KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
[CITRIX] How IT departments can retain control over external IT service providers
1. For They Do Not
Know What They Do
How IT Departments
Can Retain Control
over External IT
Service Providers
with support from
2. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Whenever external IT service providers require access to enterprise systems,
IT managers often get stomachaches. However, IT managers can use the
latest generation of remote support tools to ensure their company’s security
even as they speed issue resolution.
Most IT departments encounter the following
situation. They often rely on external service
providers to maintain company IT. However,
external remote support services often
don’t conform to the necessary security
standards. To save time, IT staff often grant
those external service providers permanent
remote access or they grant access without
performing the required security checks.
More diligent and security-conscious
IT departments may requires the onsite
presence of an internal IT employee to
monitor the external provider’s support steps.
In order for external service providers to access enterprise systems in an
emergency or just to maintain external solutions, companies often utilise the
following approaches to ensure the integrity of their IT systems:
Legal solution:
• Introduction of standard written agreements for all external IT service providers
• Creation of customer-specific contractual agreements that address the external IT service
provider’s specific procedures
Staffing solution:
• Training their own employees on the IT service provider’s systems.
• Principle of dual control: company employees must be present and control all work performed
by external service providers.
• Forgoing of external IT service providers and development of costly in-house solutions
• Trust without the use of control mechanisms or supplemental agreements to service contracts
Technical solution:
• Utilisation of a remote technical support solution that allows for complete documentation and
protects against unauthorised access.
2
3. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Important The legal solution builds on general or service-specific contracts. The principle
benefits of of deterrence applies. The disadvantages: Contracts don’t ensure genuine
GoToAssist security. The more complex a contract is formulated, the more inflexible the
Corporate: support. This can go so far that external service providers are prevented from
performing much needed support services if they’re not governed by contract.
• Easy to use
• Enables
immediate tech
Companies that choose to train their own employees on the systems of external
support to resolve IT service providers relativise the outsourcing advantage and ultimately restrict
issues fast themselves so much that an economically feasible operation is no longer possible.
• Absolutely secure
data transfer
• Permission-based Only the technical solution can offer real security and cost effectiveness. With
usage the right technical solution, only authorised IT service provider staff are allowed
• Ensures that access—and only when authorised by internal staff. The physical location of
support from
employees and service provider staff is irrelevant. The right technical solution
third-party provi-
ders is supervised also documents when external access to sensitive systems occurs and what
and/or authorised tech support steps are taken.
• IT staff can initiate
remote support
from anywhere at
Flexible IT departments rather than rigid on-call times
anytime
Saturday, three o’clock in the morning: a company employee receives an
emergency call on their mobile phone. Rather than travelling to the company,
the employee simply opens their notebook, launches a secure remote support
solution and invites the responsible external IT service provider to join the
session. Quickly and easily from home—without breaking the security chain.
This innovative use of remote support software is by no means a future scenario,
but instead is a current and highly developed practise. The benefits of using such
software, like GoToAssist Corporate, can be summarised in seven points:
1. Increased staff flexibility and availabilty:
IT staff who monitor the external delivery of
support can do so from any location and aren’t
required to be physically present on-site.
Employees can work more flexibly and are
always available when needed.
3
4. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
2. Extensive control of IT service providers
Employees in busy IT departments can simultaneously manage multiple
support sessions, even if they’re hosted at different locations. By recording
support sessions, external IT service providers’ service steps can later
be reproduced.
3. Very quick support response times:
IT staff are extremely flexible, and during an emergency, e.g. a critical
system failure, they can grant external service providers access to internal
systems and supervise support sessions from home, even during
unusual hours.
4. Reduction of outage and follow-up costs
System failures disrupt smooth operations and are responsible for high costs.
Not only do the repairs inflict costs on the company, but also employees may
not be able to complete their tasks because of the technical failures. Indeed,
if lengthy delays occur, contractual penalties could be invoked for late
projects. With a flexible IT department, however, external IT service providers
are no longer dependent on the physical presence of company employees
and fixed office hours. Interruptions can be remedied immediately.
5. Better overview of utilised resources
Modern remote support tools such as GoToAssist Corporate offer tracking
and management functions as standard features. The IT department has a
continuous overview of who is logged on and performing maintenance work.
Solution steps and their duration can be identified at any time.
6. Learning effect as a result of best practises for future service cases
Recorded support cases can be used as best practise cases for similar
events in the future. Follow-up cases can therefore be dealt with more
efficiently. At the same time, a knowledge base is developed.
7. Logging for documentation
Thanks to the integrated recording and logging features, actions can be
ascribed at any time to the responsible persons. Remote support solutions
such as GoToAssist Corporate record exactly which support participant has
performed which steps. Such records can be reviewed later if questions arise.
