Pinpointing the right mobile VPN solution
Now that we know about the mobile VPN, it's important for the IT department
to know just what criteria to look for when selecting a mobile VPN solution. IT
departments should look closely at the following four criteria:
1. The basics: Support for security fundamentals
All software security solutions need to have strong authentication,
encryption and data integrity. Strong authentication requires the identity of
both the sender and the recipient to be verified before exchanging data-keeping
both the data and network security safe. Once authentication takes place, the
data must be encrypted, which requires scrambling of transmitted data with a
secret key to unlock or decode the encryption for an added layer of data
security. To ensure data integrity, a trustworthy security solution must
validate that data has not been modified during transit, and it should
automatically eliminate any changed data packages.
2. Choose a solution based on a standard security protocol
While several VPN solutions meet the three fundamentals of trustworthy
security, it's critical to select a VPN based on a standard security protocol.
Because proprietary technology exposes the company to unknown risks and may
increase the risk of a security breach, a VPN that has been tested and validated
is preferred.
3. Put your mind at ease with a security solution that enforces
compliance
With a growing mobile work force, IT administrators must have the ability to
establish, enforce and update mobile device settings to ensure regulatory
compliance with regulations such as the Sarbanes-Oxley Act, Health Insurance
Portability and Accountability Act (HIPAA) and the PCI Data Security Standard
(PCI
DSS). A VPN solution should also
provide complete records of all network events to comply with audit requirements.
It is also important that the VPN supports Network Access Control (NAC),
ensuring that connecting devices are authorized to access the network and are
compliant with the company's security policy. Devices that don't comply can be
quarantined, thereby protecting networks from unauthorized access and virus
attacks.
4. Consider total cost of ownership for top-down corporate and compliance
strategy rather than short-term tactical approach
In the rush to mobilize, many IT organizations have placed a plethora of
aging, single-purpose network and security tools into service-including Wi-Fi
Protected Access (WPA2), traditional IP Security VPNs and other underperforming
mobile VPNs. Today, the enterprise has begun questioning this "one-step-behind"
and reactive mind-set in favor of a balanced approach between the total cost of
ownership (
TCO) and the overall business
requirements, thus demanding a shift from tactical and short-term decisions to
working with a top-down corporate strategy focusing on IT and compliance needs.
Again, one must consider a complete security platform rather than a single-point
solution when it comes to total cost and time savings, for the following five
reasons: less support costs (fewer help desk calls, less system
administration), less maintenance and upgrade costs, lower initial investment,
less training, and less complexity.
Email
Print
