“And in the age of digital […], not adapting to new tech and communications can be the kiss of death. A smart audience development strategy is about forecasting tomorrow’s market and adapting to it – and that is simply good business strategy”
Brigette Tasha Hyacinth,
Leading the Workforce of the Future
Within military circles remote electronic communications have been standard since Morse code was introduced in the late 1800s. In the current information age, a flyaway pack consisting of a laptop, secure router and a communications bearer is a pretty standard piece of equipment for modern military communications globally. In general, the commercial world has not adopted the same level of secure remote communications as a standard. With the onset of the COVID-19 pandemic, forcing company employees to work from home who would normally be sat on a corporate network, this now becomes priority. A secure company supplied communications package for remote working is a critical component of your business continuity plans.
Secure Remote Worker (SRW)
With employees working from home or physically away from the company extending a secure IT network with the provision of an SRW communications pack is key. This should as a minimum consist of a company supplied laptop with a router to prevent employees using their personal home computers and thus potentially introducing malware and viruses onto the company network. Providing secure access into the company network remotely thereby enabling business continuity both internally and externally without impact to daily business and company reputation.
Video conferencing software and internet access can now be controlled by the IT department, reducing any virus or spyware programs being unwittingly placed onto the company intranet network. A secure encrypted communications link provided over a household broadband or other external Wi-Fi network allows the employee to continue their work as if they were sat in the company offices, essentially providing a virtual office vision to the customer.
Providing your employees with a SRW communications pack also provides external partners and customers with a level of confidence alike that any security or GDPR breaches are controlled.
Business Continuity Plan (BCP)
Whether planning for a pandemic, environmental incident, natural disasters or any other event that would force your daily business to work remotely, communications are key to maintain your normal operational business. Without access to the company secure IT network, the impact to daily routine and customer engagement will be significant. Having the resources built into your BCP or even opting for a more flexible workforce post COVID-19 will greatly enhance your company’s day to day business with the ability to adapt and overcome any future catastrophic events.
If you would like an informal discussion on the above or any aspect of our Secure Remote Worker (SRW) communications package please contact Apella Solutions.
About the author
Gavin Smillie served with the Royal Signals, British Army for 24 years travelling the globe and providing communication links over long distances for both radio and IT networks from cosy operations rooms to dusty and self-contained remote operation rooms, from single link operations to large scale operation rooms during peace and conflict. He has now worked within the commercial communications arena for the last 10 years providing services and products for various Government, Military, Police and commercial markets.
Post COVID-19 Pandemic – Reviewing your Network Security
The speed at which the COVID-19 pandemic has developed has meant that companies may have been forced to circumvent some of their security arrangements to provide capabilities for remote working. Companies have been scrambling to set up impromptu remote working facilities utilising insecure online services. IT departments will no doubt have been forced to punch holes in their firewalls to enable remote access to corporate systems and an army of virus ridden home PCs will suddenly have gained access to sensitive company data. The long-term implications of these actions have yet to unfold but with breaches to GDPR regulations attracting large penalties, the consequences could be severe.
How to operate during a pandemic!
I imagine many CEOs will be scouring their business continuity plans (BCP) looking for the section that covers “how to operate during a pandemic”. Undoubtedly when the dust settles companies will want to revaluate their BCPs and implement changes to mitigate any future similar events. They will also hopefully be considering the positives that have materialised from these enforced new working arrangements. As an example, my local village stores did not take card payments before the pandemic however within a few days almost all had setup online stores providing home delivery services. This crisis has forced companies to rethink the way that they operate. Change can be a very good thing
In my 30 or so years dealing with network security, I have witnessed a lot of change. I came from an era before the internet, where keeping data secret meant locking it in a steel box and placing it in a locked room. From a modern day network security standpoint, many of the old disciplines remain largely the same.
Three key questions to consider are
Notwithstanding GDPR regulations you have a duty to protect the information you have been entrusted with so it is important that you consider carefully what the implications would be. Again, if you do not really need it, dispose of it properly.
Need to know
The old security saying “Need to know” comes next. Who needs access to what information? You should also ask yourself the “why” question particularly if the data is sensitive. John may need access to the CRM system but only to get customer address details so that he knows where to send the goods. Could his access be restricted, or a separate process be engineered to provide him with this information without him requiring to access to the entire database? By considering these questions you should now have a good understanding of what data you have, why you need it, who needs to access it and what data you need to protect.
Current data security methodology adopts a layered approach where security progressively gets stronger as you progress through each layer to the most sensitive data. By adopting this method, you enhance your ability to control access to the data and reduce the potential of data being compromised through a single point of failure.
