As remote work becomes a standard rather than an exception, the need to secure work-from-anywhere environments is more urgent than ever. In February 2020, many organisations—especially SMEs—began rapidly scaling their remote capabilities. But this shift brought with it a slew of new security risks, most notably endpoint vulnerabilities, VPN overuse, and inconsistent access controls.
Many businesses across New Zealand, including our clients in Taranaki and Waikato, expressed concerns around data exposure through unpatched devices or unsecured home Wi-Fi networks. The challenge wasn’t merely about enabling remote access—it was about doing it securely and sustainably.
Virtual Private Networks (VPNs) were initially the go-to solution. However, legacy VPN architectures quickly revealed scalability and security issues. They often couldn’t support the sudden spike in concurrent users, and the single-point-of-failure model proved too risky. Solutions like split-tunnelling, or moving toward Zero Trust Network Access (ZTNA), emerged as better long-term options.
Home offices rarely meet corporate security standards. This reality made endpoint security the frontline of protection. Strong antivirus software, forced OS patching, and enforcing mobile device management (MDM) policies became non-negotiables. We worked with several clients to rapidly deploy MDM across hundreds of laptops and phones in just a few days.
Additionally, isolating access to internal resources based on user roles and ensuring data was encrypted at rest and in transit were key steps many businesses took during this period.
One of the quiet heroes of a successful remote setup is proper identity management. Implementing MFA (multi-factor authentication) was a quick win for most, while others began investing in IAM platforms that could enforce contextual access policies—like only allowing access from known devices or locations.
Remote doesn’t mean unmonitored. Logging user activity and alerting on unusual behaviours formed the backbone of visibility for IT admins and MSPs alike.
Tools like Microsoft Teams and Google Meet became essential. But with them came data sprawl. Ensuring that chat histories, file shares, and meeting records complied with internal data policies took careful planning. Organisations had to define what was acceptable in terms of sharing, retention, and data sovereignty.