How companies should plan their VPN strategy

Remote work via secure VPN access is more important than ever. New technologies, increasing networking and flexible working models are changing the way we work. Companies that need to ensure business continuity are also at risk due to external circumstances such as severe weather or pandemics. There is no better time than now for companies to rethink their VPN strategy.

Management consultancy Deloitte, reports that 66 percent of all German companies want to increase remote work in the long term. As remote access via mobile workstations and from home is rapidly increasing, 43 percent of the CFOs surveyed also plan to invest in cybersecurity. And that’s not without reason: Many companies have faced a legal obligation to switch to remote work. However, hastily installed interim solutions have revealed countless security gaps and risks, particularly with users working remotely from home.

The ESET study "Quo Vadis, Unternehmen?” found that every second home office is considered a security risk. Companies need to take note and recognize the importance of implementing a secure and suitable remote access solution. Especially if they always want to ensure business continuity and stay productive regardless of external circumstances.

Enhancing security with a VPN strategy

Whether companies are revising an interim VPN solution or planning to rebuild their entire remote access infrastructure: Only a solid, strategically planned VPN permanently ensures confidentiality and data integrity. Assessing the current situation is an ideal basis for making the right decisions. This should take into account the Guide to Basic Protection of the Federal Office for Information Security (BSI) and above all answer the following questions:

• Has the existing VPN gateway been implemented according to internal policies?
• Do administrators only have the least required permissions?
• Does the VPN gateway forward its logs to administrators or a SIEM solution?
• Is the VPN gateway protected by a firewall to prevent potential attacks?
• Were existing vulnerabilities in the VPN gateway fixed before it went live?
• Are connections protected by secure multi-factor authentication?
• How available, scalable and customizable are the VPN services used?

With the help of this questionnaire, companies can review their existing VPN services and identify how they can be optimized in terms of performance, security and scalability. Assessing the current situation is an important basis for strategic VPN planning.

Choose hardware or software products for VPN access.

Based on the current situation, IT managers should conduct a cost-benefit analysis of hardware and software solutions. From choosing a suitable platform to the right licensing model for the VPN solution, there are many important criteria to consider. Purely software-based installations offer some fundamental advantages for realigning VPN strategy.

• No hardware shortages: Hardware-based VPN solutions have repeatedly experienced delays in delivery and deployment and rising prices.
• Rapid deployment: VPN software solutions can be quickly and easily deployed on standardized hardware or fully virtualized.
• Maximum scalability: Software-based VPN solutions are more scalable and can easily be deployed with thousands of users.

Whether an organization processes classified data is also an important factor in choosing the right VPN solution. Such organizations are bound to official secrecy and need to ensure that they choose a VPN solution that is approved for processing classified data. For example, the VPN software solution NCP VS GovNet Connector is approved for processing data classified as for official use only (VS-NfD), RESTREINT UE/EU RESTRICTED and NATO RESTRICTED.

Consider management and usability of VPN solutions carefully

For routine work (management of user rights, management of certificates or VPN training for all employees), convenient VPN solutions can save a lot of time. When selecting their VPN products, companies should therefore ensure that the IT has a central management component available, that the VPN solution is easy to configure and that it ultimately enables all employees to work as intuitively as possible.

Central remote access management with console access and management servers play an essential role here, supporting all common VPN technologies such as IPsec or Secure Sockets Layer (SSL). The console serves the administrator as a front end for managing user data, changing configuration settings or saving certificates. The console should also allow automation via scripts for importing user data or license keys for each remote system, for example, during roll-outs.

Management servers automate verification and compliance with the security policies as well as all activities required for the roll-out and operation, for example software and configuration updates or the management of users, licenses and certificates. It should also be support the central management of systems with different operating systems, such as Windows, macOS, Linux, iOS and Android. Plug-ins for special tasks also facilitate configuring clients, network access control and client firewalls.

Additional VPN requirements for a remote work environment

The most important VPN tasks include secure communication and protecting sensitive data and the supported security standards, security features and flexibility of VPN solutions are important criteria for choosing the right solution.

• Standards: IPsec is the standard protocol for networks in the enterprise environment. However, proprietary extensions of protocols implemented by VPN providers often lock companies in. IT managers should therefore pay attention to an IPsec protocol stack that complies with the IETF, RCF and FIPS standards for the USA and Canada.
• Features: Current VPN solutions should support the following features: Multi-factor authentication, network access control, reduce server loads through split tunneling and VPN bypass, and Quality of Service (QoS) monitoring within the encrypted VPN tunnel.
• Flexibility: VPN solutions need to adapt to the needs of the organization – and not the other way around. Only then can a temporarily increased need for VPN access due to external circumstances be met promptly. Flexible and scalable licensing models such as "Pay per Use" or "For Temporary Use" play an important role.