Among security practitioners and leaders globally there is a common conversation happening. “Is now the time to rework our infrastructure and practices to be more secure, in the middle of all this uncertainty. Do we react, and just make it work? Or do we consider the threats we are knowingly introducing and accept that risk? And how do we do this during a pandemic?” Honestly, those are very fair questions to ask. But that conversation has to happen and it has to happen now. Let’s explore why now, right now, is the time for this transition to begin and dive into the opportunities that we are presented with by this crisis. Read More
Covid19 has pushed businesses all over the world to adopt homeworking. However, it was not always set up in the ideal way: from IT tools to management style to how the employee works. Things were implemented in a rush. In this blog series, we will unfold homeworking in all its aspects.
This blog post is part one, we’ll have a look at how/why homeworking is believed to increase employee productivity, the cultural differences, and what it takes to optimize ‘productive’ homeworking. In subsequent blog posts, we’ll cover other angles such as legal frameworks, BYOD (Bring Your Own Device), management styles, cost optimizations, etc.
I have been working very regularly from home in the past years. Living a roughly 90-minute drive from the office helped, of course. Homeworking became my new normal a long time ago. That said, it did not include to ‘never’ go into the office and not having any type of face-to-face contact with the team. It also didn’t include having my young kids running around the house while I’m working. I’m assuming the COVID-19 measure are temporary by nature, but also that the current peak in forced homeworking will have consequences in the way we’ll work in the future. In other words, I’m convinced that the adoption of homeworking will grow – so let’s do it right.
Jumping right into the subject. Workers with a flexible workspace policy (home, office, anywhere) are claimed to be more productive when working from home. From personal experience, I agree with the claim: less time in traffic, more focus, a higher threshold for people to interrupt you, etc. We will talk about those drivers for success below. I’m not alone in feeling more productive when regularly working at home: an IWG Survey from March 2019 shows respondents tend to be very positive about the relationship between productivity and a flexible workspace /homeworking. 37% of respondents even claim to be 40% more productive.
% of business people (right scale) reporting the increase in productivity (left scale) believed to be made by a flexible workspace policy
Source: IWG Survey from March 2019
Homeworking: for whom?
Clearly, not every job can be operated from a home office. Where in some countries there are experiments with remote doctor appointments, I can’t see a nurse giving remote instructions on how to draw blood. Bus drivers, construction workers, etc. are not in the possibility to work from home either. It is typically a perk for knowledge workers and people that get most of their work done on a computer. In the US, the World Economic Forum estimates “around a quarter (24%) of workers in ‘management, business and financial’ occupations – such as corporate executives, IT managers, financial analysts, accountants and insurance underwriters – have access to telework. So do 14% of ‘professional and related’ workers, such as lawyers, software designers, scientists and engineers.”
However, “only 7% of civilian workers in the United States, or roughly 9.8 million of the nation’s approximately 140 million civilian workers, have access to a ‘flexible workplace’ benefit, or telework”, according to the 2019 National Compensation Survey (NCS) from the federal Bureau of Labor Statistics.
As the graphs below show, there are multiple variables that create a platform for flexible and home working: the industry you work in and the role you are in matter. So does the size of the company: larger organizations tend to enable homeworking more broadly. There are cultural differences as well. In the next chapter we will have a look at differences between countries.
Arnaud's tips for homeworking
Most people will agree they are more productive when working at home. That context is very personal. Let me share 10 tips that help me get the most out of my homeworking days:
- Get a shower, get dressed: you’re going to work, it’s just not in an office. You won’t catch me working in my PJs!
- A quiet office: I have the luxury of having 2 offices in my home. One is integrated in the living area which I would use in evenings, when there are no calls, or when nobody is home. The other office is cut off from the world and free of distractions and noise. This is really the default office for me.
- 3 monitors: with 2 external monitors connected to my laptop, I’m “better” equipped at home than in the office.
- Clean desk: I don’t like mess on desk. I’ll clean up at least every couple of days. The only thing you’ll find is a pen or 2, some paper (for scribbles), and a bottle of water.
- Music: I’ve always worked with music on the background. It helps me focus. To that point, in the office, I often have a headset playing music.
- Online meetings with video: Just by the nature of my job, I run tons of online meetings with people all over the world. I appreciate to see the people during a meeting, and, hence I’ll default my “video on”.
- Planning: every week I try to plan ahead and block time in my agenda for focus tasks. These are tasks that will take longer than 30’ and that require to get ‘into the zone’ in order to get things done. Every morning, I review and adjust my agenda. It also helps in setting expectation to others that might depend on my work.
