Remote Control Software: A Dangerous Practice in a Telework Situation

Although not suitable for teleworking, remote control software is unfortunately one of the tools used by companies to allow their employees to access their office workstations from home, from a personal computer. The relatively simple use of remote control software has sometimes made the security risks associated with this type of product seem less important. Remote control software is intended for remote maintenance with a user responsible for initiating the connection and monitoring the actions performed and is therefore clearly incompatible with teleworking.

Remote control software: products mainly dedicated to remote assistance

If they are used in the right context, remote control software is not the issue. It is the way some organizations use it that is problematic. When used in a professional context, for remote maintenance, this software does not present an additional risk factor for the security of information systems. In fact, this is the configuration in which they are most used. They allow IT support and other helpdesks to take control of employees’ workstations in order to resolve any type of problem that may arise on users’ sessions.

However, their initial use is often hijacked to provide remote access, especially in the context of teleworking. Since 2020 and the widespread democratization of teleworking, remote control software editors are more and more integrating teleworking as a key use of their solutions despite the inherent security gaps in this type of product. The responsibility is therefore shared between these editors who evade the risks linked to the use of their solutions and the IT departments who do not always follow the good practices of cybersecurity and therefore put at risk the whole information system of their organization.

Why are they unsuitable for telework?

The main reason why remote control software should not be used for telework is because of the security of the information system:

• All flows pass through the cloud, and the accessed workstation is exposed to the outside (potential “man in the middle” attack).
• Most accesses are done by simple authentications that are not adapted to the remote access context.
• Once the remote user has taken control of the machine, he or she can rebound and thus put the entire information system at risk.
• There is no traceability or control of these accesses by the organization’s IT department, which makes it impossible to find the source of any potential compromise.

Furthermore, these remote control software programs have a high licensing and operating cost since they require the installation of an agent on the workstation which, if not regularly updated, is at the mercy of unpatched security flaws.

ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to... More and CASB: Technologies for securing remote access

To secure their remote accesses, organizations must therefore avoid remote control software (at least for their telework uses and remote accesses by partners or service providers). They should instead prefer ZTNA (Zero Trust Network Access) or CASB (Cloud Access Security Broker) technologies, which allow these accesses to be genuinely secured, whether they involve controlled workstations and controlled networks or not.

Systancia Workroom, Systancia’s “zero trust” secure remote access solution as cloud services, is based on the ZTNA technology and allows organizations to secure all access regardless of the context (telework, mobility, on-call, outsourcing, service provision, etc.).

Unlike most remote control software, the product offers a native strong authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows... More (MFA) and allows to check the integrity and compliance of the workstation, essential in a context of unmanaged workstations. Moreover, the company has control over those who access resources and applications internally, even pairing the user with his workstation (via the directory) in an automatic manner (case of an external user who accesses his professional workstation in the office). In addition, the solution guarantees data confidentiality since, whereas in the case of remote control software, data flows pass through the servers of the publishers of these solutions. With a ZTNA solution such as Systancia Gate, only the client can access this data. The ZTNA also allows to limit rights and authorizations based on the identity, the context of use and the applications/data used, in order to implement the principle of least privilege.