LogMeIn Discontinues LogMeIn Free
This week, LogMeIn announced the discontinuation of LogMeIn Free, a service which gave users remote access to up to 10 computers at no charge. A lot of people are complaining that the once-free service is being taken away. These complaints often mention another free service, TeamViewer.
LogMeIn Reddit Conversation
While free remote access tools can be great for accessing your personal computer, they aren’t designed for providing professional support to your company’s or customers’ systems.
Unfortunately, over the past few days a lot of people have revealed they are using the free versions of LogMeIn and TeamViewer to do just that.
On that note, I think it’s important for any support professionals who are considering switching tools to take a few things into consideration.
To help clarify that my intended audience is IT/support professionals, I’ll start this post with a survey.
Which best describes you?
A. Dude, I just want to get to my remote computer
B. I am good at IT support, but my primary client is my mom/spouse/other family member
C. I am the IT department at my company
D. I am a member/leader of the IT/Support group at my company
E. I am a member/leader of ONE OF the IT/Support groups at my company
If you answered A or B, pay for LogMeIn Pro or find something else you like.
If you answered C, D and especially E, keep reading.
3 Reviews LogMeIns Announcement Should Trigger
Even if you have not been using LogMeIn Free in your business, the announcement about its discontinuation should serve as a trigger to review the following three things:
1. How Many Remote Access Tools Do You Need?
If you’re the typical IT support organization, you probably suffer from BYORAT (Bring Your Own Remote Access Tool), where different IT teams and individuals bring in their favorite remote access tool of choice. A few years ago, we were working with a Fortune 500 IT outsourcer who had 12 remote access tools in their organization. Twelve!
It’s easy to see how this happens. You’ve got smart front line support reps under a lot of pressure to support employees and customers quickly.
They need to get access to end-users’ devices.
They get creative.
When they can’t connect with RDP, they sign up for LogMeIn. Oh, you need help with a Linux system? Set up VNC. It’s a router? I’ll use SSH or Telnet.
It’s a bit like that scene before the final battle in 13 Assassins when Hirayama says,
There's no Samurai code or fair play in battle! No sword? Use a stick. No stick? Use a rock. No rock? Use your fists and feet!
You Have Multiple Remote Access Tools Because . . .
But the reason you have so many remote access tools is that no one tool does what you need it to do. There’s always an operating system or configuration that isn’t supported.
LogMeIn Rescue, for example, doesn’t support Linux, and it doesn’t let you do remote support from a mobile device or tablet. So it can’t be the one tool to rule them all.
LogMeIn Rescue Platform Compatibility
TeamViewer lets you connect to lots of operating systems, but the products’ paradigm is the individual technician. If you have multiple support tiers or vendors who need to join a support session, you have no options with TeamViewer.
TeamViewer Platform Compatibility
How many remote access tools do you need?
Answer: Enough to connect every support rep, expert or vendor to everything that must be managed or supported.
Ideally, one remote access tool would be enough. More than one creates inefficiencies and security risks, which we’ll see below.
Action item: Make a list of all the remote access technology used in your company.
2. Are You Approaching IT Support Strategically?
Often, BYORAT (Bring Your Own Remote Access Tool) happens because strategy doesn’t … or hasn’t.
When fighting support fires, it’s easy to get stuck in a tactical frame of mind - a mindset in which the main question is, “How do we connect to the CEOs MacBook Air?”
But IT support organizations can’t afford to ignore the big picture anymore. Complexity has increased. With BYOD, the number of operating systems you’re supporting has increased. The number of devices end-users own has increased. The only thing that hasn’t increased is budgets.
The only way to thrive in such an environment is to think strategically. Ask yourself:
- We’re relying on a number of free or cheap tools. How might we be impacted if the parent company discontinues this product or stops updating it?
- How does having multiple remote access tools impact training costs?
- What support channels are we underutilizing, and how could we leverage them? (ex., chat)
- What manual support processes could be eliminated or streamlined with better integrations?
- We need a 30,000ft view of our performance. How do we get it when support activity reports, if they exist at all, are siloed in multiple products?
A strategic approach will take you beyond the tactical question of how to connect from a PC to a Mac, to thinking about how to connect a Mac customer to your Mac expert even though the customer has come into 1st tier (which only runs Windows) on chat while the Mac expert is traveling overseas and only has his iPad. Or it will have you pondering about how to securely bring in a vendor’s technician to help support the vendor’s application that’s running on your largest customer’s server.
The five or twelve remote access tools you’re using won’t let you do either of those scenarios. But acing support scenarios like that is how you wow customers enough to keep them … or wow executives enough for them to keep you.
3. Do You Think of Security as a Checkbox, Instead of as an Ecosystem?
I once saw a Mythbusters episode in which they challenged the claim that Chinese paper armor was as effective as the steel armor of its day.
You know why they stopped making paper armor?
Spoiler alert again!
The ecosystem changed, and the good ole ways couldn’t handle it.
Mythbusters Chinese Paper Armor
When it comes to IT security, the ecosystem has changed … and it continues to change … fast! Not only is this not your father’s network, it’s not your network from two years ago. You have to adapt.
Many of the security threats of today are more varied and sophisticated than they were five or ten years ago. Ironically, the ones that continue to cause the most havoc are the simple attacks. Trustwave reported that 47% of breaches they studied in 2012 were through unsecured remote access tools. And the Verizon Business Risk Team reported that 88% of all data breaches they studied in 2012 involved remote access technology.
For more, watch this video about 4 Steps Toward Secure Remote Support from Nathan McNeill.
Now, if you think of security as a checkbox, you might think, “This remote access tool has really strong encryption. I’ll let it into my support organization.” But the strongest encryption in the world won’t stop unauthorized use by someone malicious who has the password.
How did Target’s recent point-of-sale data breach occur? According to security firm IntelCrawler, attackers who bought malicious software entered retailers’ systems by trying several easy passwords to access the registers remotely.
Andrew Komarov, the chief executive of IntelCrawler, told the Washington Post,
'It seems that retailers still use quite easy passwords on most remote-access' servers, adding that there do not appear to be many restrictions on who has access to the remote point-of-sale servers in numerous companies.
The Passwords Are Easy Because . . .
Of course there may be many reasons for weak passwords. Here's one we see a lot. When a remote access tool has no centralized identity management capability, it's tough to do identity management. So more often than you'd think, everyone shares the same credentials.
When IT admins are allowed to BYORAT, the security of your entire network is compromised, especially if they’re using free, unsecured remote access tools.
Time for a Remote Support Strategy
You can see how all of these issues are connected. The rise of mobile workers and BYOD has increased the need for remote access. The lack of an IT support strategy leads to multiple remote access tools. The use of multiple remote access tools greatly weakens security.
If you were using LogMeIn Free for professional support, you must also have been using other tools, because LogMeIn Free couldn’t do all you needed it to do.
At some point, all the tools you’ve duct taped together will start coming apart. And a hacker will likely get in.
Maybe it’s time to step back, look at things strategically, and equip your support organization for this new ecosystem we’re living in.
Stay Up To Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.