Remote Access
What Is Remote Access?
Remote access is the process of connecting to a system or device from another location, whether on another desk in the same room or another asset located across the world. Remote connectivity enables people to work productively from anywhere by granting them access to company resources (e.g., files/storage, cloud infrastructure, data centers, operational technology, etc.).
Here are some examples of remote access within work environments:
A user may work from home while connecting into their company’s network and resources.
An IT technician might leverage remote support capabilities to install updates and troubleshoot problems on an end user’s computer. This enables them to service the device without needing to go to it in person.
A supervisor may use remote access and controls to monitor and perform actions in an industrial or factory setting, without being on the location.
An IT user could perform admin tasks on servers operating on-premises or in the cloud—regardless of where that user resides.
What Is Remote Access Software Used For?
Remote access software enables telecommuting and remote work / work from a distant location. Various remote access technologies are used to enable the following use cases and more:
User access to files, applications, networks, etc. that reside on remote assets
Customer support for troubleshooting and fixing software and hardware issues
IT troubleshooting and support (i.e. remote support) for corporate resources and devices (including unattended maintenance)
Administration for servers, clouds, and data centers
Vendor / contract support for various devices and systems
Training use cases, such as sharing screens and helping users learn in real-time
Industry-specific uses, such as remote access to medical devices at healthcare organizations or remote classroom support in the education sector
OT/ICS management for maintaining industrial systems remotely
Remote monitoring and management (RMM) for systems such as endpoints, servers, and IoT devices
Break-glass access for emergency situations
Benefits of Remote Access
Remote access technology confers significant benefits to businesses and users, including:
Lowered costs and time: For instance, IT support technicians do not have to go on-site to fix a device, and employees do not have to be in the same location to collaborate, ultimately saving on travel costs and time. The ability to work remotely, such as from home, can also lead organizations to reduce their office footprints and, subsequently, achieve savings on rent and site maintenance.
More flexibility for hybrid and remote workers: Employees who work from remote locations can still use company resources without needing to go in person to access various systems. Workers can also avoid time lost to commuting, which can be translated into increased productivity, well-being, and job satisfaction.
Better scalability: Teams can continue to access company resources and move forward with business as usual, even as distributed systems, remote offices, and virtual infrastructure expand.
Stronger collaboration: Teams that use remote access can better collaborate and communicate, such as through screen sharing, training, and other types of knowledge sharing, even if not located in the same geographic area.
More rapid emergency responses: Remote access ensures that teams can respond quickly and help maintain business continuity in the face of emergency situations, such as natural disasters or power outages.
Security and governance: When remote access controls follow industry best practices and documented policies for security, they can minimize risk and meet various compliance requirements.
How Does Remote Access Work?
Remote access connects to a system or device via technology such as a remote desktop protocol (RDP), Hypertext Transfer Protocol Secure (HTTPS), Secure Shell (SSH), or proprietary technology designed to mitigate risks. Connecting to the network in support of these protocols is often accomplished via the following technologies:
VPNs (virtual private networks): An encrypted virtual ‘tunnel’ used to establish a digital connection between a device and a network.
Proxy hosts: An intermediary server that can route traffic without exposing internal resources, which provides an added layer of security.
Bastion hosts: A server that facilitates the connection between an external network and an internal/private network. It is sometimes known as a jump box.
VDI hosts: A type of virtual machine that enables users to use virtual desktops with provisioned applications and files.
Jump Clients: Agents that can be installed on devices to facilitate access to these devices when needed. Jump clients are particularly helpful for IT teams to facilitate unattended remote access.
Jump Points: A system that can be installed on one machine within a remote network and then used as a relay to give other devices secure remote access.
These technologies rely on authentication and authorization processes to ensure the IT user / identity is who they claim to be and only has access to the appropriate resources.
What Are the Types of Remote Access?
There are two types of remote access. The first type, direct access, allows the user to establish a direct link with the target device or resource without any other layer or monitoring solutions.
Indirect access, the second type, leverages brokered connections—connectivity that includes a “broker” as an intermediary layer between the user and the target resource. While direct connections are easier to set up and manage, they also introduce security and scalability concerns. Brokered connections, on the other hand, can enforce security more effectively and are easier to manage long-term, as they are not dependent on the target system.
Different Remote Access Methods
Remote access can also use a variety of methods to facilitate the connection between two devices or systems. Common methods include:
Remote Access
Method | Description |
|---|---|
Virtual Network Computing (VNC) | Also offers a user interface for remote desktop access. |
Secure Shell (SSH) | Enables teams to securely access and control remote computers over the internet. |
Hypertext Transfer Protocol Secure (HTTPS) | Secures the connection between a user’s browser and the website they are trying to access, including connections facilitated by jump clients or jump points. |
Telnet | Facilitates remote command-line access to a device, but is seen as outdated, as it lacks encryption and other key security features. |
Key Remote Access Features
Many organizations use specialized software to facilitate remote access sessions and promote work-from-anywhere collaboration between two or more remote parties, such as colleagues or an IT administrator and an end user. A few key features offered in remote access software include:
Secure access, point-to-point
Screen sharing / remote control for viewing and interacting with a desktop from a different location, for maintenance or other collaborative purposes
File transfer for sharing files between computers remotely
Security features, such as just-in-time access, encrypted tunneling, etc., to ensure remote access cannot be misused by bad actors
Session monitoring, recording, and auditing to control and monitor session activity, share activities with another party for training or communication, and generate a comprehensive audit trail if needed.
