Secure Remote Access

Introduction

Today, employees are used to gaining instant access to their data via multiple methods but access to core corporate resources such as email, CRM, files store and even Virtual Desktop Infrastructures (VDI) must remain secured, controlled and monitored whilst remaining flexible. Network administrators need to know what types of devices are accessing these resources, who is accessing them and from where so that appropriate measures can be put in place for securing the data within the infrastructure.

Flexibility is key and legacy remote access systems using IPsec clients for the most part remain inflexible for a number of reasons. Whilst they have come a long way, they remain difficult to roll out on a large scale, hard to manage and update, and don’t offer enough variety for the different types of operating systems and devices available in today’s world.

SSL remote access solutions have become a major part in how businesses deploy secure remote access as these systems provides users with the ability to connect to corporate resources and run applications within a web browser or via a secure tunnel from almost any device with little involvement from IT. The SSL remote access systems are also able to provide granularity and add an extra layer of security to the VPN where it didn’t exist before. With the ability to understand the user, the status of the connecting device and even the type of device, simple roles and rules can be applied limiting or granting access to resources. For example smartphones will have no requirement to browse file stores but a laptop will need this. Based on a simple user lookup and device posture checking these policies can be created and applied automatically.

Important considerations

Usability

Users now demand and expect connectivity from almost any device they have access to, such as a tablet, smartphone or even a home PC. For a user, the ability to open a web browser from any of these devices and be provided a secure portal allowing access to any number of corporate applications is invaluable.
 
Users don’t want to be restricted or even dependant on an IT department to simply gain remote access to resources to do their job. Having the ability to connect to the network and access resources via a web browser or application, whether this be at an airport Internet café, a home PC or smartphone means employees are more productive wherever their location.
 
Upgrading traditional IPSEC clients can be a headache for the user and IT departments – an upgrade can in some cases result in a visit to the IT department. For mobile or home workers this isn’t always possible. Therefore a solution should be able to update seamlessly without involvement from IT releasing them to concentrate on more pressing issues.

Flexibility

One of the many key advantages of using SSL as the medium for a remote access system is their ability to suit almost any requirement. For example, a business’ CRM system might be maintained by an IT contractor or third party, whose offices may be in a different part of the country or a different country altogether, with an SSL VPN solution access can be provided to multiple or individual users to only the CRM server quickly and easily without the need to install custom/preconfigured software packages.

User and Device Identification

A remote access solution needs to understand what access rights a user has on the corporate network. The first step is to understand who a user is and what group memberships they have via their authentication credentials.
 
The second step is to understand the device that the user is connecting from and have the ability to posture check it to determine the current state. Once this information is understood a user can be dynamically assigned access to their required resources. A user logging in from a corporate device such as a fully patched corporate laptop, running up-to-date AV software can be given full VPN access. If the same valid user logs in from an internet café – an untrusted public device - then only web applications such as webmail and Intranet pages could be accessible.

Scalability

A remote access solution must meet today’s needs and be scalable enough to meet future requirements, whether this is for an increased number of users, disaster recovery or the ability to provide additional features such WAN optimisation, web conferencing or access to new applications.

One of the major benefits of an SSL based solution is that remote access can be rolled out in an instant. In the event of an emergency such as adverse weather conditions which could impact employees commuting the solution should be able to adapt to these changes quickly. Users can be added seamlessly and new resources can be quickly deployed in a central location without the need to update endpoint software.AuthenticationOne of the main advantages of an SSL solution is the ability to be accessed from any location without the need for a pre-configured client. This means that the ability to authenticate the user (and device) is more important than ever.

Two factor authentication provides an extra layer of security over and above the static username and password ensuring that a user’s credentials are not cached or compromised because of its dynamic nature. This can ease the IT department when users log in from less secure locations such as an Internet café.

Summary

Deploying a VPN solution is never a small task. There are many elements to consider, with the influx of ’always’ connected devices and user’s expectationscomplicating things even further.

If you can authenticate the user, posture check the device and ensure strong levels of encryption are used for communication then security needs can be met. In addition if you are able to apply roles and policies to a different device or devices connecting from locations then you are in an even stronger position to ensure that only the correct resources are available to the correct users and devices.

Useful links

Remote Access Solutions
Affinity Managed Services for Remote Access