In the early days of remote employees gaining access to company systems, the virtual private network (VPN) was the key to unlocking hours of improved productivity and eliminating the need for field employees to set aside office days. Now the remote workforce has made way to a more fluid concept, in which enterprises may soon find that the majority of their staff is somewhat mobile. It may be time to consider a VPN replacement.
A VPN allowed workers to gain access to systems from anywhere, as long as they had a connected device and a login. What became a challenge was knowing exactly who was using that access. Once a user had logged in successfully, they essentially could go anywhere in the network. Enterprises soon found that they weren’t sure who was accessing their systems. The perimeter-based approach of VPN security meant that a user might have a barrier to entry, but once they were in, they could access the systems.
Working remotely: Enterprises know there is substantial value in creating a workplace in which employees have access to flexible workspaces and hours, with the tools they need to collaborate on projects. Workers need to be able to share workspaces or participate in file sharing while working from home or on the road, just as if they were in the office.
The tradeoff with this flexibility is the addition of endpoints that represent vulnerabilities for the enterprise and having to maintain a virtual private network (VPN). Not only are company-issued laptops and mobile devices involved, but enterprises generally can’t account for all the personal devices that are used to access the network. As a result, they are unable to adequately monitor updates or security threats. From operating systems to plug-ins and updated software, these personal devices introduce multiple layers of security issues for the enterprise.
User-based application access: A VPN replacement that no longer works on a perimeter-only basis makes a lot of sense for enterprises struggling to oversee the flood of devices accessing the network. With this approach, users are given access only to the applications they require to do their jobs, not a blanket approach based on permission to log on to the network.
This solution would dramatically reduce the risk to the network by limiting the number of users that have complete access. It also provides IT with a higher level of control by establishing policies about which users can access particular applications, and in which conditions. Administrators would also have the ability to block users based on geographical location so that if an employee that consistently works in Alabama is suddenly trying to access the system from South America, the user log-in would be denied.
Creating a VPN replacement does not require the elimination of the perimeter approach to security. It simply adds another layer of protection by limiting access based on user role. Contact us at SimpleWAN to learn more about how to best secure your network.