Debunking Myths about Remote Access Technology Remote Access
What s Inside? 04 #1 VPNs Slow Down The Computer Or Device 06 #2 SSL VPNs Support Web And Browser Applications Only 07 #3 VPNs Only Allow Access To The Organization s Data 08 #4 VPNs Are No Different Than Other Portals 09 #5 VPN Connections Fail Often And Require Repeat Log-Ins 10 #6 Cloud Computing Is Also Making VPN technology obsolete 11 #7 VPNs aren t a helpful part of a mobile Workplace Strategy 12 #8 Once An Employee Has Remote Access, He Or She Can Access Company Resources Forever 14 2
#9 VPNs Expose Corporate Assets To Malware On Unmanaged PCs 15 #10 Keystroke Loggers Can Compromise VPN Authentication 16 #11 VPNs Leak Corporate Date Onto Home And Public PCs 17 #12 VPN Management Policies Are Difficult To Administer 18 About HOB 21 Contact 22 Legal Notice 23 Picture Sources 25 3
What`s Inside? The upcoming always-on mentality in people s private lives translates into their business lives, as well. Thus, employees start demanding not only flexible workplaces but also anywhere, anytime access to corporate resources so that they can work whenever, wherever and however they want. Nevertheless, one should this trend, companies do so, as well just consider higher employee motivation and satisfaction or enhanced productivity levels of employees working mobile. The simplest solution to this trend: use remote access technology in your company to securely connect employees, customers or even partners with your company s site. Contrary, IT administrators have heard about or also faced several problems with VPNs in former times. So it is not astonishing that they eye VPNs critically. However, it is time to clean up with myths about remote access technology as to fully understand the value they propose to companies. Of course, people do not want their remote access solution to cause problems with their device, whether it s a laptop, tablet or smartphone owned by the organization or the employee. Moreover, data security is not a question, i.e., it must be ensured that remote access securely connects the user to the network. But: VPN technology has been around a long time and it continues to improve and offers people a highly-reliable, fast and consistent approach to gain secure access to data and applications stored in the company s network. not think that only employees benefit from 4
Over the years, many myths about VPN technology for remote access have come up. Some of these have never been true and others are not any longer true due to enhancements in technology. Below are several myths about VPN technology that are worthwhile dispelling. VPNs are ideal for many types of mobile employees. Mobile doesn t necessarily mean team members spread across the country or world. A mobile worker also includes people sit in conference rooms all day, have meetings at customer sites or work from home or while travelling. Basically mobile workers are all those who are rarely in their office or workspace. And, for employees who utilize their own devices, VPNs add a level of security, too. 5
#1 VPNs Slow Down The Computer Or Device VPNs, especially early versions of VPN software, gained a reputation for slowing down computer performance. Since then, many things have changed: faster protocols have been developed, new and better possibilities to compress data exist, and Internet connections have become tremendously fast. Additionally, technology checks every device before granting access to company resources. The parameters in which the VPN checks in these devices are configurable by the IT team. modern remote access solutions on an SSL basis do not require downloading any software onto the device, and therefore, it can not impact the device s performance. The device does not need to be known In today s computing environment, where users often have multiple large files open at once, there is no room for any capabilities that reduce performance. on the company network. Today s VPN 6
#2 What Should I Expect From A VPN Provider? Early VPNs were limited in the user activities they supported. Today s high-quality VPNs offer a choice of access methods from clientless browser interfaces to thin-client SSL tunneling. Early SSL VPNs began as HTTP proxies, allowing employees access to web applications through a VPN gateway using an ordinary browser. Today, VPNs also offer browser-launched thin clients that can support just about any application by tunneling non-web protocols over SSL. VPNs also enable users to access not only Windows Terminal Servers and applications residing there but also further resources like, e.g. desktop PCs, be they virtualized or not, file servers or the company s intranet. Users today expect access to their information anytime, anywhere, whether they are stored in the company s network or in a public or private cloud. Today s VPNs offer that flexibility and with the identification, authentication and authorization services included they ensure appropriate access only for those that are allowed to. 7
#3 VPNs Only Allow Access To The Organization s Data Many users only consider VPNs useful to access an organization s network to upload/download data. Modern VPN technology includes remote VoIP capabilities that enable employees to use the same telephone number as come confused and use the employee s home or mobile number as there primary contact point. they do at work. This makes their location even more seamless to fellow employees, customers, vendors and others. VoIP capabilities are particularly important when phoning customers as they can be- VPNs provide a variety of different services that help users keep access to all critical information, not just documents and other forms of data. 8
#4 VPNs Are No Different Than Other Portals There has been a misconception that basically stated, All portals are alike. This is definitely not the case. VPNs can provide highly-personalized portal views that are a function of each user s individual access rights. Today s VPNs provide dynamic access portals. Network managers can define server access with application publishing in a way that the user only sees his personal, customized portal. While users want anytime, anywhere access to information, it is up to the network manager to ensure that each user only has access to the information and services that senior managers have determined are relevant for each user. Additionally, users are not overwhelmed by too many options that are not made for them. Thus, it is easier for users to cope with the VPN solution, particularly if they are not IT experts. 9
#5 VPN Connections Fail Often And Require Repeat Log-ins VPNs had gained a reputation of failing, requiring the user to log in repeatedly. VPNs provide high availability and single sign-on techniques ensuring users are continuously connected. Today s VPNs single sign-on. Moreover, with today s solutions it is ensured that data are not lost in case the connection is interrupted. resume automatically after loss of connectivity, quickly and without user intervention. Some facilitate network roaming; e.g., an employee s authenticated state may be kept during a brief loss of connectivity or reinstated transparently via VPNs are so reliable today, that network managers often rely on them for allowing users to connect their personal devices to the network, even when the user is in the office. 10
