Providing secure remote access to enterprise network resources has never been easy. There’s a good reason why VPN has a bad reputation with users and IT alike.
The next generation solution is based on the principles of a Software-Defined Perimeter – providing granular, policy-based access to specific applications or resources, and keeping the rest of the network hidden from view. This approach reduces the attack surface significantly and makes it much easier for IT to define and manage access policies.
The other side of the security equation is the device side. What is the right way to connect the user to the application? There are two approaches – using a VPN client, or using a browser (SSL VPN). The answer to which way is the right way depends on the kind of user, their role, and the type of application they need to access.
The advantage of the browser-based approach is simplicity. There are no clients or agents on the endpoint. The user simply accesses a URL with a menu of applications or network resources to access. Inside the browser window, the user can access web applications, RDP, VNC or SSH. This is a great solution for unmanaged devices used by contractors, partners, prospective customers, or even employees working from a personal device.
You can see what this looks like in this short demo of MetaConnect:
On the other hand, the VPN approach has security and usability benefits that make it the optimal approach for managed devices and trusted users (employees). First of all, every device is authenticated with a certificate. Then, once connected, all traffic is secured – both corporate traffic and internet traffic. This approach is essential for native applications and doesn’t limit employees to working in a browser. As employees spend more and more time working from insecure locations and networks, the importance of moving the focus of security from the office to the device cannot be understated. Some day in the not-too-distant future, employees will connect to the organization with an always-on VPN; so instead of an on-and-off experience, you will be protected all the time.
Here’s a short demo of the always-on VPN experience from the perspective of IT and the end-user: