Archive for the ‘IT policy’ Category

By Bernd Reder

As the workforce becomes increasingly mobile, the methods by which users access critical business tools must evolve in kind. In the past, the desktop environment and all of the resources it hosted were only accessible if an individual was sitting right in front of his or her computer. But now, with the advent of laptops, tablets and smartphones, we’re seeing a paradigm shift—one in which digital assets are no longer imprisoned by local hard drives.

Virtual desktops allow employees to remotely access their traditional systems from any location, eliminating device storage concerns as well as numerous other headaches for IT managers. For example, if the IT department had to install a suitable desktop environment on every device used by every employee throughout the company, then provide technical support and roll out regular patches for each one, the workload would likely far exceed the department’s capacity.

A Central Virtualized Desktop

With virtual desktops, individuals working off-site can still access all the tools held within their office work stations, from the operating systems to essential applications and associated data. Not only is this more convenient for them, but it is more practical and less cumbersome for IT administrators. All sensitive information and tools are housed and managed in a secure location, mitigating the risks to company data if a security breach compromises an employee’s mobile device.

All of the company resources being accessed remotely are stored in secure data centers. Rather than having to constantly update and patch the myriad of tablets and smartphones that workers use while outside the office, IT managers can focus on deploying security measures that govern remote access privileges. Though this doesn’t completely eliminate the possibility of an attack against an employee’s mobile device affecting the organization, it greatly reduces those risks—more so than any alternative—and better equips IT personnel to safeguard important information.

According to a survey from U.K.-based market research firm Visiongain, more than half of U.S. respondents are either planning to virtualize their desktops or are considering exploring this option within the next 12 months. Visiongain also states that the world market for Virtual Desktop Infrastructure (VDI) products reached $11.6 billion in 2012, and predicts annual growth of almost 15 percent through 2015.

Where VPNs Come Into Play

Paramount to any VDI is a secure link between the virtual desktop and the device being used by an off-site worker to access it. As such, VPNs are indispensable. They ensure that data is transported across a secured, encrypted connection.

However, this is far from a “one-size-fits-all” solution. On-the-go employees will often use various mediums to connect to their virtual desktops, including public Wi-Fi networks at airports and hotels or local networks at the offices of current or prospective clients. A company’s VPN system has to be configured to securely handle all of these options if users are going to be able to safely and efficiently access their virtual desktop environments. What’s more, VPNs must be able to seamlessly handle transitions from one medium to the next, such as LAN to Wi-Fi, so that the connection is not lost or processes are not interrupted at inopportune times. If access proves problematic, the benefits of VDI begin to dissipate.

In order for companies to tap into the benefits of virtualized desktops, they must invest in robust VPN solutions that account for all possibilities and automatically initiate the proper security settings based on the communication medium an employee is using. Whether in a coffee shop with public Wi-Fi or another office location within the same organization, the VPN should be able to manage them all. Such a task is perfectly fitted to a dynamic personal firewall. Where run-of-the-mill VPN systems might fail, expertly developed and well-matured solutions will not.

This is Part Two of our February Feature of the Month series. Last week, we honored the all-new Access Point Name (APN) feature in NCP’s entry and enterprise IPsec VPN clients.

Enterprises today are facing significant challenges related to remote computing due to their increasingly fragmented geographies. For instance, companies are not only contending with how to enable automated roaming between their solutions on premises and remote hotspots, but they are also responsible for making sure this seamless roaming is secure for employees working off-site.

To meet these industry needs, NCP engineering has enhanced its client suite to support integrated 3G cards, which ensure secure network connections for mobile workers when used in conjunction with the NCP Secure Enterprise VPN Server. NCP has combined 3G / 4G and VPN connection setup into a single, graphical user interface, simplifying the installation and deployment processes for both IT personnel and individual users.