- Instant Messaging, active: as mentioned, I’m used to work on 3 monitors. One of these monitors will by default will have my Slack, WhatsApp and Teams open. I realize this actually should not be a best practice as it creates distraction. That’s probably true. It just helps me not feeling isolated and still be somehow integrated in the team.
- Samsung Watch: sitting still all day isn’t great for health. My watch reminds me to get up and take a walk.
- Plan for a F2F with the team at least once a week: the above are all linked to working at home. But equally important for me is to have actual F2F time planned on a weekly basis.
Different speeds in different countries
If we look at the European Union, there are vast differences between countries in the adoption of homeworking. Data from Eurostat below – as collected by Merchant Savvy – shows the evolution of employees that occasionally work from home over the span of 10 years.
The differences can in part be explained by the unique mix of industries in each country (i.e. countries with more knowledge workers could logically have a higher number of homeworkers compared to countries with more blue-collar workers in manufacturing). This reasoning doesn’t always apply. Sweden, for example, has a relatively large manufacturing industry yet is leading the pack in (occasional) home working.
The availability of telecom and IT infrastructure, culture, leadership style, etc. will all explain the differences per country.
Eurostat: evolution in occasional home working in the EU
April 29, 2020 – The said US Water District wishes to stay anonymous for compliance reasons, and we respect that. However, we still wanted to share this extraordinary story.
Being an Awingu customer since 2018, their original focus was to enable secure remote access to one specific suite of HRM apps (Oracle Fusion HCM). When the COVID19 outbreak started to hit the United States mid-March 2020, the Water District leadership decided to enable and push teleworking for all employees. They gave the IT team 2 days to prepare for everything. With 75% of employees not equipped with a company laptop, and with a VPN solution in place without 2FA (2-factor authentication), you’d think the odds were against them.
The IT director wasn’t worried too much. He had been closely involved in the Awingu deployment and immediately saw the unified workspace as the default solution. “Thank God we had Awingu in place, it went flawless”. He required a solution that offered more protection than the existing VPN with 2FA, that was easy and fast to roll out by his team, and that would work in a “Bring Your Own Laptop” scenario for employees working from home. Awingu ticked all those boxes.
Two days later, the existing Awingu platform was scaled up and connected to 30 cloud services and remote applications, file servers, and office desktops. Roughly 80% of the staff connects remotely to their office desktop. The roll-out was fast and ran without hiccups. It was a “surprisingly great experience”, says the IT director.
Things ran so smooth, the Water District decided to extend the roll-out to all contractors two weeks later. These were mainly relying on a VPN-based solution which was identified as being not secure enough. Especially in these days, there was absolutely no reason (or need) to make compromises on security. With Awingu, the Water District has built-in MFA, usage auditing, granular controls, and many other security tools at their disposal.
The Biomedicine Agency is a French public administrative establishment (EPA) created by the bioethics law of August 6, 2004. It operates in 4 very distinct fields: the removal and transplant of organs and tissues, the removal and hematopoietic stem cell transplantation, medically assisted procreation, human embryology and genetics. Those are areas of competence which make it the reference authority on the medical, scientific, legal and ethical aspects linked to questions on those topics. It reports on its activities and the application of the law to Parliament and the Government.
The need for a telework solution
Enabling telework was the answer to a growing need expressed by the 250 employees of the Biomedicine Agency. Work at home had to be unrestricted for the user, but without any safety compromises. At the start of 2019, the Biomedicine Agency therefore decided to allow its staff to telework.
There were constraints, however:
“We needed to set up a fully functional and secure solution for our employees to work at home and in the office, from their own computers. The demand for flexibility brought by remote working came 100% from our staff! In addition, we had a limited budget and a small IT team, so Citrix was not chosen because it was too costly and complex to manage for us “
Christophe Vincent (Head of IT, Biomedicine Agency)
In practice, teleworking means that users are able to access their fixed workstation anytime, from anywhere and on any device
“What really motivated our decision in favor of Awingu is the fact that no installation on the mobile user’s computer is necessary,” says Christophe. “The user can securely access the applications and files from their desk phone using the browser as if they were at their desk.”
Given that the Biomedicine Agency is an institution that deals with sensitive patient files, it is not surprising that data confidentiality and GDPR are amongst the highest priorities. The Biomedicine Agency wanted to make sure that the remote work solution chosen allowed all the data to remain on their servers and that no form of data copies could be made remotely.
