Remote users are a real challenge to embrace and secure within a corporate network. Can we really extend the internal network into an untrusted or unknown personal residence? There are the details of managed or unmanaged devices on a managed or unmanaged network and what that means from a security perspective. Couple that along with the concerns of lost devices and more and more PDAs and other devices like the Apple iPad, and things can be downright confusing and concerning.
Traditional IPSec clients were always the preference for dealing with remote endpoints which were either desktops or laptops. They were ideal for managed devices across unmanaged networks. The IPSec connection is encrypted for securing the unmanaged network. For the most part, we were used to having managed devices. IT would install a client and an authorized and managed device would be given or sent to the end user.
As users changed, we got more laptops into the mix and access would start happening from unmanaged devices and unmanaged networks. Deploying and provisioning IPSec clients became challenging, along with the need to restrict where these untrusted unmanaged devices could go in our networks. SSL VPN became the solution for dealing with these problems.
Now we have a world of personal devices, large amounts of sensitive data on devices that are prone to being stolen and an intolerance with the users to only use corporate supported and approved devices. We need to be able to support a wide variety of platforms to allow them to connect to our corporate resources while making sure these often unmanaged personal devices meet our security requirements.
We have to look more at the provisioning problem separate from the access problem. The choice is no longer so clear. We need ubiquitous access and we need it to be secure. SSL VPN still offers a lot of choices with granular control, extensive logging and easy provisioning. IPSec clients have also come a long way and we offer two worthy of consideration. We offer Juniper Pulse for a variety of smart phones. It offers cloud based provisioning and several enterprise features for managing the devices while allowing them to connect as secure VPN clients. We also offer an individual or enterprise based IPSec client (more info soon on the web site, contact me) that works with laptops and phones. It can work with existing AD directory infrastructure and offers a centrally managed desktop firewall application to provide granular access for the endpoint and runs on corporate managed devices (real or virtual).
The good news is that we’re finally seeing robust solutions to manage the unmanaged endpoints while giving the kind of security oversight that is required. Whether it’s SSL VPN or IPSec VPN clients, we have solutions available today to choose from.