Policy/Practices for Remote Control/Remote Access to Institutionally Owned Computers

[Jack Rutt <ruttj () EMU EDU>]

For years we have prohibited the use/installation of remote access/remote control programs on our institutionally owned 
computers.  GoToMyPC was one of the first services that prompted us to declare a policy about this kind of service but 
with the onslaught of BYOD the number of these services and the interest that employees have in remote access has 
increased significantly.  Specifically, the convenience of being able to get the near-equivalent of your desktop on an 
iPad is very compelling for these kinds of users.

 

Originally, our concern was with third-party access potential (i.e. was the company behind GoToMyPC really ensuring 
that security best practices were being applied to the connections established through their infrastructure).  This 
concern has been addressed over the years by the service providers but we are still very skeptical about the practice 
of needing to have a computer "listening" for a connection to be established from a remote device over which we have no 
control from an end-point security perspective.

 

The services we have found some users installing include PocketCloud, GoToMyPC, LogMeIn, VNC etc.  Our institutionally 
owned desktop computer users do not have administrative privileges, so they typically do not install the server 
components for these services.  However, laptop users are administrative users because they are often the users who 
have legitimate reasons for administrative privileges - so it is with this group of users where we find the prohibited 
programs.  When we find these programs installed we require that they be uninstalled and remind the user that we do 
provide VPN connectivity and RDP access to a terminal server.  But that does not truly give the user access to the 
computer resources they have on the computer (in most cases a laptop) that they have while working from their desk.

 

My questions:

 

1.       Are we being overly restrictive to prohibit external connections to institutionally owned computers?



2.       Do other institutions typically prohibit the user of remote access programs like GoToMyPC, LogMeIn, 
PocketCloud or others that are essentially VNC products?



3.       Do any institutions permit (condone?) the use of any specific remote access programs and, if so, what policies 
or best practice statements are enforced to accompany these activities?

 

Thanks for any perspectives you can provide.

 

Jack

 

Jack Rutt
Director Information Systems
Eastern Mennonite University, 1200 Park Road, Harrisonburg, VA 22802
540-432-4478 (desk), 540-432-4444 (fax), 540-578-1782 (mobile)