Every day, organizations sign agreements with IT service providers such as GSIs, regional SIs, and boutique consultancies. To ensure compliance with security and access privileges, these organizations require the service providers to use their hardware and desktop configurations with their own tools, OS versions, detection intrusion software, VPN, security tokens, and endpoint device control policies. While these traditional practices provide a level of control and perceived security via hardware, they actually open up additional threats and risks (not to mention - delay projects and decrease user productivity).
The high cost of shipping laptops
According to recent research, one laptop is stolen every 53 seconds. Losing a laptop introduces risk for data breach and intellectual property loss. And nearly 41% of all data breach events from 2005 through 2015 were caused by lost devices such as laptops, tablets and smartphones. What this research neglects to mention is that mobile device security developments have outpaced those of desktop operating systems, leaving laptops as a far greater source of risk than phones and tablets.
The result? U.S. organizations face the threat of a breach with an average cost of $7.91 million (according to recent research from the Ponemon Institute's report: 2018 Cost of a Data Breach Study: Global Overview).
A familiar story
One service provider in Spain validated this story with us just recently. Although a relatively small and international provider, they offered a global (and unique) set of experts with unique skills and global customer support, with this differentiator, they won a contract with a large financial services institution in the USA. Thus begins their laptop shipping nightmare...
The contract insisted the service provider use laptops owned, configured, and shipped by the financial institution. The customer shipped the laptops to the service provider in Spain and subsequently dealt with considerable delays releasing them from Spanish customs. After three months of paperwork submissions to the Spanish authorities the laptops were finally released. However, by the time they were in the hands of the service provider employees, the tokens and access rights had all expired thus adding more time to resolve the security tokens and reset the access credentials. Meanwhile, the high priority project was severely behind schedule with the business owners becoming increasingly frustrated with the IT team within the financial services institution.
Shipping laptops is increasing your threat surface
By simply shipping laptops to IT service providers across the globe the service provider customers are opening themselves to additional threat surfaces and security risks. Laptops can be stolen, lost, or compromised either within the shipping period or once in the hands of the IT services consultant. Moreover, shipping and customs procedures at international borders introduce additional complexity and administrative delays that lengthen the time before a project can actually begin.
Customer owned laptops in the hands of service providers introduces other risks such as the malware intrusion from high risk end-user computing like web surfing or using public WiFi access points. VPNs provide some degree of protection from this risks of using uncontrolled and inadequately secured WiFI networks, but many VPN implementations provide insufficient protection against man in the middle attacks. And there remains a risk the laptop could contain viruses or malicious software obtained via high risk user behaviours. Once on the endpoint device, the malware will quickly penetrate into the corporate network via the VPN connection with inevitable consequences.
Shipping and customs delays aside, laptops are also at risk of being ‘lost’, stolen, or spied upon in countries with hostile nation state cyber activity. Similar risks can be associated with any remote access solution that requires credential delivery using traditional email or other collaboration tools.
Organizations want to ensure IT contractors or contingent workers are only working on the applications outlined in the contract. More importantly, organizations need the assurance that contractors are following the organization’s policies and procedures governing systems and data access, not sharing privileged credentials, not following change control procedures, and critically not carrying out unauthorized or illegal activities.
With no software to control or audit what remote consultants are doing the end customer cannot address the risks inherent in placing trust in a third party.
The typical cost of buying, configuring, managing, and shipping laptops to consultants is around $3000 per laptop or per consultant, plus the ongoing costs of support and the costs of returning the laptop at the end of the project. In addition, there are costs that cannot be quantified but could be exponentially more expensive for loss of data, intellectual property, and reputational costs should a laptop be compromised, lost, or stolen. Shipping laptops also brings with it a loss of agility. The lead time to deliver laptop to remote contractors doesn’t just impact project start times, any subsequent resource augmentation or replacement to address a change in requirements or prioritization will also be subject to the same delays.
The solution? Virtualizing the laptop process
What if there were a better, more secure, more efficient way to onboard IT consultants? What if you could eliminate the need for hardware altogether, remove the fear of endpoint devices being compromised or stolen, and eliminate the risk of data loss, while at the same time achieving far greater levels of business agility?
There is a way to completely virtualize the laptop shipping experience and turn the traditional method of onboarding IT consultants on its head. With the introduction of cloud end user computing organizations can take advantage of secured perimeters around workspaces to onboard and connect global IT skilled resources to data sensitive applications with an increased security posture that prevents data breaches, data and intellectual property theft, endpoint malware intrusion, and end-user impersonation.
With a Secure Virtual Room, organizations can stop shipping laptops to the global IT consultants. They can create a secured perimeter or virtual extension of their organization where they control the Windows and Linux workstations, install all the necessary tools and intrusion detection, and endpoint management tools; set system access policies and network segregation rules; decide who they want to invite into the secured perimeters and what policies they want to enforce; and are immune to threats to end-point devices. Moreover, IT organizations can switch from a capital expense to an operational expense model with elasticity to scale as demand goes up and down.
Want to learn more about how Tehama.io delivers Secure Virtual Rooms? Drop us a line at firstname.lastname@example.org or register for this webinar: