Eaton Vance’s security strategy for telework

Like most investment management firms, Eaton Vance walks a tightrope between providing its users with the remote access they need, and ensuring those users don’t compromise the network. Vinnie Cottone, vice president of infrastructure services, recently spoke with Network World about his strategy for securing remote workers.

Like most investment management firms,  Eaton Vance walks a tightrope between providing its users with the remote access they need, and ensuring those users don’t compromise the network. Vinnie Cottone, vice president of infrastructure services, recently spoke with Network World’s Net.Worker Managing Editor  Toni Kistner about his strategy for securing remote workers.

How do you set up your remote workers?

For most, we provide laptops with our standard configuration plus a VPN or Citrix client, depending on their needs. If users live in the area, our technical staff will travel to their homes to set up their systems. For the out-of-town users, we configure the system on-site in Boston and ship it out. If users want to install any additional services, such as a broadband connection, they must inform us prior, so we can oversee the process and speak with Comcast or SBC about some of our issues. Also, twice annually, we review the users’ laptops.

When an employee asks to set up a home net, what do you do?

If it’s a wireless scenario, we’ll help them configure the wireless router. We’ll verify there’s a shared key on it, that 128-bit encryption is enabled – that everything isn’t done by default. Wireless is a security concern for us because we don’t know everything that’s on these laptops, whether it’s corporate or personal information. We’re involved in everything from users’ cell phones to the deployment of all types of products and services.

What is your biggest security concern?

People installing software that can be incompatible with our systems. I’m not personally fond of desktop firewalls, for instance. They rarely work as they are promoted to. Some products are OK, but some could disable the antivirus protection, which is key, because most of our security concerns are on the virus side of things. If the user got hit with a virus and was connected to the network over a VPN, this could affect the firm itself.

But don’t they need a desktop firewall to protect the home network from Internet intrusion?

They might want a firewall to protect personal information, but it makes my job much harder to support them. I’m more concerned about corporate information, which is why we try to keep everything at the office on file servers. But people could have firewalls installed they just haven’t told us about.

What technologies do you require or recommend?

For the home network, remote users can buy whatever they want. But I don’t think 802.11g should be ratified. 802.11b 11M bit/sec is more than enough for any home user. 802.11a is fine if you want to bring in more and more users. So why not just get an access point that supports 802.11a and 802.11b? What do you need 802.11g for?