Working with Awingu
When they opted for Awingu, they immediately saw that the right ingredients were there:
Facilitate telework: The Biomedicine Agency has a small IT team, so it was essential to find a solution that generates a minimum number of support tickets. With Awingu, their employees only need to navigate to a specific URL from any browser and any device in order to establish a secure connection to access their landline and work as if they were in the office. There is no need to install agents or clients, which saves valuable time and avoids connection difficulties.
Data confidentiality: The connection established between Awingu and the remote offices works over SSL and the administrator can deactivate the downloading of files on the local device. In other words, what happens on the server stays on the server.
Simple configuration: The Awingu configuration was done in a few hours and remained easy to manage afterwards.
Security: The multi-factor authentication integrated in Awingu is a plus, as it increases the level of security by authenticating users in a standardized way.
Based on internal studies at Agence de la Biomédecine, Christophe Vincent confirms an Awingu satisfaction level of over 90%!
Learn more about Awingu!
Databalance was Awingu’s first Dutch partner in 2015. Less than five years later, there is not a single crack to be discovered in that marriage. The Cloud Solutions Provider and the provider of a Unified Workplace solution are an excellent match.Read More
“Friends don’t let friends use VPN.” I read this claim in a blog post by Matthew Sullivan (whom I give all creative credits) and was immediately sold into the line. In this blog post we’ll discuss why classic VPN (Virtual Private Network) solutions are not ‘good enough’ anymore for businesses to enable remote working and teleworking.Read More
March 16th, 2020. The demand for homeworking is exploding because of Covid-19 measures being taken worldwide. As it turns out, a lot of organizations are not scaled to provide secure homeworking. Not all employees are equipped with laptops, VPN or VDI platforms are not scaled for mass usage, et cetera. In attempts to keep the business running, IT departments are taking urgent measures in scaling for mobile and homework. Unfortunately, this doesn’t always happen with security best practices in mind:
- Open RDP: Users are just getting access to desktops and server-based computing environments via an Open RDP environment. In our study from Jan 2020, we saw over 360.000 Open RDP environments in 6 European countries. I’m sure this will be significantly higher today.
- No MFA: Organizations are not using MFA (multi-factor authentication), and, are just using Login & Password. These are still too often easy to guess or hack. E.g. ‘123456’, ‘password’ and ‘qwerty’ are in the top 3 of most used passwords in 2019. Alternatively, malicious entities could also link logins and passwords via the many lists that are floating around on the dark web. If you don’t have extra security measures in place, using just a login & password means your business is a sitting duck.
- VPN Access on BYOD: VPN is the most used tool for remote access. With the spike in demand, organizations are tempted to enable VPN on unmanaged devices (that could be compromised). Running a VPN on a compromised device is a definite no-go. It gives hackers the possibility to enter your network without too much hassle.
We see an increase in hacking activity since the Corona outbreak. TheNextWeb reports that hackers are publishing malware-infested outbreak maps and dashboards. While the official map from “John Hopkins University” informs the public, these maps are built to discover credentials such as usernames, passwords, credit card numbers, etc. This could be the personal webmail account of the user. It could also be access to your corporate network.
Not necessarily related to the same root cause (which is still unknown), but March 13th Computer Weekly reports that a hospital in Brno, Czechia, was the victim of a cyber attack. The hospital IT systems were turned off and have been encrypted by ransomware. This, amidst the Covid19 crisis. The worst possible timing for the hospital. And probably the best for the hacker(s) to see any form of ransom payment. 2 days later, on March 15th, the municipality of Marseille, France, is also hit by ransomware attacks says Securityaffairs.co. This attack right before the local French elections.
Secure homeworking with Awingu
Awingu enables secure access within the principles of “Zero Trust”. Users take whatever device, including unmanaged ‘BYOD’ devices, and login via their browser to RDP based desktops and remote apps, file shares, intranets, … Nothing is running locally on the device. The user only gets access to these assets (files, apps, ..) they have the right to access. MFA is built-in. User controls can very gradually be turned down (e.g. no remote printing, no copy-pasting, etc).
The beauty is: Awingu runs on top of your existing back-end environment. It is not disruptive, still adds all the mobility and security benefits.
Fast, faster, fastest deployments
Time is of the essence. Deploying Awingu in your existing network can be done in the lapse of hours. Roll-out to users is also very quick as there are no agents and clients to install on the end-points. Users just need to authenticate to the Awingu workspace via a browser. That’s it.
