Providing remote access to employees and third-party organisations is now a basic requirement for many businesses. There are significant drivers to encourage people to work from home or other remote locations and essentially it is not complex to deliver secure remote access. It can, however, be very expensive and the days of issuing all staff with a physical fob for occasional or business continuity use are long gone.
The key to providing secure remote access is understanding the needs of the users - there is little point, for example, in providing an expensive fob and associated licence to someone who is going to just need email access during a business continuity outage.
Remote access requirements need to be risk assessed and then a suitable level of security applied to that access. Risk assessment is a powerful tool, not only for defining requirements, but also for providing the business with the appropriate level of protection. By its very nature, a risk assessment is an analytical exercise, defining in a specific set of outcomes, rather than a one-size-fits-all solution. ISO27001 is a risk-based approach that clearly defines that all issues should be risk assessed and suitable remediation put in place.
We have extensive experience of delivering remote access solutions from many vendors and the associated risk assessment and policy/procedure.