At least one security company says the number of inquiries for its telecommute-enabling
technology have soared since the outbreak of severe acute respiratory syndrome (SARS) in
the Greater Toronto area. But businesses say recent events shouldn't require them to beef up their current remote
access capabilities for employees. Rosaleen Citron, CEO of IT security specialist WhiteHat Inc. in Burlington, Ont., said
she saw the first increase in demand for remote access solutions within days of the
appearance of SARS. "Since the beginning of [April], we have seen a 200 per cent increase
in normal sales of virtual private networks, tunnelling and authentication technologies,"
Citron said. Business continuity issues were at the top of companies' lists after Sept. 11, but until
now, most policies and procedures revolving around remote access were based on the
possibility of floods, earthquakes or other natural disasters, she said. "Now we're dealing
with a human factor - we've never seen anything biological or health-related [to drive
adoption], since technology blossomed in the '60s." Policies have now been "changed or added to very rapidly" to include health risks - and
employee anxiety, she added. "If you have a health situation, you're not just dealing with people being quarantined,
but you may also be dealing with fear," Citron explained. "You don't want to force
employees to go somewhere they don't want to be." Other times employees have to stay at
home because their children have been quarantined. Whatever the situation, she says, "this
is a human factor that hit people a little off side." Telus Communications Inc. hasn't had to address any situations in which employees have
been quarantined, said the firm's Burnaby, B.C.-based director of health services, Kendra
Innes. But the company has always had a plan for crisis situations. Precautions were taken
in the company's mobility division in eastern Toronto - some employees chose to work from
home, although they exhibited no symptoms. Safe telecommuting Jonathan Nieuwendyk, manager of workplace technologies for Telus in Edmonton, said Telus
has offered employees remote access capabilities for about 10 years. "We have 13,000
employees who use secure ID tokens to authenticate remotely - a good chunk have either
dial-in or VPN capabilities," he said, adding that Telus has not had to ramp up those
capabilities in response to SARS-related telecommuting. According to Citron, secure tunnels - protected areas through which locked and encrypted
data can be sent from home - are keys to enabling safe remote access. Another technology
that has seen a 230 per cent surge in sales is strong authentication, where the identities
of networked users, clients and servers are verified without transmitting passwords over
the network. WhiteHat offers this through an authentication token, a keychain-like device
on which a one-time PIN appears - the user must enter that number in a dialogue box as the
last step to logging in to the network. Citron recommends leasing laptops pre-configured for optimal security for businesses
that want to provide telecommuting capabilities for employees, but are concerned with
security issues. There's no guarantee that employees have adequate antivirus or firewalls
installed on their own personal machines, "and if they're using them to run through the
Internet, God knows what they'll pick up." Telus has struggled in the past deciding whether employees should use company assets to
log into the corporate network from home, or just use their home computers, Nieuwendyk said
- both because of security and budgetary concerns. "We have limited control over security on home machines," but with so many people
wanting to jump on the telecommuting bandwagon, it can get expensive to supply laptops, he
said. Telus used to lease the equipment, but found it was more cost-effective to purchase
notebooks, he added. Nieuwendyk said Telus has guidelines and policies around how to configure machines at
home for secure access. "There are always risks, but those risks are often outweighed by
the benefits of remote access." Once there's a VPN tunnel, there are few issues to worry
about. "There have not been, as far as I can remember, breaches resulting from a home
PC." Citron agreed that offering remote access capabilities could be a balancing act for many
businesses that want to give their employees a safe way to work from home, but that also
have to explain laptop leasing and security expenses to board members if the technology
doesn't end up being used. "A lot of CIOs I talked to in the last couple of days have had
their budgets cut, but are expected to support all this security. Where are they going to
get the money? They're running around trying to pull it from somewhere….They're probably
not going to rent notebooks until they know they're going to have to do it." One note of caution: if companies go the laptop leasing route, they must remember to
wipe the hard drives clean of any corporate information before returning the machines,
Citron said. WhiteHat's chief security officer Tom Slobichak said several software packages are
commercially available, which can overwrite files several times so the data becomes
unrecoverable. Another strategy, which costs nothing, is to reformat the drive three to
four times - seven times to meet industry-standard best practices - "but that takes a long
time and can destroy the operating system," he said. | 
icon.
