When it comes to home and remote working, as a default many companies implement a VPN strategy in the belief that this a totally secure solution for network security when remote access is required.
Utilized since 1996, VPN or a Virtual Private Network, establishes a private and encrypted connection between the remote computer and the company network, over the internet. VPN is considered by many to be essential for staying safe and secure online. But is this really 100% accurate?
Remote access is the ability to access applications and data inside a company’s network from a remote location, such as home network. But connectivity can be from other open public networks such as a café, a train, an airport or any other place where people work.
Additionally, in companies with a BYOD strategy, known as a Bring Your Own Device, employees are using their own laptops and PC’s to access company networks. These are unmanaged devices and bring in another layer of management- and security risks that have to be mitigated against. VPN can be considered quite an intrusive technology on the PC and needs careful setup and configuration, which can be difficult on unmanaged devices. Especially when you consider a BYOD will have unsupported operating systems, non-approved applications and untested virus protections.
So what is wrong with the trusted and proven VPN?
- They require configuration on the endpoint computer, which is not always allowed and can be risky
- Because of this, they are considered to be 'intrusive' to the endpoint, this means they are not suitable for BYOD-situations, nor mobile
- They do not have built-in two-factor authentication, this has to be added
- They enable network access in an all-or-nothing fashion: authenticated users get broad network access, increasing the attack surface area and allowing viruses and malware to spread from the endpoint computer to the company network
- They should contain additional components to be 'complete', such as a deep inspection firewall and sometimes network load balancers, which makes them complex to manage and less scalable
To conclude: VPNs are labour-intensive, don’t leverage user context to make access decisions and can’t keep up with the pace of business. They really are not fit for purpose. This is why many organizations are considering a new approach to network security.
“VPNs are really not fit for purpose”-Hans-Peter, Product Manager at Soliton Systems”
Alternative solutions to VPN
IT security has evolved immensely since 1996, not just the technology but also the strategy. A relatively new concept is the Software Defined Perimeter. This is a security framework designed to micro-segment network access. Or in other words: a Software Defined Perimeter mediates the connection between users and internal applications, without placing the users on the network.
A Software Defined Perimeter is built on two pillars, the first of which is user identity. This means that it is completely designed around the user's identity and its authorization level. The second is zero-trust. This applies the principle of least privilege to the network (need-to-know), reducing the attack surface, while also increasing IT’s visibility into our user activity and applications. With a Software Defined Perimeter, network resources are made inaccessible by default. An authenticated user can only get access to one or more specific services inside the network when explicitly authorized, rather than receiving the broad network access when using a VPN. A Software Defined Perimeter therefore also isolates the company services from the internet, stopping almost all forms of network attacks.
G/On – the secure solution for mobile workers
G/On is a Software Defined Perimeter product that has been around for a long time. The technology behind G/On is designed to mitigate against the weaknesses of VPN, while increasing the ease of deployment by the company and the ease-of-use by the employees. It is a truly mobile remote-working solution that has been built form the ground up, with security in mind.
Installed on the company network are one or more G/On-gateway servers and the G/On-management platform. These can be easily scaled up depending on the number of users, or the load.
A G/On-solution has the following properties:
- Does not need installation on- or change of configuration of the remote pPC
- Is non-intrusive, this is especially important in BYOD-situations
- Has built-in two-factor authentication
- Only connect authorized applications on the user's computer to services in the network when explicitly allowed (zero-trust)
- Isolate the remote computer from the company network, preventing viruses and malware to spread
- Is an extremely scalable solution that is easy to deploy, and automatically load balances over multiple internet lines, if required
Secure by design
There are several options for the user, but the most secure is a G/On USB device with a mobility smartcard for authorization (this is a type of smartcard that does not require driver support or the installation of software). There are also alternative client options, including a USB Soft token (no smartcard) and the G/On desktop client. The user does not need admin rights on their PC to use G/On, nor do they need to care about the operating system or other applications running – G/On is truly non-intrusive.
When rolling out G/On, the IT team do not need to go through the intense process of having to install and configure the remote device. Using field enrolment, the user simply plugs the device into the USB port, and during the initial sign up process requests the token to be put in their name. And all the IT staff need to do is to decide whether or not to authorise the user. The G/On-gateway enforces policies in real time and permissions can be revoked at any time.
G/On is offering a more secure alternative to VPN that is easier to manage and install that can be supported over a range of different unmanaged remote devices. With ease of installing, scaling up features and its intuitive user interface for users, it prevents unwanted attacks and compromise of data that could be devastating to any company in terms of loss reputation or GDPR fines.
Do you want to know if G/On would be the right fit for you? Leave your details and we will be in touch with you.