Ars Technica recently ran a piece “Die, VPN! We’re all ‘telecommuters’ now—and IT must adjust” arguing that in today’s mobile world, VPNs should just be abandoned and IT should adjust to relying on passwords and alternative security protocols. But considering the proliferation of data breaches we’ve seen this year alone, we know it’s simply irresponsible and absurd to walk away from secure remote access, simply because you think it’s too difficult to implement.
In fact, Rainer Ender, CTO of Americas for NCP engineering, responded with a counterpoint OpEd on Ars Technica, “Live, VPN! Why VPNs are a must-have for today’s workforce.” Here are some of the highlights:
Why the cloud isn’t rendering VPN obsolete:
The Die VPN! article is right to say that we are now using cloud-based email and calendaring more than ever before. But this isn’t the only way we access corporate information. Most people—and companies—still have a hybrid approach to their data storage. While some information is shared via Google Docs or on Salesforce.com, most companies continue to store the majority of their corporate information on private servers, hardware or virtual. This is a hybrid world: one in which the corporate firewall is alive and well. Any company that allows employees to access and transmit the information on its server without encrypting it first, are recklessly (not to mention unnecessarily) exposing themselves to a data breach.
Why passwords aren’t enough:
With the number of smartphone users set to increase 49.6 percent from 2010 to 2012, and the ubiquity of WiFi, it’s often a simple VPN that stands between a company’s network and the slew of opportunistic hackers. Otherwise, employees would be sending private data over the Internet with no protection—unthinkable for enterprises all over the world that rely on VPN encryption. If companies want to improve their security profile, their best bet is to have critical servers and services not exposed to the Internet, and rather provide the access via a transparent VPN connection such as IPsec, avoiding the various SSL vulnerabilities and flaws.
Why security is more than a “lost laptop” problem:
The Die VPN! article says the biggest issue companies and IT have is “the lost laptop” problem, with the solution being full disk encryption. But if you take a look back at a high-profile breach of 2011, you’ll see that the biggest security issue is often a disgruntled former employee looking for opportunities to game the company’s network.
You can see the full story, “Op-ed: Live, VPN! Why VPNs are a must-have for today’s workforce” here.