Remote Support Security Presentation at the Service Desk Institute's TFT13 Conference

Since Edward Snowden, the former National Security Agency systems administrator, leaked controversial documents about classified intelligence-gathering programs, there has been additional attention on data security throughout many organizations. Especially when it comes to determining the access privileges of IT staff. In this video, Nathan McNeill covers four simple, but effective ways to secure remote support.

Architecture, Authentication, Access Controls and Audit. 

The are the four areas for security focus outlined earlier this week by Bomgar's Chief Strategy Officer, Nathan McNeill.

McNeill's presentation, presented as part of the Service Desk Institute's TFT13 Conference, points out some security weaknesses IT organizations often miss about themselves.  During the Q&A session, George Spalding, Executive VP at Pink Elephant, asked, “So Nathan, am I correct in assuming that most organizations who use remote support are not secure?”

McNeill replied,

I think that’s a fair assessment. It’s been a fairly consistent thing we’ve found over the years. And it’s … primarily because remote support has not been a top priority or top of mind for a long time.

But it is used. Every organization you go into is going to have some way of doing remote access.

And so if you’ve got some way of doing remote access but you’ve not really thought about it at a strategic level for a long time, it’s kind of a natural progression for you to have five or six different tools … none of which really controls every part of your infrastructure, none of which is really properly audited, none of which is really secured, but all of which are potentially opening up your organization to data breaches.

You can watch this and other presentations from Service Desk Institute's #TFT13 Conference (Tomorrow's IT Service Future Today): http://www.servicedeskinstitute.com/events/tft13/.

Edward Snowden, the NSA, IT Access and Leaks

McNeill's presentation couldn't be more timely.

Since Edward Snowden, the former National Security Agency systems administrator, leaked controversial documents about classified intelligence-gathering programs, there has been additional attention on data security throughout many organizations. 

One of the main issues that’s being highlighted is that IT personnel often have more access to systems and documents than they should.

Robert Bigman, former CISO at the CIA, suggests that most IT organizations assume that they won’t experience security problems simply because they’re an IT organization! In an interview with Information Security Media Group, Bigman says, 

If you don't have vigorous security oversight, you tend to fall into the trap like a lot of organizations do, that we will not have a problem and everything will work out fine. [...] The problem is, most companies, and even government, focus more on ease of use and ease of administration as opposed to security.

Robert Bigman, former CISO at the CIA
Source: CIA's Ex-CISO on Preventing Leaks - Describes Controls for Systems Administrators

In his presentation, McNeill points out the necessity for auditing capability, even after rigorous access controls have been put in place. Because authorized personnel with authorized access may still perform unauthorized actions, it's critical that IT and support organizations have the ability to report on and audit the activities performed by the organization.

Share this post:

Profile photo of Justin Brock

Justin Brock

Manager of Digital Marketing