Is your remote control security bullet-proof?

When it comes to remote control, I always say “Convenience overrides paranoia,” meaning that customers will get over their paranoia at having a stranger accessing their system when they see the value that comes from using remote control (faster and easier problem resolution) .  But for this to work, you need to make sure that the customer has absolutely nothing to worry about.

I’ve recently talked to a few members about remote support and security, and also we just recorded a mini-webcast, sponsored by Bomgar, with an open discussion on security and compliance with Phil Smiley, Director of IT Security for SSPA member BMC Software and Phil Demuth, VP of Internal Systems for ITI Fiserv. It was a really enlightening discussion. For instant access to this 30 minute mini-webast, click here.

Here’s what I learned:

  • Use a ‘best of breed’ remote control product with strong security features. In our 2008 SSPA Member Technology Survey, 15.9% of members were using ‘home grown’ remote control solutions.  Heaven knows I’m not a security expert, but having had security briefings from multiple remote control providers, there are levels of security in these packages you aren’t going to have with internally developed systems.
  • Leverage the product’s audit trail to capture every action of the agent.  Different products track different things in the audit trail, with some now giving you very granular control over exactly what to record, or to record everything-including a screen cam of what the support tech did during the session.  You may think this is overkill, and it will take up a lot of server space, but when a customer complains one day of unwanted access, you’ll have the whole story on file.
  • Enable tracking of uploads/downloads to/from customer systems.  This is a feature in some suites, and I think a helpful one.  If techs are responsible for checking/adjusting settings only, they may not need the ability to upload and/or download files to/from the customer machine.  If you are able to disable this feature, you can promise the customer no virus will be introduced and no personal data will be stolen.
  • Prompt customers to approve uploads/downloads during the session.  When techs do need the ability to upload/download files during a remote support session, some products allow you to prompt the customer to approve the upload/download before it begins.  This forces the support tech to explain what they are doing and further limits unwanted access.

How are you messaging to customers that remote access is safe and secure?  Any security hiccups you are willing to share?  Add a comment or shoot me an email.  And as always, thanks for reading!

Explore posts in the same categories: Best Practices, Consumer Support, Enterprise Support, Technology

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

5 Comments on “Is your remote control security bullet-proof?”


  1. Axeda provides and on-demand solution for remote service, and the number one concern we hear from our customers is security as an issue for end-customer adoption. Having features like you mention are an essential part of the story but we found that it’s even better if a trusted third-party says your solution is secure. That’s why we have VeriSign do a full audit of our software and internal processes to verify the security of our solution.

    One of our customers, Quantum, took it a step further and had their specific solution also audited by VeriSign (http://www.quantum.com/ServiceandSupport/Services/GuardianSecurityFeatures/Index.aspx).

    The key is clear communication with your customers about what your remote service solution does for your customers and how it works. Another best practice is to have whitepapers on security features, here’s another example from the Quantum site.

    http://downloads.quantum.com/guardian/StorageCare_Guardian_Security_White_Paper.pdf

  2. jragsdale Says:

    Hi Brian;
    Very interesting about Quantum having their implementation audited. I think this may especially appeal to companies in industries with complex security requirements such as Financial Services and Healthcare. Any ballpark estimate on what it would cost to perform an audit?
    –John


  3. Cost of the audit is in the tens of thousands for the service. This does not include the time required by your staff to assist with the audit and make any required changes, but it is well worth the cost for the increase in customer acceptance.


  4. […] his post, Is your remote control security bullet-proof?, Ragsdale summarizes a recent webcast minicast covering the topic. The format is an “open […]

  5. Ted Says:

    “Safety First” is always a good model, and building trust in a brand is quite possibly the biggest hurdle and the most important step a company can make in reaching customers. In my experience with remote control software I found that trust is easy to break and hard to build. This is because cyber criminal activity is on the rise, and opening access to a computer goes against gut feelings to protect network security. I think going with a larger, more advanced company that has, like you said, layers of security is the best way to go.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: