Remote learning and remote teaching are indispensable concepts in higher education around the world. Since the shift to remote working and online learning, the sector is facing more and more cybersecurity challenges. Where before the biggest part of school operations stayed in the school’s environment, there is now an increased use of technology in a remote environment. That means that there are also more potentially vulnerable access points for attackers. But how can you let staff and students securely access a desktop or application without putting the school network at risk?
IT admins of universities and colleges are thus looking for secure remote access solutions in education, as security is one of the primary worries in an increasingly digital world. We’re talking about enormous user groups (dozens of teachers and often thousands of students) that use many different devices to access applications and files with a lot of personal and sensitive data.
In this blog, we will be looking at the top 4 remote access solutions used in education. Those are Teamviewer, VPN, RDP and secure unified workspaces. Needless to say, all these solutions are valid options to enable remote access in education – but they’re not always equally secure. Nevertheless, it’s important to keep the specific problems you want to solve in mind. Define how you want to enable remote access, and what remote access solution fits your query. That way, it will be clear that some solutions offer more advantages, often in terms of security, than others.
Why have remote access for staff and students?
In their courses, students often have to use very class-specific applications and software, which are installed on computers in university PC rooms. In times where (partially) remote learning is the norm rather than the exception, it is usually not possible to offer this software personally to students, as it is very expensive for the university and/or cannot be installed on any hardware. A way to solve this, could then be to give students remote access to the school computers via their own device (Chromebook, tablet, …) . Depending on what type of access your provide for these forms or remote learning, they can easily access the software – even if it’s legacy software (that needs to be installed on the device) from outside the university or college.
Another often-heard use-case is that of network-restricted third-party services. Educational institutions often have memberships for services like JSTOR that they offer to their students and academic personnel. Often, access to those services is limited to the network of the university or college. If a researcher or student can get access to these services from anywhere, this would greatly benefit the institution’s (and their personal) academic prowess.
However, enabling remote access is not only a necessity for the students. There are also many administrative staff members working in universities and colleges who would like the option of working remotely. For example, they may need access to personnel files or work with accounting applications from home. For those people, universities and colleges should be looking for a secure and simple solution, because this administrative staff often works with personal data of staff and students. There must be absolutely no risk of data loss, so security is very important. Furthermore, the IT team should not be burdened with the fact that these employees want to work at home, so a school should look for a simple solution that requires few support (tickets). Of course, this is also the case for teachers who want to be able to access files and applications they need for lessons remotely.
Remote access solutions in education in 2022
There are many remote access solutions for education on the market. However, some of them are complex to use or to manage, and others pose a risk to the educational organization’s critical cybersecurity. Let’s take a look at the top 4 remote access solutions in education in 2022:
TeamViewer
TeamViewer is a remote control computer software, that allows you to maintain computers and other devices. In an educational context it is sometimes used by IT teams to give remote support to students or teachers when one of those parties is not present at school. With the software, users can share their screens, application window and even an entire remote desktop.
This solution is especially useful to share a remote desktop view between users to collaborate or support. However, it is a less ideal software for teachers and students to connect with lab computers in the school.
Disadvantages of TeamViewer
- It is free for home/personal use, but it cannot be used for free in the commercial settings. Prices are steep: $130/mo for 3 concurrent sessions - at that rate, giving entire classes remote access quickly becomes a costly affair.
- TeamViewer offers built-in MFA, but there is as of yet no way to enforce its use. This is a long outstanding request by the TeamViewer community
- Because integration of AD and MFA are not mandatory, you risk leaked credentials. Students will log in with a username and password, and they're in. It is unwise to have thousands of credentials shared with users that can access your network, and that don't necessarily adhere to the privacy protocols you have put up
- In the past years, researchers (and hackers) have discovered multiple 0day exploits in the TeamViewer software, such as CVE-2018-16550 (brute-force vulnerability) and CVE-2020-13699 (allowing malicious websites to launch the host device's TeamViewer application)
- Depending on your license, you can miss out on mass deployment. If you're configuring (and maintaining) accounts for the entire school, this can become a very time-consuming effort. Furthermore, users report that its AD integration is cumbersome and requires many steps (it requires an additional software download (the TeamViewer AD connector), API key generation, etc.)