4
5. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Retaining Control With GoToAssist Corporate
The following describes a typical support
scenario and the steps taken to resovle an IT
issue with the help of the GoToAssist Corporate
remote support solution. It illustrates how
technology solutions can help ensure IT security.
Highest-level security
Using GoToAssist Corporate, it’s easy for IT managers and support staff to
observe compliance policies without having to relinquish the services of service
partners. The GoToAssist Corporate solution keeps track of who accesses
corporate systems via which IP address and who performs actions. This
supervision can also be performed retroactively: a video recording of the remote
support session as well as all logged data are available.
Session recording occurs on the server side and is thus protected from
subsequent modifications and totally tamperproof. The recording cannot be
interrupted and continues until the end of the session, even if a participant
leaves the meeting and returns at a later time.
Management features help corporate IT managers and employees keep track
of things at all times and thus reduce the administrative burden. Authorised
persons can log in to ongoing support sessions at any time and intervene if
necessary. Since all functions are remotely available, locations are irrelevant,
which ensures the desired flexibility.
5
6. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Typical execution of a secure remote support session
The typical execution of a controlled maintenance support session with
GoToAssist Corporate follows these five steps:
Telephone
Internal IT employee External service partner
1 The IT employee receives an emergency call, contacts the external service partner and
explains that urgent maintenance work needs to be performed.
Secure VPN connection,
e.g. via GoToMyPC
GoToAssist Corporate GoToAssist Corporate
connection connection
Internal IT employee Server in Branch A
2 The internal IT employee sets up a VPN connection to the affected server and launches a
support session with GoToAssist Corporate. The location of the affected device is irrelevant. IT
employees can remain at home when they are on call.
6
7. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
GoToAssist Corporate GoToAssist Corporate
connection connection
Server in Branch A
Internal IT employee
External service partner
3 The IT department employee invites the external service provider to participate in the
support session. When sending the invitation, a GoToAssist Corporate list of authorised
accounts is used. The external employee needs to authenticate his or herself with
username and password in order to participate in the session.
GoToAssist Corporate
connection
GoToAssist Corporate
connection
Server in Branch A
GoToAssist Corporate
connection
Internal IT employee
External service partner
4 The internal IT employee provides the external service provider with all the necessary
authorisation that they require for the maintenance work. GoToAssist Corporate begins by
recording and logging all support steps. The internal IT employee can withdraw from the meeting
and perform other duties. Or they can remain in the session to follow the work of the external
service provider, to learn something or possibly to intervene.
7
8. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Server in Branch A
Server in Branch B
Internal IT employee Server in Branch C
External service partner A B C
5 The internal IT employee can view the GoToAssist Corporate overview to see which other
internal or external service staff currently have support sessions open. Since the corporate
employee’s constant presence at a session is not required, they can simultaneously control
multiple sessions. IT staff can access an ongoing session at any time. In case of doubt,
staff can also review the automatically recorded session.
8
9. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Monitoring options with GoToAssist Corporate:
Time-delayed view
GoToAssist dashboard:
Option 3 Live overview of Recording
all external activities and logging
Option 2
Option 1
Server in Branch A
Internal IT employee
Management Centre:
Administration of
user privileges
External service partner
Option 1: The internal employee is in the live GoToAssist Corporate session at the same
time as the service partner.
Option 2: On the GoToAssist Corporate dashboard, the internal employee has an
overview of several external service providers who provide support in the IT
environment. If required, the IT employee can join one of the ongoing sessions
at any time.
Option 3: The internal employee subsequently reviews the records and logs for each step
taken by the external service partner.
For all three options, it is the case that external service partners cannot obtain access unless
they are invited to a support session by an internal IT employee, when they must and can prove
verify their identity. The company’s IT department can specify which actions each external
service partner is allowed to carry out (such as a file transfer) in the user privileges management
section of the Admin BackendManagement Centre in GoToAssist Corporate.
GoToAssist records each support case automatically, also protectsing it from tampering, and
creates a log of all the support actions automatically.
9
10. For They Do Not Know What They Do - How IT Departments Can Retain Control over External IT Service Providers
Conclusion
Complex IT environments and outsourcing of IT services to third parties make it
difficult for IT departments to ensure compliance. New technical remote support
solutions remedy the situation and simultaneously offer employees in the IT
department more flexibility. In order to retain control over their own IT systems,
companies must focus on technical solutions. In many IT departments, complex
“homemade” solutions are often used, but they are inadequate with regard to
technical security.
Professional remote support solutions of the latest generation, such as
GoToAssist Corporate, offer a more flexible workflow for IT support staff in
emergencies, and they guarantee secure and replicable maintenance on remote
computers and servers. Employees can simultaneously supervise several support
sessions with external service providers rather than having to work with them one
at a time. Sophisticated control functions ensure the security of mission critical
data as well as the up-time of distributed computing environments. This increases
efficiency and ensures control of external service providers.
10