VPNs encrypt your sensitive traffic and require strong authentication, providing safe remote access. VPNs are also easy to aquire and use. The technology is mature, it's integrated into your firewall or unified threat management (UTM) platform and it works relatively hassle-free.
Over the past few years, there has been a migration from IP Security VPNs to Secure Sockets Layer (SSL) VPNs because SSL VPNs don't require a specific client on the end device. That makes deployment a bit easier, but the user experience (once configured) is roughly the same. More organizations are using VPN technology to connect their remote sites and using inexpensive Internet bandwidth. This allows small and medium-sized businesses (SMBs) to adopt the technology more readily.
Wireless networks within your building
I've seen a trend toward turning off the wired ports in most conference rooms and requiring use of the wireless. This ensures that misconfigured network ports don't allow a free pass onto the internal network.
The deployment model is similar to guest access in that all traffic on the wireless network is run through the VPN concentrator. Many UTM vendors are starting to provide integrated Wi-Fi access points in their platform. This makes a lot of sense because by definition all traffic would be routed through a VPN, providing encryption and authentication.
Points of caution
So what's the catch? Aside from the cost of installing a few more boxes depending on traffic volumes, there isn't one. And with the price of access points and VPN concentrators continuing to come down, this is becoming less of an issue.
There is one area of caution that bears mention. I don't recommend organizations encrypt traffic on their internal networks. Not even between sensitive applications. Why? Encrypted data cannot be scanned and monitored for private data leakage or virus/worm proliferation.
Given the increasing scrutiny of regulations, even for SMBs, an organization must be able to inspect data as it travels through the network -- before it is ultimately sent out into the harsh world -- to ensure compliance.
But for providing access to your internal networks from outside your facility, conference rooms or over public wireless networks, you can't beat the security and convenience of VPN technology.
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Get more information about The Pragmatic CSO at www.pragmaticcso.com, read his blog at http://blog.securityincite.com, or reach him via email at mike.rothman (at) securityincite (dot) com.