For example, a single bad firewall statement could expose your entire network to a world of internet hackers. A layered approach reduces the potential of this happening. The layers may be in the form of physically separate LANs interconnected by firewalls or virtual layers with software access controls, but they are distinctly different in terms of security and accessibility.
Congratulations you have won £50
Another consideration is that your network is only as strong as its weakest link. If you were walking down a street and someone said “congratulations you have won £50, all you have to do is attend this presentation” etc, you would probably run a mile as usually nobody gives anything away for free without a catch. Yet I have witnessed countless networks that have free software performing key elements of its security. Security software needs to be the latest version, up to date and well supported. Good security costs money.
With minimalised data, a layered network in place, an up to date and well maintained software combined with in-depth understanding of who needs access to what and why, you can now turn your attention to the “how” part.
How will your staff access this data?
Again, through a layered security approach you can provision multi layered secure access. General low-level data could be accessed via a simple secure VPN. More sensitive data should only be accessed via more stringent means with multifactor authentication and a locked down Terminal Services emulator such as Citrix or Remote Desktop that prevents remote users from downloading data to their home workstations. The level and complexity of security employed will largely depend upon the sensitivity of the data that you are protecting, however you should always aim for the best security that can achieve a workable solution as opposed to employing the minimum acceptable security. The cost difference is often negligible.
Internet is not your friend
When it comes to security there are a plethora of private network solutions that offer versatile remote working access without exposing you to internet hazards. Adopting this approach can remove much of the complexity of implementing security. Whilst these platforms offer a higher degree of security, you should not be complacent when it comes to protecting your data and should continue to encrypt all transactions and verify user credentials to prevent unauthorised access.
Clearly remote workers should not be using their own IT equipment and should be furnished with a company IT environment that operates separately from any home or remote infrastructure. Tools such as Cisco AnyConnect provide a secure mobile access capability for mobile workers. The use of Dynamic Multipoint Virtual Private Networking (DMVPN) can provide a mechanism to set up remote access for personnel operating on basic broadband services. For organisations that have multiple remote workers, a Mobile Device Management platform would enhance the security and capabilities of mobile devices.
If you would like an informal discussion on the above or any aspect of Network Security, please contact Apella Solutions.
About the author
Paul Brown has specialised within the secure network environment over the last 30 years working within the UK Ministry of Defence where he gained his spurs before leaving to build his own company which provides national secure IT and Video networks. Having successfully run and sold on his profitable company he has now created Apella Solutions to follow in the success of his previous endeavours. Network security projects with Command and Control rooms design and implementation continue to keep him occupied !
Providing high quality video over analogue, digital or IP links is always challenging. With limited bandwidth to ground stations and beyond to Operation Control centers, video quality is often degraded with various encode/decodes and latency issues. A blocky and jumping video feed is never a good thing as we know from watching our own TV channels in the house over uncontended broadband!
Selection of the equipment will fall out from some basic questions….it must be simple to operate and designed for the missions it will be used for. Key questions to consider:
Having selected the camera/gimbal system the next key piece of the jigsaw is the video/metadata compression hardware. Combining low latency video streaming solutions and H265/HEVC encoding/transcoding capabilities (such as those provided by Haivision products) combined with Secure Reliable Transport (SRT) protocol, will bring down bit rates to extremely low levels (as low as 100kbps). This enables high quality and low latency video to be transmitted over constrained networks such as satellite and other data networks.
Having selected your downlink system, you need to understand who you are transmitting the video product to and where. Placing a media gateway in the network will allow you to push your video to command and control room, laptops, tablets and mobiles. The mission and the situational awareness that will be required will dictate the number of links that will be required for the various decision makers, ground teams and non-tactical observers.
About the author
Gavin Smillie served with the Royal Signals, British Army for 24 years travelling the globe and providing communication links over long distances for both radio and IT networks from cosy operations rooms to dusty and self-contained remote operation rooms, from single link operations to large scale operation rooms during peace and conflict. He has now worked within the commercial Communications arena for the last 10 years providing services and products for various Government, Military, Police and commercial markets.
Apella Solutions is a UK Haivision distributor for the Government, Military and Law enforcement providing low latency, high quality video distribution over challenging networks with H265/HEVC encoders and transcoders such as the Kraken !
Kraken allows you to deliver substantially increased full HD video quality over satellite and other constrained networks. Optimized for 1080p/720p applications, Kraken receives high bitrate H.264 streams, which it then transcodes to H265/HEVC for transport (typically in the 1 Mbps to 3 Mbps bandwidth range), and reconverts from H265/HEVC to H.264 for onward distribution through less constrained exploitation ecosystems. With Kraken, HEVC transcoding reduces bandwidth by up to 50% compared to H.264 while maintaining high picture quality.
Touch base with Apella Solutions for further information….
Apella Team - firstname.lastname@example.org