Mobility among employees is continuing to grow exponentially, and having secure and easy-to-manage remote access policies is more important than ever. However, there are challenges that present major concerns for companies, such as configuration, equipment compatibility, end-point management, and user education, among others. A centrally managed security framework would eliminate these concerns, ease IT administration's tasks and increase employee productivity. The following are five solutions to common challenges with remote access that companies and IT departments ought to consider when rethinking their remote access.
Technology That Drives Policies
Companies define their current IT policies on the existing infrastructure, which is disjointed from the organization's IT goals. Recently, companies have been implementing BYOPC (Bring Your Own PC) policies, which grant employees complete freedom to use whatever PC or mobile device they wish to use for work - in or out of the office, notebook or netbook, and so on. However, technology is restricting practices and not allowing it to meet the fullest potential.
A universal system that is independent from specific types of devices, operating systems and VPN gateways can empower companies to explore options like BYOPC. Such a system will enable employees to use all standard operating systems such as Windows 7, Windows Vista (32/64 Bit), Linux, Mac, Symbian, Windows Mobile, etc., while having full and secure access to the network. Employees are more productive and less frustrated because they know how to use their own device.
A one-click solution will shorten the amount of time it takes to train an employee. Companies can cut down their IT training because the network security portion is easy. A trouble-free solution will also increase productivity among the office and make employees satisfied because they are eliminating an annoyance.
Not only is connecting to the network easier with a one-click solution, but also making the user interface is simple to understand is important. Employees need to understand their connection and real-time information and not waste time trying to grasp it. Implementing a VPN client with an easy GUI will reduce IT questions and help.
Managing a network is a complicated task for administrators - networks are comprehensive and require a lot of attention and maintenance. As the workforce becomes more dependent on mobile devices, such as, PDAs, laptops, netbooks, etc., the need for remote access becomes even greater; however, managing all of the devices and users can be overwhelming. One way to ease this job is running the administration and configuration through a centralized framework.
Under a central management system, one administrator can easily manage the network and the users who access it. Data is seamlessly imported from existing directory services, such as Microsoft Active Directory or LDAP and applied to an individual's network address. This cuts time and cost down for companies; eases mass rollouts, certificate administration and software distribution; and relieves the setup and maintenance of new employees. Changes with personnel and staff are resolved in real time, the work on the network administration is lessened, and it provides the company with cost saving opportunities.
Arguments for both Virtual Private Networks (VPN) clients, SSL and IPsec, have been an ongoing debate for quite some time now. There is a clear argument for both uses, under different situations; however, one is not more advantageous than the other. Regardless of a user's access, an enterprise solution should support both SSL and IPsec - each is used for particular reasons and it is necessary to consider a user's network access around mobility, productivity and policy needs, rather than limit these with a biased technology choice.
Under certain scenarios, IPsec is better suited, especially for those who are permanent employees, and would like the option to work one-to-one while away from the office. SSL is better suited to external users, like customers and suppliers, who need only sporadic network access. Traditional IPsec can be difficult because of established policies, such as firewall settings, and they are "thick clients;" however, "clientless" SSL only allows for simple tasks, such as e-mail. Companies need to rethink their networks with this hybrid model in mind and support both IPsec and SSL - not either/or.
A hybrid of SSL and IPsec VPN tunneling provides employees with secure external communication in each remote-access environment, with and without VPN client software. Employees can either be fully integrated in a centrally managed IPsec VPN or through a "clientless" company net connection.
Network Access Control (NAC) Feature
Conventional technologies, such as firewalls or intrusion detection, are no longer enough to control threats with. This is especially true as employees continue to adopt mobility trends. NAC features monitor and regulate every single remote access to the company network by identifying each device and checking conformity with company's security policy. Security guidelines and parameters are established according to the company's remote access policy - unknown or suspicious devices, such as devices with expired anti-virus software or an unrecognized PDA, are quarantined if they are deemed not complaint and excluded from the network.
This is an important buffer for organizations, especially for those who have regulatory and compliance rules they have to adhere to. Without NAC, employees whose devices are not compliant will have access to the network and infect it. As the number of remote access users increases, this issue may spiral and cause a bigger problem. NAC features make certain that remote access clients comply with the company's security policy, for example, operating systems are acceptable, required patches are installed, most recent antivirus engines are installed and most recent signature is available. Without NAC, a device could damage an entire network, costing the company additional money and time. Consider this feature with remote access.