Continuing with our series on how to rethink remote access, IT expert Mike Cuppett shares his thoughts on remote access policy. Mike is an IT professional with over 20 years of experience in operations, infrastructure and security. A “developer of people and deliverer of services,” Mike writes for IT Security Rookie as well as his personal blog.
First, I would not define any specific product solution (hardware or software) within the policy, so that the policy would not have to be updated each time a solution changes.
Second, I would define the needs for remote access and categorize them accordingly. Possible categories include system support employee, general employee, external vendor/consultant, external compliance consultant, etc.
Lastly, document the access allowed and controls deployed for each category.
That’s pretty high level, but should make for a good start.
Mike also suggests checking out the following online book stores: