or synchronised to a central server which is then backed up. Users cannot be relied upon to do this, but fortunately, technology can.
A second issue is that you can no longer assume that all users will be on PCs. Increasingly, mobile staff are using PDAs and smartphones as well or instead, and as these are even more vulnerable to loss or theft than a laptop, they need to be backed up and secured too.
The PC side is probably easier to deal with, as several companies supply software to back up remote systems to a central site. Designed for use on corporate networks, they aim to back up email and application data on individual PCs without requiring huge amounts of storage space on a server.
The idea is a simple one: if a file exists on several devices, you only store one copy of it. This applies whether the file is a program from Microsoft or whoever, or a shared corporate document. Plus, when a file is altered, you only backup the changes.
Its proponents say that content-based backup gets more effective the more PCs you have, adding that it makes it practicable to back up individual PCs within offices, as well as at remote locations.
"Lots of files are redundant, and eliminating those reduces the amount to back up by 95 percent, which makes it affordable," says Bob Brennan, the chairman and CEO of Connected
, a remote backup software vendor.
He adds that it also allows an organisation to treat its PC disks as a reliable resource. This in turn means users can be permitted to store more email data locally, so the organisation requires fewer email servers.
Connected's DataProtector technology has been used for several years in remote backup services such as NetStore, as it allows a Windows PC to be backed up over a modem link. Now the company has acquired software from Rchive-It
which applies similar techniques to email and will eventually turn volume backups into auditable archives.
It requires a client program on the device to be backed up, of course. DataProtector is Windows only, but other companies, such as Belgium's DataCenterTechnologies
, have Linux and Unix clients as well as Windows.
With remote backup, files that never change are backed up only once, as are identical files, thanks to metadata - data about data. The backup software fingerprints a PC and stores this metadata, allowing anything from file by file recovery by end users themselves, to bare-metal disaster recovery.
The second option is to make the remote devices an integral part of the corporate email, contacts and calendar system by synchronising them with it. Several companies offer synch software, such as Synchrologic
, Extended Systems
To date, synch software has mostly been promoted as a tool for connecting handheld devices and mobile phone, but it can be used with laptops and other PCs too, says Jan Mietle, senior product engineer at Extended Systems
He says that, with synchronisation in place, the issue of backing up the physical device tends to go away because there is always a master copy on the server. "The only exception is data created locally," he adds.
These systems rely on a proxy server connected to the main - typically Exchange or Notes - server. The proxy server can be located behind the firewall with specific ports open to the outside, or outside the firewall in a demilitarised zone (DMZ).
"Personally, I would always make use of a DMZ, but not all companies want one. So then you need to look at ways of allowing direct access, which can be risky," Mietle says.
"Bigger companies won't open their network to the Internet, that's where the DMZ comes in - every computer can access the DMZ proxy, but only that proxy can access the internal server. Data is encrypted all the way through the DMZ."
That encryption can also avoid the need for a VPN, he adds: "The default VPN service in Windows is quite tricky to set up and maintain. Our software covers security and encryption - it's like a VPN tunnel but specific to our software, so all it needs is a connection."
One other advantage of the synchronisation route is that it can be used to enforce an access password on the device, in case an unauthorised person tries to use it. Beyond that, it is also possible to encrypt data on the device, via software from the likes of Pointsec