The Institute of Directors (IoD) has begun rolling out secure remote working technology to ensure business continuity and allow more flexible working.
The IoD's profile, as the professional body for business leaders, and its location near Buckingham Palace mean security was a top priority, IT infrastructure manager Richard Swann said.
“We face a number of potential threats, partly as a result of our location in Pall Mall, central London. They range from terrorist activity blocking off access to our offices, through to poor weather and the everyday transport problems that can affect a big city.
“The possibility of an avian flu epidemic is another emerging risk we are aware of and we wanted to have effective remote working systems in place as a contingency. We are also keen to encourage flexible and home working.”
The IoD has selected AEP Networks’ Netilla Security Platform, a secure sockets layer (SSL) virtual private network appliance, was chosen because it uses an “application layer proxy”, which means remote users never directly connect to the corporate network.
It replaces the IoD’s previous hardwired ADSL and router-based VPN connections. “Previously we were providing staff with ADSL connections and routers at home, together with PCs and software, even if they already had their own home PC and web access,” Swann said.
“We couldn’t take the risk that their own machines didn’t have up to date security such as antivirus and anti-spyware. But in the longer term this would have proved expensive and inflexible as we sought to step up our remote access capacity both for business continuity and flexible working purposes.”
The new system is configured to provide “thin” web-based remote application access to the IoD’s Windows 2003 corporate network. It presents users with a proxy of the applications they need using “screen scraping” technology. This protects application servers from direct exposure to the internet, applies security policy and acts as a gatekeeper.
The IoD is gradually rolling the new technology out with systems integrator Enforce Technology. It plans to control access to network resources with the platform’s policy-based realms facility, which restricts access to individual parts of the network to specified user groups. The IoD is also planning to introduce a token-based authentication system.