Additionally, the NCP Secure Enterprise Client allows devices to automatically transition between a variety of communication mediums, including Wi-Fi, xDSL, LAN, ISDN and WWAN, making it easy for users to connect to their corporate networks from any location. Since the solution dynamically redirects the VPN tunnel without disrupting mobile computing sessions, employees are guaranteed uninterrupted connections to their networks.

Beyond that, for enhanced protection, the solution automatically recognizes secure and insecure networks to connect to while users are roaming. With its Friendly Net Detection feature, the IPsec VPN client then activates the appropriate firewall and security policies without the end user needing to lift a finger.

Want to learn more about the NCP Secure Enterprise Client’s integrated support of 3G / LTE cards? Additional information can be found here. 

Today, Rainer Enders, VPN expert and CTO of Americas at NCP engineering, addresses how IT and data management executives can properly protect their corporate data.

Q: What are the most effective steps IT and data management executives need to take in ensuring the best security for corporate information?

Rainer Enders: There is no substitute for best-of-breed security solutions. IT managers must realize that only betting on one vendor for all security needs will leave security holes in the architecture. A key starting point is the assessment of risk and exposure. For example, if you do not have employees working outside the office, you’ll have far different security implications than if you have a large mobile workforce. Obviously, the cost of the solution must match the assets at risk that will be insured and protected against damage or loss. A clear and concise security policy must be established that involves all the key stakeholders, and the policy must then be implemented and enforced at all levels. This is probably the most important and, sadly, the least followed advice.

Another trap many IT managers fall into is changing security infrastructure too quickly. Rather then taking a blended migration approach, a rip-out-and-replace approach is usually implemented, neglecting benefits and merits of existing incumbent security technologies. This has happened when SSL VPN was introduced to replace IPsec VPN. Customers followed early promises, only to see many companies now returning to the “old” IPsec VPN or adopting a hybrid approach, which would have served them better from the start. So any security architecture framework should follow the technology, not a vendor product roadmap.

If you have any questions on VPNs or anything else related to secure remote access, send them to editor@vpnhaus.com. 

Rainer Enders is CTO, Americas, at NCP engineering.

Rainer Enders, CTO, Americas at NCP engineering, recently conducted an Execsense webinar around what CIOs and CTOs need to know about mobile device security. Rainer explains how the replacement of static access networks with mobile access networks has led to a paradigm shift in overall network security. Because mobile device protection complements infrastructure protection, enterprises must safeguard their data within hostile mobile access networks, which are made all the more vulnerable in today’s information age.

Taking us further down this journey of murky data classification and the new obstacles IT leaders face with the proliferation of mobile devices and BYOD, Rainer describes what mobile-centric security strategies CIOs and CTOs should implement to ensure optimal network protection. We hope you’ll tune in to the new Execsense webinar here.

 

mobile_security400

This is part two in a series of questions related to employee provisioning and VPNs. Earlier this week, we addressed how enterprises can ensure that their provisioning processes benefit their overall security postures. 

Question: Provisioning’s security holes become particularly apparent when remote mobile access users leave a company and enterprises try to apply a one-size-fits-all de-provisioning approach. In today’s mobile, global, 24-hour business world, what de-provisioning tactics are necessary to mitigate security risks during employee transitions?

Joerg Hirschmann: The best de-provisioning approach will be one that does not rely on a singular component to keep up with an organization’s changing needs. For instance, a provisioning process should go beyond the ordinary capability of disabling an account; instead, an organization should use the scalable method of PKI (certificate based authentication), which offers an additional option to withdraw remote access permission by revoking the user’s certificate. Similar offerings are available through One-Time-Password tools, which can also disable specific tokens, for example.

At the end of the day, the quality of the automated process will dictate how effective provisioning and de-provisioning will be.

Stay tuned for more on employee provisioning and VPNs next week. If you have any questions that you would like answered, as related to VPNs, remote access, network security and the likesend them to editor@vpnhaus.com. 

Joerg Hirschmann is CTO at NCP Engineering GmbH