Integrations with other tools used across the organization, such as customer relationship management tools, collaboration tools, IT tools (e.g., ITSM), security tools (e.g., SIEM), and identity governance administration tools (e.g., Active Directory)
What Is Unattended Remote Access?
Unattended remote access / unattended remote support is when an admin or technician, such as at a service desk or help desk, accesses a device remotely without the end user present.
Remote Access
Benefits | Risks |
|---|---|
Enables admins to provide maintenance at their own convenience, such as from different time zones | Can create pathways to possible attacks, such as lateral movement and privilege escalation |
Allows IT teams to perform a follow-up session, if an issue was not resolved in a first call with the user | Increases the chance of an attacker’s actions going unnoticed because there is no active user on the other end providing oversight |
Enables IT to apply updates at scale |
Remote Access Risks
Although remote access can empower productivity and enable workforce flexibility, it can also open enterprises, and their users, up to risks. For instance, more than 50 percent of the ransomware incidents that Dragos responded to in 2024 involved some element of a remote service, such as a VPN appliance or remote desktop protocol (RDP) server being leveraged by adversaries.
A big part of this risk comes from enabling access outside the traditional network perimeter. Ultimately, remote access means that the ways in which people can access various business files, systems, etc., are no longer facilitated through clear-cut network perimeters. Instead, resources are accessible through an ever-changing number of virtual environments and connections, making it far more complex to defend.
Some significant security risks related to remote access include:
Connectivity risks, as users might use a public network, a misconfigured VPN, or insecure protocols/ports to establish a remote connection. This could unintentionally expose the corporate network to unauthorized access, such as through an Adversary-in-the-Middle (AiTM) attack.
An expanded attack surface, as more devices can connect to each other remotely and entry points grow in number.
Malware and ransomware susceptibility, as attackers can use weak or compromised remote access pathways to install and execute malicious software.
Credential theft, as attackers often use compromised remote access pathways to steal credentials and other valuable data.
Third-party threats, such as supply chain attacks. Remote access often enables vendors and other external parties to connect to corporate devices and systems. This trust relationship can be misused in a supply chain attack, for instance. If remote access tools are not dedicated to an organization or the software is leaked, threat actors can co-opt legitimate tools to compromise an existing installation.
Gaining access to a system via remote access is often just the first step in an attack. The attacker can then misuse this level of access to move laterally, escalate privileges, and more.
What Is Secure Remote Access?
Secure remote access refers to the strategies and tools used to enable remote connectivity, but with a special emphasis on security. Today, this generally means leveraging a remote access security approach that is consistent with zero trust principles, or a zero trust network access (ZTNA) model. It means verifying every remote access session, not trusting by default, enforcing least privilege, implementing segmentation and microsegmentation, monitoring activity, and more.
Remote access security is imperative for privileged remote access use cases. When remote access is used to interact with sensitive resources or perform high-privilege activities, the connection should be robustly monitored and protected.
Vendor Privileged Access Management (VPAM) is the sub-discipline of secure remote access pertaining to the management and protection of how external vendors access various devices and systems.
Privileged remote access and VPAM best practices can include just-in-time (JIT) access for remote connections, session management for visibility and control over privileged sessions, etc. These methods ensure that all privileged remote access is appropriate and well-documented.
Remote Access Security Best Practices
Remote access security best practices can vary based on the use case, organizational size, and other factors. Here are a few general practices to consider, although the specifics will vary based on each organization’s context:
Enforcing least privilege, everywhere: Ensure all human and non-human identities that use remote access only have the exact, granular access they need—no more and no less.
Prioritizing zero trust: Continuously verify user identity, device posture, and context to ensure that the remote session remains secure.
Segmenting networks: Separate networks, implement microsegmentation, and leverage Zero Trust Network Access to isolate resources and limit the blast radius if a bad actor were to compromise your remote access solutions.
Using the right technology for the right use cases: Ensure your remote access toolsets are aligned to the right use cases. For instance, using VPNs could suffice for protecting your own info when browsing with a personal computer, but could pose security risks when used for implementing vendor access to a network or accessing company resources. This is because VPNs often grant broad access that, if compromised, can then be used to discover vulnerable systems, uncover secrets shared via networks, and further escalate privileges.
Using strong encryption: Use tools that create encrypted tunnels whenever a remote access session starts. Additionally, ensure session data, logs, and credentials related to remote access solutions are encrypted and stored securely.
Implementing session monitoring and logging: Ensure all remote access sessions are tracked to spot irregularities, provide real-time alerts if suspicious activities occur, and provide a complete audit trail of all activities. This is especially important in monitoring privileged remote access.
Using just-in-time access rather than standing privileges: Grant remote access for the exact moment in time when needed, and revoke as soon as the task is done.
Securely using and storing remote access credentials: Use a strong password vault, and leverage credential rotation and injection, especially for credentials related to privileged accounts and remote access.
Securing the endpoints used for remote access: Safeguard the devices and systems used for remote access with firewalls, antivirus software, intrusion detection systems, and strong policies around application control and local admin / root privileges on individual devices.
