Wrestling with the BYOD quandary

VPNs provide a way for organizations to strike a balance between security and mobility

Different VPN types for Different Situations

Different VPN types exist that fit to different network architectures and user needs. Each has benefits and weaknesses IT teams should consider before selection and deployment.

Internet Protocol Security (IPsec) VPNs

IPsec VPN solutions are very widely used and for many years were the standard remote access solution. They are especially well suited for fixed connections, for example, from the enterprise network to branch offices or suppliers and customers. They allow complete network access and are considered to be secure and reliable.

When using IPsec VPN technology in combination with BYOD, this technology exhibits a major drawback: An IPsec VPN client has to be installed on every end device. To do this, installation and administrator rights are needed. Not every employee is prepared to grant the corporate IT these rights to his own device. If the employee is to set up the client himself, then he could be faced with complex configuration work, e.g., the target networks, which may be more than he can handle.

Secure Socket Layer (SSL) VPNs

SSL VPNs have gained in popularity because they are "clientless," meaning the remote device doesn’t need to have a client pre-installed to connect to the corporate network. In many situations, an SSL VPN tunnel is created when a remote user opens a web browser and connects to a pre-defined URL. The VPN then prompts the user for a user name and password. Once authenticated, the user is often taken to a company’s individual webpage, which includes several options for network access or company applications.

An SSL VPN allows full network connectivity, as does an IPsec VPN, but can be deployed more easily to remote users since neither installation nor administrator rights on the client are needed. This makes SSL-VPN solutions, especially as regards BYOD, attractive for enterprises.

Selecting the Optimal VPN Solution

For the most part, the solution IT teams select depends on the needs remote access must address. If it is a matter of a fixed connection to branch offices, then an IPsec VPN would be the first choice. The technology is tried and proven. There are appropriate gateways for all possible amounts of users and requirements. The only prerequisite: an experienced IT administrator must be on site to configure the connections and manage the devices. Access rights and installations on the employees’ devices can be agreed upon and company-specific solutions can be implemented.

If employees don’t give their approval for access to their devices or if IT teams want greater flexibility, then SSL-VPNs are the preferred choice. As only central administration is required and no installation or administrator rights on the end device are necessary, the time and expense for IT is greatly reduced. This is an effect that becomes clearly visible when each user works with different devices to access centrally stored data and applications. These devices don’t have to be managed anymore.

Access is available from any device, regardless of the client’s OS, (e.g., Windows, OS X, Linux, Unix, etc.) to any target in the enterprise, from WTS (Windows Terminal Server) to legacy systems. All the user needs is a Java-capable browser and an Internet connection.
Modern solutions perform many security-relevant actions centrally, which then don’t have to be implemented on the client. BYOD and the best possible protection for enterprise data are thus no longer mutually exclusive.

VPN technology is a core component of a comprehensive cyber defense infrastructure and has come to the forefront as BYOD has taken root in many businesses. Despite many advances in network security, robust VPNs remain critical to ensure remote employees and employees using their own devices can enjoy the convenience of anytime, anywhere connectivity and IT teams can ensure date integrity.