The next IT expert in our how to rethink remote access series is Javed Ikbal. Javed is the Chief Security Officer at zSquad, an Information Security consulting company in the Boston area. His specialty is building or re-engineering information security programs. Javed has taken some time to share his thoughts on remote access policy.
– Define who may get remote access and the documentation/authorization for getting that privilege
– Document and define the add/change/delete process
– Define if the VPN can be installed on personally owned HW or not
– Prohibit split tunneling
– Enforce endpoint security (patches, AV, local firewall)
– Activity they can do while connected to the VPN