A CSOs guide to choosing an appropriate VPN solution
HOB, Inc. is a fully owned subsidiary of the software development and network service provider, HOB GmbH & Co. KG, which is headquartered in Cadolzburg, Germany. HOB GmbH & Co. KG is a mid-sized German software enterprise that develops and markets innovative and multiply rewarded remote access solutions worldwide. One-third of the largest financial services providers are currently using HOB software.
Rake Narang: How are mobile devices in the workplace presenting unexplored security risks for enterprises of all sizes?
Klaus Brandstaetter: The security risks of mobile devices in the workplace are very real and are increasing as mobile workforces become standard practice. Despite many advances in network security, mobile devices can bring in a host of problems that can compromise data integrity. One key risk is when employees use devices for both personal and professional uses. Personal data may intermix with corporate data which can lead to data leaks on both sides. To make matters worse, hackers are taking full advantage of the proliferation of mobile usage and are finding security holes faster than IT can identify them. With the capacity to store large amounts of data, mobile devices are easy prey – they’re highly portable and when left unprotected are vulnerable to criminals looking to install malware, conduct phishing scams and access private data.
About Klaus Brandstaetter
Klaus Brandstaetter studied electrical engineering at the Friedrich-Alexander University of Erlangen - Nuremberg in Germany. His studies were focused on IT, software and programming. With this knowledge, Mr. Brandstaetter set up the IT department at the company Geobra during his studies. He utilized Nixdorf Computers and IBM. Mr. Brandstaetter graduated with the degree "Diplom-Ingenieur der Elektrotechnik" which is comparable to a Master of Science in Electrical Engineering. From 1981 until the present Mr. Brandstaetter has served in the role of managing director of HOB GmbH & Co. KG with a primary focus on development.
Rake Narang: How can CSOs avoid the security pitfalls of a mobile workplace deployment?
Klaus Brandstaetter: One of the best ways to keep a mobile workplace deployment safe and secure is to get employees fully on board with security policies and to educate them on why it’s essential to keep corporate data, and personal data, secure. CSO’s need to ensure employees are aware of the risks for identity theft, email phishing and mobile phishing scams, plus other personal security issues, and show them how to safeguard data. In addition, in the meantime modern solutions have many security features included, ensuring that data protection and mobile workplaces need not be mutually exclusive. Some solutions, for example, never store any data on the mobile device. Thus, data securely remains in the company network even if the device is stolen or lost.
Rake Narang: Describe the different types of VPNs available today?
Klaus Brandstaetter: While there are a number of VPN types, the two I most recommend are IPsec VPNs and SSL VPNs. Because they are so secure and reliable and allow for complete network access, IPsec VPNs have been the standard for quite some time and are ideal for fixed connections. That said, there is a downside when giving employees remote access via their mobile devices. Installing an IPsec VPN client on a device requires configuration, something an average employee isn’t qualified to do. This means IT needs to step in and handle installation. Does an organization have that kind of bandwidth? This needs to be considered when deciding if IPsec is the right choice. In addition, often problems occur if an employee wants to connect to the company network with an IPsec connection via a third party hotspot, e.g., in a hotel. Here, certain ports are frequently blocked so that the IPsec connection cannot be successfully established. With an SSL VPN the employee does not have this problem. Typically, the ports 443 and/or 80 that are needed for a successful SSL VPN connection are always available.
SSL VPNs are increasingly more common for organizations that prefer to avoid installation on the client and that have workforces that commonly need access via mobile devices. To connect remotely, users just need a Java-capable browser and an Internet connection. After visiting a URL, they authenticate with a user name and password and then select from various options for network access and applications.
Rake Narang: What critical factors should CSOs consider when choosing an appropriate VPN solution?
Klaus Brandstaetter: The selection process should be based on the reasons why an organization needs a remote access solution. An IPsec VPN makes the most sense if the CSO envisions a fixed connection to branch offices. This entails employees giving access rights to their devices for installation. On the other hand, an SSL-VPN is ideal if IT teams want greater flexibility and prefer to keep IT time and expenses down. Central administration makes this possible and doesn’t require installation or administrator rights on the employees’ end device.