Should you invest in SSL VPN?
View PDF | Print View
by: Evie K. Bruce
Should you invest in SSL VPN, the wonder appliance everyone’s talking about? If yes, let’s find out why and how it suits your specific needs. According to Forrester Research, Cambridge, Massachusetts to set out three basic questions that companies should ask before going in for an SSL VPN or a similar vendor.
For those who came in late, an SSL VPN is basically a Virtual Private Networking service (VPN) which does not call for the installation of VPN client software on remote devices. Here, remote users and telecommuters can make secure links from their laptops or any PC via a Web browser.
The first of these two basic questions is:
Should a business invest in a user- or application focused SSL VPN?
Now, SSL VPN users can be of two kinds: focuses on the user or on the application.
The user-focused approach refers to remote users being given access to full network and transparency. The application-based approach refers to the client company that wishes for the applications to be eased out. These application-oriented SSL VPNs lay greater stress on integrating back-end applications and rendering better access in a dedicated clientless form, for example, via a Web browser.
Such VPNs also integrate security at the endpoint but are more focused on policy administration. They also have more sensitive user interfaces rather than user-based SSL VPNs and stronger management capabilities. It is necessary for firms to ask the above-mentioned question if only to find out the basic direction of deployment of SSL VPN.
The rationale is that if the company’s WAN staff or its networking team is propelling the decision to invest or buy SSL VPN, then the company should first invest in user-focused devices. However, if a company’s application group, comprising those shaping its business direction such as remote access specialists, are the ones who shape the company’s decision to buy SSL VPN, then such a company should begin by buying application-focused devices.
The second question companies should ask is: How should a company deploy integrated or embedded endpoint security mechanisms?
Most SSL VPNs include a fundamental check for pre-authentication by the host, but companies generally need to build in a third party tool for complex security such as encrypted sandboxes and advanced cache cleaning. For built in endpoint security, there exist a wide range of options, but to be operational, it needs to be configured manually, which in turn, leads to possible missteps of policy, thereby adding to extra labor and other costs. Today, about 70% of all companies choose built in or integrated endpoint security in their SSL VPNs.
On the other hand, embedded endpoint security is integrated into the appliance. Embedded tools often have the advantage of having a well-defined policy configuration that provides complete access control from one administrative console. However, the disadvantage of selecting this is that the company that chooses an embedded product is often bound by the vendor’s offerings and must rely solely on him to provide periodic updates. Finally, therefore, a company must decide if it wants security of the ultimate level and is willing to pay a premium price for it or if it prefers easy management and control.
About the Author
Evie K. Bruce is the author of this article on SSL VN. Find more information about SSL VN here.
Rating: Not yet rated
Login to vote