Monday, December 15, 2008

VPN's for Remote Access

In many organizations, employees assume that they will have the tools to be as productive (or more productive) away from the office as in the office. Organizations frequently supply salespeople and other remote workers with laptop computers that enable them to work offsite. Employees remotely access e-mail messages, place orders, check order status, and check inventory levels from the road and from home computers (I know this is probably shocking news to you all!). With the growth of Voice over IP, some employees also receive phone calls directed to their office extensions on their laptops or PDAs.

Without a VPN, employees dial into remote access equipment consisting of modem banks at corporate headquarters to access e-mail or other applications using toll-free numbers billed to the corporation. Organization rack up thousands of dollars in toll-free charges. In addition, calls are frequently dropped and speeds are slow. Moreover, these dial-in remote access arrangements do not support cable or DSL modems.

VPNs provide staff at remote offices or home offices to gain access to the corporate Intranet in the same manner they would if they were locally connected to files. Distributing VPNs to home, telecommuters, and small offices may put access to sensitive information in facilities not as well protected as more traditional facilities. VPNs need to be designed and operated under well-thought-out security policies. Organizations using them must have clear security rules supported by top management. When access goes beyond traditional office facilities, where there may be no professional administrators, security must be maintained as transparently as possible to end users.

Some organizations with especially sensitive data, such as health care companies, even arrange for an employee's home to have two separate WAN connections: one for working on that employer's sensitive data and one for all other uses. More common is that bringing up the secure VPN cuts off Internet connectivity for any use except secure communications into the enterprise; Internet access is still possible but will go through enterprise access rather than that of the local user.

No comments: