Any IT team – small, medium or large – looking at deploying a new SaaS based solution should be thinking about security. Introducing a new remote support solution is no exception here, especially where end-users are giving control of their desktop to helpdesk technicians. If you’re looking at new tools for your helpdesk, here are some key areas I think should be explored:
§ Data confidentiality: Ensure that no one can intercept data transmissions to and from end user machines communicating with the remote support system. To accomplish all this means using Secure Socket Layer (SSL); and your remote support vendor should be using (and keeping up to date on) one of the standard SSL protocols.
§ Authentication and authorization: This means verifying that the technician using the support solution is allowed to do so, and that the technician can identify himself/herself to the end user as such. Any solution you’re considering must provide multiple means by which the admin can guarantee that the tech using the system is the real deal, and is only performing tasks they’re authorized for.
§ Auditing technology: Ensures that any activity technicians perform can be reviewed by administrators for compliance and governance purposes.
§ Permission based: Technician access to end user computers should follow a process that requires the end user to grant permission to the technician to perform any troubleshooting on the PC. This acts as a handshake between the technician and the end user prior to accessing end user devices.
§ Data Center: And, of course, since we’re talking SaaS, the SaaS system itself must be located in a solidly secure data center.
What’s on your security checklist? How do you evaluate new helpdesk tools from a security standpoint? Tell us what you think.
Join our Facebook group
Follow us on Twitter
Check out the LogMeIn Rescue Community