 |
|
General Information
|
February 29, 2008
• Vol.30 Issue 9
Page(s) 28 in print issue
|
Provide VPN Access For Your SME
|
As organizations spread out and become more mobile,
secure network connectivity offers even the smallest SME strategic advantages and
cost savings. Therefore, a VPN can play an important role in providing secure, effective
communication.
VPN is a communications security technology
to provide private and secure access to corporate network applications, data, and
other resources. Setting up a VPN does require some amount of forethought. Here
are some tips to get you started.
 Get Backing From The Management Team
Lance Geeck, IT manager at Advisys (formerly
Kettley; www.advisys.com), says before you do anything else, make sure your company’s
executives are on board so they will fund the project. “Often, executive management
has so many different priorities vying for funding that they may have trouble seeing
the benefits of VPN technologies vs. all the other competing projects,” he
says.
Granted, some companies may
not need to spend the money on VPN access, Geeck notes. But at least in his experience,
VPN access offers improved productivity, an aspect that tends to please the average
executive. “If you have salespeople traveling, the value is immediately apparent
and easy to sell,” Geeck says. “While the sales representative is waiting
at the airport, they are responding to their email, writing and submitting proposals,
checking on product status, and are generally in better contact with the company
and their customers.”
Geeck says that VPN access
has improved cost savings and overall employee productivity. “We needed to
bring on additional contractors for a big development push. Since the headcount
outnumbered our offices, we set them up with VPN access, and they worked offsite,”
says Geeck. In addition, all Advisys’ executives use VPN connections and can
put in little bits and pieces of work without having to drive into the office or
significantly disrupt their family lives, which can be valuable during the crunch
times.
Create A Corporate Security Policy
Chris Witeck, director of product marketing
at SonicWALL (www.sonicwall.com), says that before you can deploy VPN technology,
you must define your organization’s access security policy in writing. According
to Witeck, you want to create one set of policies for managed devices, such as company-owned
laptops, and a separate set for unmanaged devices, such as home networks for remote
workers. The latter group has greater inherent risk factors because IT does not
directly oversee it.
Witeck says that your policy
must define degrees of access based on a user’s role in the organization because
he finds it easier to consider a security policy in terms of employee function rather
than for individual users or groups. “Users’ roles will directly affect
the level of access they should have, the specific resources they should be able
to access, and the security requirements for authorizing access, both for them and
their wireless devices,” Witeck says. “Once defined, make sure your access
security policy is understood by all internal employee and third-party wireless
users.”
Enable Seamless Roaming
You should consider making use of Wi-Fi
and wide-area cellular so that your employees may seamlessly roam between them,
says John Knopf, director of product management at mobile network software provider
NetMotion Wireless (www.netmotionwireless.com). “In a typical scenario today,
workers must manually switch their connection and then re-authenticate or re-log
in to applications. Continuous and hands-free connectivity enables mobile workers
to focus on their jobs, not the technology,” Knopf says.
This route allows you to create
unique policies for different networks. “By deploying a mobile VPN, you can
enable workers to seamlessly transition between the fastest available or most cost-effective
network without manual intervention and also monitor devices, such as laptops and
PDAs, from a central location, regardless of network,” says Knopf.
At the same time, set up site-to-site
VPNs between remote offices instead of a series of individual networks, says Advisys’
Geeck. This will reduce the initial costs for setting up the system and save on
maintenance.
“Doing site-to-site allows
each of the remote offices to be part of the same corporate intranet with access
to the same resources,” says Geeck. He explains that a site-to-site VPN requires
that the remote office have a network installed and high-speed Internet. The systems
administrator sets up the VPN client for the remote office and configures that hardware
to allow the secure communications to and from the main office.
Safeguard Data-At-Rest
According to Witeck, data-at-rest refers
to the information physically residing on a device, even when the device is not
connected to the network, such as when an employee takes a laptop home. “For
managed devices, make sure the device is lockable and deploy a suitable solution
that requires the user to authenticate,” Witeck says, adding that you should
consider implementing appropriate encryption software on each device, as well.
Witeck recommends access control
policies that specifically restrict sensitive data types, such as Social Security
or credit card database information, from being downloaded to an unmanaged device.
You might achieve this by limiting sensitive information to read-only status or
by applying a terminal services or virtual desktop approach, such as Windows Terminal
Services over Citrix.
“You should also mandate
what data-at-rest security applications must be resident on a particular endpoint
device type in order to permit access,” Witeck says. 
by Robyn Weisman
BEST TIP: Confirm Identity & Integrity Of Access Devices
Chris Witeck, director of product marketing at secure networking provider SonicWALL (www.sonicwall.com),
points out that a compromised device is insecure even if its user is valid; therefore,
your system must be able to authenticate that the device meets your established
security policy requirements.
“For example, you might require that the solution
checks the device to confirm it has recently run a current-version antivirus software
scan or that it contains a currently valid corporate device certificate,” Witeck
says. “The endpoint control features found in certain NAC and SSL VPN solutions
can be successfully applied to these requirements.”
|
BEST RETURN ON INVESTMENT: Choose Your Vendors Wisely
Lance Geeck, IT manager
at Advisys (formerly Kettley; www.advisys.com), offers this tip based on first-hand
experience. “Make sure your system is secure by working with top-tier VPN vendors.
The top-line vendors will provide VPN and firewalls that are secure and are constantly
improving the level of security and services that they are offering,” he says.
“Going with the lesser brands, you will find they are slower to respond to
new threats that may be introduced.”
According to Geeck, VPN and firewalls work hand-in-hand,
making it important to check out firewall information when drafting your VPN implementation.
Fortunately, VPN and firewall vendors are intensely competitive, which drives service,
performance, and innovation. Geeck recommends leveraging the Internet when researching
to find the best combination of features, services, support, price, and corporate
stability.
Geeck adds that top vendors push out patches regularly
to improve VPN protection and that these patches rarely disrupt your VPN networks.
But whatever you do, make sure to check with your chosen vendor that the annual
maintenance contract it offers covers support troubleshooting. “This can be
invaluable if you come across a difficult problem. If not, it could cost you thousands
of dollars to resolve an issue,” Geeck says.
|
BONUS TIPS
Pick one solution for enforcing
your remote access policy across all users and device types. Chris Witeck, director
of product marketing at SonicWALL (www.sonicwall.com), warns that maintaining different
solutions for employees and partners or smartphones and laptops can lead to policy
conflicts between them. Therefore, Witeck recommends that you centralize deployment,
administration, and policy by using a single remote-access solution. A single solution
will ease IT overhead and reduce the TCO, Witeck says.
Take advantage of early adopters in your organization.
Lance Geeck, IT manager at Advisys (formerly Kettley; www.advisys.com), says
early adopters will drive your VPN project to success because they have the patience
to learn the technology, learn it faster than most people, and provide support to
your less technologically capable users. “Early adopters will start figuring
out how best to use VPN to their advantage, so be sure to communicate with them
and incorporate their findings into your training program,” says Geeck.
Moreover, Geeck says early adopters will spread the
word about how cool it is to access the corporate network from home, the car, or
the train, adding that their excitement is contagious. “The word will spread
organically at this point, helping to sell the rest of the user community on the
concept,” Geeck says.
|
Copyright © 2012 Sandhills Publishing Company U.S.A. All rights reserved.
|
|
