6 Steps to Roll Out a Secure Remote Access Strategy


Many organizations are facing new challenges as a result of the current reality. Given this, it’s important to make sure they have the tools and resources they need to maintain business and operational continuity. In many circumstances, secure remote access built around a remote access VPN solution is just the start. CDW and Fortinet can help customers build an effective, quick-turn solution at little to no cost that can also be easily augmented over the next few weeks and months as they settle into this new environment.

Remote access checklist: How to ensure you’re ready

1.Endpoint Security

Did you know that the FortiClient can be downloaded for free? It provides a VPN client to ensure that work from home traffic remains secure and can be managed using the FortiClient Enterprise Management Server to enable the centralized management of multiple endpoints at scale.

For organizations looking for an even more robust endpoint security solution, FortiEDR provides advanced, real-time threat protection for endpoints both pre- and post-infection. In addition to robust anti-virus technologies installed at the kernel to detect and prevent malware infection, it can also respond to device breaches in real-time by detecting and defusing potential threats before they have the chance to compromise the system. With the addition of customizable playbooks, FortiEDR can also automate a variety of response and remediation procedures. 


Your existing FortiGate solutions already combine VPN termination services with high scalability due to their custom security processors – which means you may already have a scalable VPN work from home solution in place. In addition, the FortiClient can share the security state of endpoint devices when making a VPN connection so you can establish and maintain clear visibility over your remote access environment.

Fortunately, FortiToken and FortiAuthenticator are both available as software downloads, so organizations can quickly deploy things like multifactor authentication and single sign-on.

While VPN connections can be run and managed independently, organizations with large numbers of remote workers may want to consider the addition of a FortiClient EMS (Enterprise Management Server) solution. An EMS solution can securely and automatically share information between FortiClient and the network, push out software updates and assign security profiles to endpoints. Your understanding of network and organizational capabilities will be invaluable in assessing which of these tools will simplify management and reduce overhead.

3.Access to Cloud Applications

Driving all traffic through a VPN tunnel can actually have a doubling impact on network traffic. In addition to all of the remote access workers connecting into the network, the network will also need to manage all of the outbound connections to the cloud services those users require for their jobs. Fortunately, FortiClient can be configured to support split-tunneling so outbound traffic can be connected directly to the internet and SaaS services.

However, since this traffic will not be run through the organization’s edge security solutions, these direct connections will require a cloud-based security solution. FortiCASB is a cloud-native Cloud Access Security Broker (CASB) subscription service that is designed to provide visibility, compliance, data security and threat protection for access to SaaS and other cloud-based services being used by an organization.

4. Network Access Control

Two ways that cybercriminals intend to exploit this rapid transition to a work from home strategy are masquerading as a legitimate corporate end user or IoT device, or hijacking a legitimate device. Network Access Control tools like FortiNAC can see and identify everything connected to the network, as well as control those devices and users, including dynamic, automated responses. FortiNAC enables IT teams to see every device and user as they join the network, combined with the ability to limit where devices can go on the network and automatically react to devices that fall out of policy within seconds.

5.Network Segmentation

Once a user has been authenticated, and devices have been provided remote access based on policy, it is critical to manage their access to networked resources. Not only will many users be new to working from home, but some of the applications and other resources they need access to will be accessed remotely for the first time. Network segmentation ensures that devices, users, workflows and applications can be isolated to prevent unauthorized access and data loss, as well as to limit exposure if a cybercriminal manages to breach the network perimeter. Segmentation can occur at the network perimeter using the FortiGate NGFW, or further enhanced using the FortiGate ISFW internal segmentation firewall.

6.Zero-Trust Network Access

The best angle from which to consider network security is to assume that every user and device has already been compromised. Combining all of the solutions outlined here enables organizations to ensure that devices and users are limited to the network resources they require to do their job, and nothing more, from the moment of access.

Remote access solutions from Fortinet and CDW

Many Fortinet customers already have all of the tools in place they need to transition to a secure remote access strategy at zero cost. They may simply need help in configuring devices to best accommodate new network traffic patterns and access points, or guidance in best practices. For example, IT teams can create a simple step-by-step email that walks employees through the process of downloading and installing their FortiClient solution and configuring it to connect to the corporate network. They may also want to stress-test their network to ensure they can handle the load created by a sudden increase in remote workers all seeking network access at the same time.

While many of the tools discussed in this blog may already be in place, additional technologies may be needed to provide a complete solution or to reduce overhead by simplifying a process, enabling resources to remain focused on more critical issues. By consulting with the IT and security teams and using the six steps outlined above as a guide, CDW can help ensure our customers remain secure while they adjust to a new remote access business model. Learn more about how to maintain business continuity through broad, integrated and automated Fortinet Teleworker Solutions by visiting CDW.ca/Fortinet