Pinpointing the right mobile VPN solution
Now that we know about the mobile VPN, it's important for the IT department to know just what criteria to look for when selecting a mobile VPN solution. IT departments should look closely at the following four criteria:
1. The basics: Support for security fundamentals
All software security solutions need to have strong authentication, encryption and data integrity. Strong authentication requires the identity of both the sender and the recipient to be verified before exchanging data-keeping both the data and network security safe. Once authentication takes place, the data must be encrypted, which requires scrambling of transmitted data with a secret key to unlock or decode the encryption for an added layer of data security. To ensure data integrity, a trustworthy security solution must validate that data has not been modified during transit, and it should automatically eliminate any changed data packages.
2. Choose a solution based on a standard security protocol
While several VPN solutions meet the three fundamentals of trustworthy security, it's critical to select a VPN based on a standard security protocol. Because proprietary technology exposes the company to unknown risks and may increase the risk of a security breach, a VPN that has been tested and validated is preferred.
3. Put your mind at ease with a security solution that enforces compliance
With a growing mobile work force, IT administrators must have the ability to establish, enforce and update mobile device settings to ensure regulatory compliance with regulations such as the Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA) and the PCI Data Security Standard (PCI DSS). A VPN solution should also provide complete records of all network events to comply with audit requirements.
It is also important that the VPN supports Network Access Control (NAC), ensuring that connecting devices are authorized to access the network and are compliant with the company's security policy. Devices that don't comply can be quarantined, thereby protecting networks from unauthorized access and virus attacks.
4. Consider total cost of ownership for top-down corporate and compliance strategy rather than short-term tactical approach
In the rush to mobilize, many IT organizations have placed a plethora of aging, single-purpose network and security tools into service-including Wi-Fi Protected Access (WPA2), traditional IP Security VPNs and other underperforming mobile VPNs. Today, the enterprise has begun questioning this "one-step-behind" and reactive mind-set in favor of a balanced approach between the total cost of ownership ( TCO) and the overall business requirements, thus demanding a shift from tactical and short-term decisions to working with a top-down corporate strategy focusing on IT and compliance needs.
Again, one must consider a complete security platform rather than a single-point solution when it comes to total cost and time savings, for the following five reasons: less support costs (fewer help desk calls, less system administration), less maintenance and upgrade costs, lower initial investment, less training, and less complexity.