The worldwide situation right now due to COVID-19 is no less than a scene from an apocalyptic movie. It has forced most companies to reorganize their business processes and workforces to better cater to remote work or working from home. There were already many efficient tools available in the market to support remote work, but never has there been such an important catalyst to force their adoption and use. With the onset of COVID-19, these solutions went from a nice idea to business-critical applications and organizations had to integrate them into their infrastructure. So, it’s no surprise that the companies providing remote work solutions such as communication or virtualization tools saw more business during this period than they had seen in multiple years combined. Sometimes, it takes an extraordinary event to force a change into something logical all along.
Best practices for workstation security
One of the most common pathways chosen by the companies in terms of securing their laptop workstations for remote work was to provide access to their internal infrastructure via a virtual private network (VPN). However, VPN implementation comes with its own set of challenges and risks. Exposing internal infrastructure over the Internet is always a risk for any organization. It can attract a lot of attention from bad parties which can try to overload the VPN servers, force user account lockout, etc. So, a good and resilient authentication mechanism is imperative. The easiest and quickest way to strengthen authentication is to integrate multi-factor authentication and a lot of companies embraced it as a best practice.
Advanced workstation security using thin clients
While VPN + MFA does boost the security there are still a few challenges in the setup that, if not handled correctly, might have a negative impact. The biggest contributing factor to these challenges can be the user’s end device/endpoint. As it is usually a regular Windows PC, there’s no guarantee that it is completely secure and a person with some malicious intent will not be able to get some benefit out of it. The most efficient way to tackle this is to have a thin client as an endpoint device as it can improve the security considerably. Some of the key advantages of having a thin client instead of a traditional PC are:
- A read-only file system prevents the users from installing their tools which might be a security risk, hence providing a zero-attack surface.
- A central storage for all the data, meaning no sensitive data is stored on the user’s device.
- The devices can be managed remotely, so if needed, any security upgrades can be done efficiently and they will be applied no matter what
So, with this implementation, the end user doesn’t have just a secure link but a completely secure workspace to work in and the company can manage them efficiently.
Deploying and managing thin clients in the remote workspace
However, providing a thin client to all of the users for remote work can be a difficult task in itself in terms of logistics and costs. Also, some employees prefer to work on their personal laptops. To tackle this, ZeeTim provides a software-based thin client solution known as ZeeOS, which allows you to convert existing computer hardware to a secure thin client. The user just has to insert a USB and he can fully convert his device or use the secure environment for work and upon removing the USB, can recover the original operating system. It’s a simple plug-and-play solution and there’s no other configuration that the user needs to do.
ZeeTim also provides a simple-to-use yet very powerful configuration tool known as Web Management Console along with the thin client solution to manage the endpoint devices. It provides very granular access to different configurations allowing the companies to take full advantage of the platform.
Security Benefits of Thin Clients vs VPNs
In conclusion, we can say that:
- VPN alone is not secure enough for secure access. MFA is a first step towards it, although not sufficient.
- Thin clients can provide a much more secure endpoint option for remote work than compared to a PC.
- Companies do not necessarily need to invest in expensive thin client hardware. They can easily transform users’ existing PCs into secure thin client endpoints using ZeeOS and manage them centrally using Web Management Console.