How would you design a secure remote access architecture for a globally distributed workforce operating in high-risk regions?