An increasing amount of organizations are stimulating working from home. Because their employees are asking about it, because it’s proven to increase productivity, or, because of the recent Corona (Covid19) […]Read more
“The world’s biggest work-from-home experiment has been triggered by coronavirus” is a CNN headline released in mid-February 2020. The virus outbreak is driving homeworking in all impacted countries today. Many businesses – […]Read more
An increasing amount of organizations are stimulating working from home. Because their employees are asking about it, because it’s proven to increase productivity, or, because of the recent Corona (Covid19) outbreak.
For companies that issue company laptops, VPN (Virtual Private Network) is still a very popular tool – even if proven not to be a very user-friendly or secure remote access enabler. But for diverse reasons, many companies equip their employees with desktops in the office. Enabling these employees to work from home, typically means enabling BYOD (Bring Your Own Device). Here, VPN is a definite no-go.
Furthermore, many organizations don’t have a Server-based Computing or VDI platform. Meaning, the only way to work remotely, is to access the physical desktop.
In this blog post, we’ll explain how organizations that don’t have a VDI setup (or a Server Based Computing platform), nor equip staff with managed laptops, can still enable secure homeworking with BYOD through Awingu. For clarity: Awingu is often used in Server Based Computing context in combination with RDS (Remote Desktop Service). This is a different scenario.
The basic principles
Awingu is a virtual appliance that can be installed in the network of the organization. It has many functions, but let’s summarize the most relevant ones for this use-case
- HTML5 Gateway: Awingu has an RDP to HTML5 gateway. When put in your company network, it can connect per RDP (Remote Desktop Protocol) to the different desktops. It translates this signal in HTML5, and, makes the desktops available in a browser.
- Browser-based access: users don’t need to install anything on their device. They take any device, surf to the access URL using their preferred browser, authenticate securely and get access to their desktop. For the remote access to work, the desktop needs to be powered on in the office. It also means IT support doesn’t need to worry about supporting clients and a multitude of new devices.
- Any Windows version: Awingu talks RDP. That means there is little dependency on the Windows version you are running. You can connect a Windows XP desktop all the way to a Windows 10 desktop.
- AD credentials: Awingu will connect via LDAP to your Active Directory. Users will authenticate with their known Windows credentials.
- Multi-Factor Authentication: Awingu comes built-in with an MFA solution (use Google Authenticator or Microsoft Authenticator on a smartphone. Awingu also supports numerous other MFA integrations. So basically, on top of the Windows Credentials, the user will add another token to assure a secure authentication.
- Port 443 only: The only port which needs to be open to the outside is 443. Nothing more.
- Usage Audit: Awingu has a full audit trace (IP address, timestamp, streamed apps opened and closed, …) to assure compliance, also for remote access.
Simple architecture gets you up-and-running in hours!
In the above high-level picture, we illustrate how the Awingu virtual appliance is set up in an existing network.
- Awingu’s virtual Linux appliance is installed on one or more Virtual Machines (as guidance: up to 500 concurrent app/desktop sessions can run on 1 virtual machine with 8Gb Memory and 8vCPU)
- Awingu is connected per RDP to each desktop (they must be powered on), and coupled to the AD. No installations are needed on the AD or desktops.
- Note: Awingu can also be connected to RDS-based environments, to file shares and SaaS apps such as Office 365 and GSuite. In this blog post, we make an abstraction of this and focus solely on the remote desktop access.
- Awingu is typically installed behind a firewall or proxy and only needs access via port 443.
- End-users login via their browser on their private device: a Windows laptop, an Apple Macbook, a Chromebook, .. any device with a browser will work. The Awingu virtual appliance.
- Single Sign-On is also possible with an external Identity Provider (IdP) such as Okta or Azure AD. When using an IdP, you can also opt to use the associated MFA services to access the Awingu workspace.
Given this simple setup, organizations can get up and running in a matter of hours! Start your free trial today!
What investments are needed?
To enable the above use case, you will need:
There is no need for RDS licensing, given that you are connecting to a client OS (and not a server). You will also not require any additional VDA licensing if you remotely connect from a Windows device to your primary desktop/laptop that is connected to the company network (learn more about how RDS & VDI licensing works here).
- Zero Trust, zero complexity – Awingu introduces Awingu 5.0, the standard for secure and easy work from home, anywhere, any device
- Villa Berica adopts Awingu for doctors and healthcare personnel
- Awingu as the secure work from home solution at industrial manufacturer Latesys
- Secure remote access to lab computers at ProQR Therapeutics
- Awingu & Nutanix better together: Awingu achieves “AHV Ready” status