24 March 2020

Supporting our customers: IRM is remote and ready

IRM is aware that many organisations are concerned about maintaining their regular testing regimes in this time of uncertainty. That’s why we want to reassure our network that IRM is remote and ready in order to support you.


IRM is committed to delivering premium services which adhere and exceed national standards of management, process and security under any circumstances possible.

As the development of all technology and networking advances, businesses are enabled more than ever to streamline delivery of services; especially services regarding IT infrastructure, configuration, development and testing.

What are we doing to help you?

IRM has developed a solution enabling security testing, consulting, and assessment of on-site data centre servers and office based workstations to be delivered wholly without the requirement of a consultant attending a customer location. Testers are remotely connected to a testing platform and are able to work effectively to uphold IRM’s standard of thorough, efficient and secure testing to the utmost quality. It is the same technology that IRM uses when remotely assessing cloud IT infrastructures such as Amazon Web Services and Microsoft’s Azure where a site visit would not be possible.

Emerging trends are being identified as moving towards remote and home-based working. Previously, such remote production was exclusively for organisations who have invested in preparation and support for such circumstances. IRM has developed its bespoke solution to ensure that we can support any additional requirements for remote assessment, testing and consulting. In turn, this enables an uncompromised approach to continuity of services during traditionally disruptive circumstances.

How do we conduct work remotely?

We have built configuration templates for the most common deployment configurations and can assist our customers to deploy the most appropriate design for their environment in a timely manner.

Essentially, a secure tunnel is created between IRM and the remote testing device, from which consultants are able to interact with penetration testing tools to conduct an assessment (as if they were located physically within the target organisation).

Remote Working IRM

Is it secure?

Yes. IRM employs SSH tunnels to provide a secure connection between the client and IRM consultants. The SSH tunnel helps to ensure the confidentiality and integrity of data is upheld throughout the testing process. Once a tunnel has been successfully established IRM consultants will be able to connect to the remote testing device and then onward to the client network.

At no point are the networks directly bridged to allow arbitrary connections, only the minimum required connectivity is configured.

IRM’s remote testing solution will provide the ability to conduct internal infrastructure security assessments entirely remotely without any compromise, ensuring the same service without putting client or consultant at any increased risk.

  • Traffic is encrypted preventing interception
  • Testing will only be carried out during agreed testing times
  • Key pairs will be used to ensure secure authentication preventing man in the middle attacks
  • Encryption tunnels will be used to ensure security for data in-transit
  • Full disk encryption will be used to ensure data is stored securely
  • Data at-rest will be uniquely encrypted to provide layered, in-depth security.

How can it be deployed?

Through early engagement with IRM, we can assist you with consultants who have worked in enterprise IT support and cloud architecture to correctly deploy a virtual machine within your environment ahead of time. IRM has expertise within the following environments:

  • Virtual Machine on Hyper-V or VMware
  • Amazon Web Services EC2 Instance
  • Microsoft Azure
  • Bare metal deployment to a laptop or server

At the end of testing, the bridgehead server and the device within the customer environment will be decommissioned. As the bridgehead is fully encrypted, there will remain no customer data on any intermediary devices.

To summarise

IRM is well-versed in carrying out remote assessments. There are often engagements where we are not allowed on-site access and so this means we have fully-tested remote solutions to ensure we can continue to support organisations looking for security assessments. Carrying out an internal security assessment remotely provides numerous advantages such as:

  • No travel expenses to be paid
  • Assessments can be conducted in difficult to access remote locations, or multiple remote sites simultaneously
  • Business as usual can continue despite health concerns from the transmission of COVID-19
  • Work can be done straight away, no waiting for travel
  • Identical service provided as if we were delivering on-site

If you have any questions about how IRM will conduct our technical consultancy work, please contact us via hello@irmsecurity.com