Remote access

Choose the right remote access vendor where to start and what to look out for

June 2023

Reaching out to vendors is one of the final – and most exciting – steps on your journey towards finding and implementing your ideal remote access solution. Before scoping out the competitive landscape, make sure that you have set the right scene for your buying process. Take the time needed to define the specifications for a solution that is right for your company. To avoid a long list of mindless features, build your specifications on specific use cases and focus on what you want to be able to do. Learn more about building specifications from different angles →

 

How do you start engaging with vendors?

Once there is internal clarification about goals and specifications, you are ready to start engaging with potential vendors. There are many ways to go from shortlisting to selection, typically either through a formal process or dialogue with select vendors. One good way to start is to build an RFP to help guide the process.

 

What are the advantages of building an RFP?

Some companies have a policy to formalize needs and requirements in a need for proposal (RFP). Writing an RFP for potential vendors can be a good way to help identify your needs, generate more competitive bids, and allow you to compare vendors based on set criteria.

Your RFP should communicate your situation, needs, and vision clearly. It should also communicate what you want to achieve and how you wish to do so.

Once your RFP is in place, ask vendors to present and demo their solution during a 1-2 hour meeting. Here, you and your buying committee can ask questions, experience how the solution works, and iron out any misunderstandings.

 

How do you know which solution is the right one?

RFP presentation and demos are a good way to learn more about specific remote access management solutions. However, as these take place in controlled environments, the results come with certain limitations. To evaluate the true match between your company and a chosen remote access management solution, you need to pilot the solution in a unique, live environment with real people, machines, and data through a proof-of-concept (POC).

 

Invite selected vendors for a POC

It is important to be very clear on which vendors to invite for a POC. Keep in mind that with the commitment required from both sides, vendors will sometimes charge for POCs. Once you have chosen which vendor/s to move forward with, follow these steps for the POC:

Initial meeting: Invite the 1-2 vendors that performed the best in the demo round, to a meeting where you can discuss success criteria for the POC

POC implementation: This step should take less than 1 week. If the process drags out, it is not a good sign since this might be an indicator of further delays down the road.

Testing time: Allow 30 days to test the solution so that end users can get an impression of the solution and potential challenges that may arise.

How do you evaluate vendors and select the best fit?

Different remote access vendors provide different solutions, with varying maturity and supported functions. This makes it hard for companies looking for a remote access solution to navigate the different options and identify their best fit. Remote access and cybersecurity are areas that are developing fast, which makes advice and support from trusted partners very valuable.

For a vendor to pass your evaluation, it must be able to deliver on a list of must-have capabilities, now and in the future. When assessing different solutions, one aspect that is often overlooked is the soft factors. This includes your relationship with the vendor and how you see it develop over time.

 

What are the must-have capabilities for vendors?

We have identified six must-have capabilities for remote access management vendors; Ease of use, Security, Configurability, Implementation, Platform Scalability, and Continuous Development. Find explanations of the evaluation criteria for each capability below.

Ease of Use
If the remote access system is difficult to use and employees are not able to grant access right at the needed time, there is a high risk that employees will defer to shadow systems. As a buyer, you need to assess if the user experience fits with the users. Is the interface intuitive? Is the functionality tailored to both technical and administrative roles in your company? If you want non-IT people to be able to manage, maintain, and use the remote access solution, the system must be able to accommodate this.

Security
Any solution with insufficient security is a no-go. With manufacturing being the number one target for cyberattacks – and OT being the main target – cybersecurity readiness is crucial for modern manufacturers. When evaluating systems, make sure the following is offered:

  • End-to-end encryption
  • Access restricted to specific IP endpoints
  • Ability to grant access to a specific person to a specific device at a specific time interval
  • Two-factor authentication
  • Audit trails
  • Role-based account management
  • User authentication that is compliant with corporate IT policies (integration with active directory, MFA, etc.)
  • Certified/audited according to relevant certificates for your company (e.g. IEC62443)

Configurability
Can the solution be configured to your specific needs? Make sure the remote access system accommodates your needs by requesting answers to the following questions:

  • Does the remote access system integrate to your own systems/UI or use vendor interface?
  • Does it host on-premise, on your own cloud/network, or on the vendor’s servers?
  • Is remote access enabled through VPN tunnelling, jump host, or web remote desktop via web browser?
  • Software-only gateway or hardware gateway across the factory floor?
  • What is the hosting flexibility? How about data storage and management?

Implementation
When evaluating the ability of a certain remote access solution to be implemented in your organization, it is important to consider time-to-value. What is the time from initial request to being fully operational? In these considerations, pay extra attention to:

  • Delta from demo/pilot – what is missing?
  • References from peers
  • Willingness to include implementation time in payment terms
  • Load on internal resources
  • Ensuring adoption and follow-up

Platform scalability
Your remote access management solution should be able to scale to new equipment setups without friction. If it does not, you risk escalating costs and complexity in the future. It is a good idea to drive a POC or pilot to test the vendor’s ability to quickly get up and running. Make sure to assess these parameters:

  • Reliance on on-premise equipment – and its cost
  • Analysis requirement and dependencies of pre-existing infrastructure
  • Training requirements
  • Number of providers you need to mobilize to supply hardware, software, and hosting
  • Set-up cost to operating cost ratio
  • Ability to work with legacy equipment

Continuous development
Make sure the solution you choose has longevity. Does the provider show commitment to keep your solution updated to fit the latest cyberattacks and develop its functionality according to your needs?

Remote access is an emerging industry, and the expected developments over the next 5-10 years are enormous. Because of this, you should choose a provider who is likely to keep evolving your solution without jeopardizing the user experience.

Providers who are dedicated to continuous improvement will have more customer feedback, incorporate more global security risks, and stay up to date on changes in regulation and integration needs that reflect your needs.


 

If you’d like to learn more about how a remote access solution can help optimize your operations, download our Buyer’s Guide.

Datenschutz & Cookie-Richtlinie // Kontakt: +45 88 70 86 50 // info@secomea.com
© Secomea 2021, Alle Rechte vorbehalten

NIS2 Compliance Roadmap. Stay secure, stay compliant.

X