- TeamViewer doesn't have the ability to use full screen with high-resolution screens
- A student or teacher needs a fast and continuous internet connection if they want to use TeamViewer
- Students and staff are not able to share large files in an easy way
- Every system needs to have a TeamViewer and the same version installed on it to work which is not efficient when students work remotely on an unmanaged device
Virtual Private Networks (VPNs)
All around the world universities and colleges are letting students access on-campus network resources from their own device by using a virtual private network (VPN). Once students have tunneled access, they can use services that are exclusively available to devices on the network. Examples of that are using the institutions’ intranet applications, or being recognized as a logged in user for services such as JSTOR.
VPN has been around for a long time, and stems from an age where cybersecurity concerns were different. They come with multiple security, user experience and management flaws. Take precautions: unprotected VPN access to your network is a serious threat to your organization.
Disadvantages of VPNs
- VPNs is a technology, not a vendor. You need to harden the connection yourself by enabling MFA (via a different vendor), restricting user access and setting up strict policies
- You create a direct connection between an unmanaged end-user device and the educational institutions' backend: if one of those devices is compromised or infected, it can hurt your entire school's network. The list of universities that were hit by a devastating attack that came in via the institution's VPN connection grows every week
- According to an IDC analysis, more than 40% of security breaches come from authorized users like contractors, vendors and employees. This means that VPNs typically lack the granular controls needed to allocate users with specific rights. Once a remote user is authenticated by a VPN, that user is considered trusted and gets access to anything on the company network. It makes the company network and its resources pretty vulnerable and open to attacks or data leakage
- VPNs are difficult to manage for IT administrators as they don't have an overview on which devices the VPN client is being used, nor can control if the latest version is installed securely - and having outdated clients installed is a huge security risk
- VPN platforms typically need to absorb a lot of download and upload capacity. These platforms are rarely scaled to enable many students or staff to access the network remotely at the same time. Consequently, capacity and related performance issues are more frequent than rare.
- It's tricky to use VPN on thin clients or other lightweight devices (such as Chromebooks) as they rely on local processing power
Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is being leveraged today by many universities to let users access clients and servers remotely. It allows users to control their remote Windows machine as if they were working on it locally. Most technologies that enable remote access into Microsoft Windows-based clients and servers rely on this foundation.
Unprotected or 'naked', however, it becomes a huge cybersecurity liability.
However, using RDP without any further security measurements (naked) can be disastrous for school networks when one of the vulnerable open access points is being hacked.
Disadvantages of RDP
- The RDP protocol and its clients are vulnerable to hacking and exploits. Hence, you need to apply careful hardening policies
- To enable multi-factor authentication (MFA), you'll need a different solution on top. If you choose not to enable 2FA, you greatly elevate the risk of a security breach.
- You have no overview on which software or data users are accessing, nor can control with which type of device they are doing this with. Usage reporting is completely absent.
- Preventing shadow IT (for example, control which users can access a remote desktop or connect to computers on campus) is impossible.
- Students & teachers need to install RDP agents on their device.
Secure unified workspaces
Working with a unified workspace in the education sector means that you make all server-based applications, remote desktops and files available in one workspace. Additionaly, it gives students and staff the possibility to securely take over lab or class room computers from a distance. This way, they can work remotely, anywhere, and any time on a remote device – all they need is a browser. An example of such a unified workspace for remote access is Awingu.
Benefits of unified workspaces
- Everything's behind a single login: a user visits their workspace via the browser and has access to all the assets they need to maximize their productivity.
- It's easy to manage (for IT administrators), as well simple to use for students or teachers. Therefore, you don't have to worry about many support tickets or training your faculty for hours.
- Universities tend to like the solution as it is very cost-effective & quickly deployed (in the cloud or on premises). Simply plug in your existing assets and you're good to go.
- It connects simply via standard protocols with the active directory to gain the information on users and user groups.
- Even with less resources available, this solution gives you the ability to easily make secure remote access possible for schools. This increased security is optimized by giving browser-based HTML5 access to RDP stream (instead of via a vulnerable RDP client), protocol switches, built-in MFA and SSL offloading, extensive usage audit, anomaly detection, granular usage controls, session recording, context-awareness and more.
English 
Italian 
German 
Spanish 
French