With the increase in working from home, businesses are challenged with increased risks from staff using their own devices. To comply with security requirements from the government, customers and insurance organisations have contracted external IT managed service providers (MSP) to monitor, protect, secure and backup their devices. However, private owners of private devices have the right to refuse this invasive software. Understandably, they do not want anyone to have access to their private work.
Restricting or stopping the use of private devices and providing every staff member with their own device, is one solution. However, some contractors may have multiple employers (clients) and carrying several laptops is an unfeasible solution.
That said, security must take precedence. Unmanaged devices are insecure and present severe security risks. The often have expired protection with no defence from malware, viruses and ransomware. Ransomware then spreads to the entire cloud directory and eventually all connected devices. Unmanaged devices have untested backup, outages can mean large losses in productivity and higher repair costs. Auditing unmanaged devices can only be done manually, making compliance difficult if not impossible.
There are other complexities with unmanaged private devices. They are also much harder to support and repair. Organisation are maintaining assets owned by private individuals. When these devices invariably fail, become obsolete or decommissioned, who is responsible to replace the device? These factors need to be considered carefully when formulating your “bring your own device” (BYOD) policy.
We recommend clients provide all staff managed devices or virtual desktops and only restrict private devices to only access the remote devices.
There are three methods to remote access desktops.
- Large organisations have used the first method for years. It involves having a dedicated desktop computer permanently active in an office for each member of staff. The computer is loaded with all necessary software, your email account, SharePoint; and is monitored, backed-up, maintained, and secured by us for clients. Staff use personal laptops to remotely access their desktop computer. Clients are not responsible for the security of the laptop. The only extra cost is (a) the purchase of a desktop computer and (b) remote desktop software.
- The second method has also been used for many years. Microsoft calls it Terminal Server, but Citrix wrote their software. It expands the first method by using servers to host multiple users. It is much more involved and costly. This complexity is not something we recommend. Microsoft Azure has a newer robust solution when enterprises need data hosted and managed privately. There is a monthly fee charged by Microsoft (estimated $250/user/month) besides your MSP managing the virtual server (estimated $600/month).
- The third is relatively new and called “desktop as a service” (DAAS). Specialised providers setup managed servers and offer access on a per-user, per-month basis. Each user gets their own access to a segregated section of the server. The login uses Microsoft remote desktop or other proprietary software. Amazon AWS offers Workspaces (not recommended). V2 Cloud offers Windows server desktops (simple and excellent) from $110 per month per user. They are running on Microsoft servers, which means management is more complex and more expensive (https://v2cloud.com/pricing). Finally, Microsoft has entered the market with Windows 365. A fully managed desktop is available from $58/user/month. (https://www.microsoft.com/en-au/windows-365/business/compare-plans-pricing). If this is something your organisation is considering, we suggest paying for one monthly of testing before you get too involved.
We suggest organisations stop the use of unmanaged private computers and devices.
We recommend two solutions:
- Purchase a desktop computer for each member of staff (#1 above). For full compliance the office needs a separated and protected network (firewalled) otherwise the premises may be privately owned by staff. This computer is fully managed by your MSP and can be accessed remotely from the staff’s private device using remote access. Estimated costs include $3000 for the desktop, $50/month for remote access and noemal MSP monthly costs (from $150/month).
- Implement a virtual desktop service like V2 Cloud or Windows 365 (#3 above). This cloud desktop is fully managed by your MSP like any other physical desktop. The Windows desktop and can be accessed remotely from the staff’s private device using remote access. Estimated costs start at $58/month for virtual desktop and premium MSP monthly costs (from $250/month).
