Many companies use Virtual Private Networks (VPN) to set up remote access for their employees. However, this is not an optimal solution and comes with risks. There are alternatives to VPNs but first, let's look at the remote access challenges in general.
When companies allow or even encourage employees to use their own devices for work, IT needs to put some protections in place. To do this, IT often turns to restrictive management: Unified Endpoint Management. UEM software allows IT to remotely provision, control and secure desktops and laptops.
But all forms of restrictive management come with downsides. Firstly, it is very cumbersome and costly. On top of that, in the case of BYOD-devices, it invades the user’s privacy.
A simple Google search on “managing unmanaged devices” gives a wealth of information from experts discussing best practices, but once you drill down on their advice, none of it is really solving the issues of personal devices.
How did we get here?
Let's start with why we've ended up managing endpoints. Why is this necessary, if we want to use personal PCs and Macs for business purposes?
Well, the main reason is that for many applications, it is necessary to set up a VPN connection between the remote computer and the company network; otherwise, these applications can't work.
Creating this 'tunnel' into a company network introduces risk. For example, after making a VPN-tunnel, any application on the user's endpoint computer can now communicate through this tunnel to the services inside the company network. This includes applications the company desperately tries to keep out, such as viruses and malware.
Of course, IT looks for solutions that mitigate this risk. But given the fact that the remote PC is not company-owned, installing UEM-software is out of the question. This leaves IT with two choices:
- Pinch down the VPN-connection, which means that IT staff now have to explicitly (and manually) set which connections are allowed and which should be blocked. By doing this, IT effectively solves a problem that it should not have created in the first place. But, when the number of applications grows, this strategy will quickly become complex to manage, which stands in the way of security and scalability.
- Ask the user to install a VPN-client that will block specific activity on the remote computer when the user connects to the company network. IT could, for example, block simultaneous access to the internet. But in many cases, this means the user's PC also disconnects from the home network, leading to all sorts of problems. This strategy is certainly not very user friendly, and often the reason that users do not want to use VPNs at all.
There are more downsides to VPNs that also apply, but are often overlooked:
- VPNs open up a lot of so-called attack vectors, which allows hackers to get into the company network through the user's PC or Mac.
- VPNs have no integrated 2-factor authentication, which really should be added to make things more secure.
- VPNs do not supply the client software that the user needs for the solution to work. Or in other words: the user now has the necessary network connection, but still lacks the application. Of course, IT can ask the user to also install that application on the personal computer, but not all users want to install work applications on their home device.
In summary, setting up VPNs for personal devices to connect to a company network should be avoided if possible.
An alternative solution: Soliton G/On
There is an alternative remote working solution that strikes a balance between control for the organisation and user privacy. It's called Soliton G/On.
G/On is an intelligent proxy that works on behalf of the organisation. Instead of connecting the remote computer to the company network using a VPN, G/On can transfer information back and forth to the remote PC on behalf of the company network without establishing a network connection.
One of the main benefits is the remote PC is completely separated from the company network, so there is less of a need to control the endpoint. Even better, G/On mitigates all other remote access risks to a minimum level at the same time.
- Built-in strong 2-factor user authentication
- No overly broad access for remote users to the company network: zero trust
- No need to manage endpoints
- Quickly scalable to enormous proportions if needed by adding G/On Gateway services
- Built-in load balancing: no need for external load balancing tools
- Built-in distribution mechanism for software components, which allows IT to control the software that is used on the client-side
- By deploying G/On, organisations can leverage the use of personal PCs and Macs, while protecting their sensitive data and without compromising user privacy!
Users also like G/On, because it does not require the installation of any software components on their device and because it is very intuitive to use.
Users also like:
- The mobility of G/On, because they can start the client from any device without issues
- The speed, because G/On connections are set up in seconds
- The stability of the G/On connections