When it comes to home and remote working, as a default many companies implement a VPN strategy in the belief that this a totally secure solution for network security when remote access is required.
Utilized since 1996, VPN or a Virtual Private Network, establishes a private and encrypted connection between the remote computer and the company network, over the internet. VPN is considered by many to be essential for staying safe and secure online. But is this really 100% accurate?
Remote access is the ability to access applications and data inside a company’s network from a remote location, such as home network. But connectivity can be from other open public networks such as a café, a train, an airport or any other place where people work.
Additionally, in companies with a BYOD strategy, known as a Bring Your Own Device, employees are using their own laptops and PC’s to access company networks. These are unmanaged devices and bring in another layer of management- and security risks that have to be mitigated against. VPN can be considered quite an intrusive technology on the PC and needs careful setup and configuration, which can be difficult on unmanaged devices. Especially when you consider a BYOD will have unsupported operating systems, non-approved applications and untested virus protections.
To conclude: VPNs are labour-intensive, don’t leverage user context to make access decisions and can’t keep up with the pace of business. They really are not fit for purpose. This is why many organizations are considering a new approach to network security.
“VPNs are really not fit for purpose”-Hans-Peter, Product Manager at Soliton Systems”
IT security has evolved immensely since 1996, not just the technology but also the strategy. A relatively new concept is the Software Defined Perimeter. This is a security framework designed to micro-segment network access. Or in other words: a Software Defined Perimeter mediates the connection between users and internal applications, without placing the users on the network.
A Software Defined Perimeter is built on two pillars, the first of which is user identity. This means that it is completely designed around the user's identity and its authorization level. The second is zero-trust. This applies the principle of least privilege to the network (need-to-know), reducing the attack surface, while also increasing IT’s visibility into our user activity and applications. With a Software Defined Perimeter, network resources are made inaccessible by default. An authenticated user can only get access to one or more specific services inside the network when explicitly authorized, rather than receiving the broad network access when using a VPN. A Software Defined Perimeter therefore also isolates the company services from the internet, stopping almost all forms of network attacks.
G/On is a Software Defined Perimeter product that has been around for a long time. The technology behind G/On is designed to mitigate against the weaknesses of VPN, while increasing the ease of deployment by the company and the ease-of-use by the employees. It is a truly mobile remote-working solution that has been built form the ground up, with security in mind.
Installed on the company network are one or more G/On-gateway servers and the G/On-management platform. These can be easily scaled up depending on the number of users, or the load.
A G/On-solution has the following properties:
There are several options for the user, but the most secure is a G/On USB device with a mobility smartcard for authorization (this is a type of smartcard that does not require driver support or the installation of software). There are also alternative client options, including a USB Soft token (no smartcard) and the G/On desktop client. The user does not need admin rights on their PC to use G/On, nor do they need to care about the operating system or other applications running – G/On is truly non-intrusive.
When rolling out G/On, the IT team do not need to go through the intense process of having to install and configure the remote device. Using field enrolment, the user simply plugs the device into the USB port, and during the initial sign up process requests the token to be put in their name. And all the IT staff need to do is to decide whether or not to authorise the user. The G/On-gateway enforces policies in real time and permissions can be revoked at any time.
G/On is offering a more secure alternative to VPN that is easier to manage and install that can be supported over a range of different unmanaged remote devices. With ease of installing, scaling up features and its intuitive user interface for users, it prevents unwanted attacks and compromise of data that could be devastating to any company in terms of loss reputation or GDPR fines.
Do you want to know if G/On would be the right fit for you? Leave your details and we will be in touch with you.