Telecommuting, by definition, puts corporate data onto external networks, and, unless your company has limitless money to install leased lines to every employee's home, that means public networks: the Internet.
How much protection does the data need? It depends, of course, on the company and the value of the data. Some companies might need to transfer valuable trade secrets, or highly confidential personal information. However, without exception, the most valuable data being transferred is the authentication information. In reality, listening to one interesting session in the sea of the Internet is technically difficult, and waiting for the victim to transfer the desired information could be frustrating. If the attacker can capture the victim's user id and password, then far more possibilities open up. The attacker can login and request the desired data directly, or modify it, or delete it, at will. Therefore, the authentication information must be encrypted in transit.
Conceptually, the simplest method of providing the encrypted connection is a VPN, it works at the network layer, all communications between the endpoints is automatically encrypted and theoretically the home workers have the same access as from their office desktops. This is theoretical because the office probably has a 100Mbit or faster LAN, but the external link is much slower and easily overwhelmed by a few telecommuting broadband users. It may therefore be appropriate to force the users to think a bit more, transfer files only when needed and save work in progress on the local disc.
Encryption at the application layer, such as SSL and SSH, is easy to set up and can provide encrypted connections for selected services. SSL, of course, is well known for access to secure websites. Most browsers and web servers include support for it, and it would be the obvious choice for making an Intranet server accessible to teleworkers. SSH, short for Secure SHell, is usually thought of as a secure replacement for insecure Unix services like rlogin, rsh, and rcp but any TCP connection can be tunnelled through it and sftp provides easy file transfer. There are also clients and servers available for Windows. So SSH can provide flexible encrypted connections for many purposes. Need to access the corporate email? Then tunnel POP or IMAP through SSH. Features like public key authentication and the ability to specify an application to launch when the connection is established can make the process of connecting as simple as clicking on an icon for the user. File transfers are simple with a drag-and-drop user interface.
For stronger authentication, SSH can be used with smartcards including Aladdin's eToken.
Evaluate your requirements and choose the encryption option for your teleworkers that meets your needs and budget.
Contact us for more information on security and teleworking.