Image by Gerd Altmann from Pixabay
So lately, many companies don’t want to allow remote access for outside consultants to access their systems to complete work they’ve been hired to do. Some say, “VPN ok, but no RDP, no jump box”, most say, “Screen share only”, with many saying, “Screenshare and we drive, you just provide guidance…” It is getting harder for consultants, who do not live in the geo the client lives in, or, as most of us, have multiple concurrent projects that prevents us from traveling for one client, to efficiently complete projects of this type. We call that “Over The Shoulder Surfing.” Not something remote consultants cherish, but have to put up with constantly.
Consultants often find this out, after the ink is already dry on the proposal and contract.
Now, that 100-hour estimate, just became 150 hours to provide the required time to work remotely with 100% supervision. This of course then causes a new issue, which is that the consultant did not include hours in their proposal to cover this, and the client does not wish to pay for those extra hours. It puts us in a tough position.
Screensharing literally becomes KT – Knowledge Transfer, and places consultants in an awkward position, where they are forced to give away their knowledge and method of operation. Basically, their bread-and-butter skills.
So, what can the consultant do?
1. Let this issue be part of the conversation early on, and make sure to include language (and the extra hours) in your proposal.
2. If your methods are secret, and set you apart from other consultants in the same field, you may have to forgo these types of projects so that you can keep your process proprietary.
What can the client do?
1. Require a background check the consultant to ensure you have a trustworthy resource
2. Utilize secured remote and delegated access such as BeyondTrust or ScreenConnect
3. Utilize a VPN with MFA, allow RDP but lockdown with security group access to ensure consultant is only in a group that is allowed access to the required machines
4. Use a combination of any/all of the above along with access to only a single jump server from the VPN, and then IP/Machine restricted access to the other servers required
5. Utilize secured remote access via Citrix, Omnissa (VMware View) or similar technology, to only machines required. The best part, you can fully lock down the consultants connection so that he/she can only have screen, keyboard and mouse traffic transverse their connection. No file transfer, no USB, no other remotely attached peripherals.
6. Ensure to work with a trusted consultant and/or partner to start with
If you don’t trust your consultant enough to give him/her the remote access they need to complete your projects, maybe you need to find another consultant.
- Log in to post comments
- 12 reads