#6 Cloud Computing Is Also Making VPN Technology Obsolete There is a misconception that cloud computing has eclipsed VPNs as a valuable technology. There is no doubt that cloud computing with a high performing VPN solution to enable all their customers to access data stored in their cloud. has given employees a new level of freedom to store and retrieve important content. However, there are countless stories of cloud sites suffering from cyber attacks due to lack of security protocols. IT teams will never allow critical data to be stored in a cloud environment that does not include robust security measures, which should always include VPNs. In addition, Cloud computing has, in fact, enlivened the need for robust VPN technology. The cloud phenomenon has trained users to expect anytime, anywhere access to their information. VPNs are a critical component of making this a reality. cloud service providers are best served 11
#7 VPNs Aren t A Helpful Part Of A Mobile Workplace Strategy Some belief that in today s mobile work environment, where people want to access all information on a variety of devices, VPNs do not have an important role to play. Quite the opposite, VPN technology is a critical part of a mobile workplace strategy. VPNs enable the employee to gain access to corporate resources with the same speed and controls as in-office teams can. Even when an employee is in the office, IT teams can also configure access to the network only through the VPN. This might be a reasonable approach if employees use their own device on company site, too. If this is the case, the access via VPN on site makes sure that no virus or other malware gets into the company network from the privately held device. Additionally, modern VPNs allow preventing employees from 12
establishing a second Internet connection while being connected to the company network (anti-split tunneling). This is a further security measure to protect the company network against malware. The flip side of offering anytime, anywhere information and services access is the need for network managers to provide robust security.this obstacle can be overcome by the use of a highly functional VPN solution with many security features included. 13
#8 Once An Employee Has Remote Access, He Or She Can Access Company Resources Forever Network managers still fear that a freelancer or employee leaving the company will take log in credentials with them. When someone leaves the company, the access to company information as soon and every single user up to the possibi- IT team can quickly delete that person as they quit the company. Additionally, lity to completely prohibit access from an from the authorization list and remote this should be an easy task for the IT ad- external site under particular circumstan- access (or any kind of access for that min which comes true with modern VPNs ces, e.g., if the employee wants to ac- matter) will no longer be possible. that allow for central administration and cess data from a public Internet café. This configuration. Just some clicks and the ensures that each user can only see and Because people change jobs frequent- user has been deleted. access the data he or she is intended to. ly and many companies employ large And even while employees are working Thanks to multi-tenancy data of different numbers of freelancers, it is essential that for the company, IT administrators can branches, site offices or user groups can network managers can prevent their granularly define roles and rights for each be stored in a completely separated way. 14
#9 VPNs Expose Corporate Assets To Malware On Unmanaged PCs Because PCs can be exposed to malware through Internet access, by infected USB drives and through out means, there has been a belief that an infected PC can infect a network through VPN connections. Today s smart VPNs can measure endpoint robustness and compliance, and then determine whether and how to grant access to authorized content. VPN sessions can be used as a solution to evaluate each endpoint s integrity before authenticating the user or authorizing access. For example, VPNs can query endpoints version/patches and antivirus presence/signatures. Frequently, VPNs can analyze managed endpoints for compliance with corporate security policies. The quality of network security is only as strong as the weakest area. High-quality VPNs include necessary functionality to protect critical data assets. Additionally, modern VPNs do not store any data on the accessing device. Thus, data are securely kept within the company network even if the device is lost or stolen. 15
#10 Keystroke loggers can compromise VPN authentication VPNs had an early reputation as being a weak point in a network s security infrastructure, especially in protecting against keystroke loggers. VPNs actually prevent this threat with strong authentication, in combination with external authentication servers or built-in strong authentication services. Cybercriminals are increasingly focusing on personal identity theft for financial gain. Spyware has also grown more common. Keystroke logger Trojans are a particular threat since they can capture reusable text passwords before endpoint security checks are complete. High-quality VPNs today can mitigate these concerns; some display virtual keyboards that avoid text passwords, others can be paired with enterprise two-factor authentication servers. Far from being a weak point, particularly against keystroke loggers, VPNs are actually a network strong point. 16
#11 VPNs Leak Corporate Date Onto Home And Public PCs Some believe that offering VPN access to a network allows users to download as much network information as they want. VPNs can prevent this by limiting what each user can do, keeping data safe endpoints that are not fully trustworthy and provide read-only access to files. during a log in session and then deleting it at log off. So, the VPN solution deletes all cached files with log-of and, additionally, the user might never be allowed to locally store data on the accessing device. VPNs reduce risk by enforcing granular access controls. These policies may, for example, Secure VPN authentication ensures users can only upload/download information they are authorized to send/receive. They have precisely the same access to information as they have when they are in the office. deny thin-client SSL or IP tunnels from 17
#12 VPN Management Policies Are Difficult To Administer It is believed by some that VPNs are complicated to manage, leaving open the possibility that users can gain access to information for which they are not authorized. VPNs can use central policy managers and integrate with enterprise authentication servers and directories to simplify administration. It is always possible that policies will become unwieldy, given multiple access methods, endpoint security checkers and other policies. It is up to the network administrator to use his/her authority wisely to achieve desired security without rendering the VPN difficult to manage. Today s VPNs are quite simple to manage and give network managers a wide range of options that ensure users gain only access to appropriate information. With the growing threat from worms, viruses, hacking, spyware, data theft and application abuse, remote access VPN connectivity must also include proper endpoint and network security technology. Unprotected and/or incomplete VPN security can create several issues: 18
It allows employees to introduce malware into the network during remote sessions Leaves open the possibility of information theft of data such as customer fi les and IP Allows for unwanted application traffi c, such as peer-to-peer fi le sharing, into the main offi ce Enables intruders to hack remoteaccess sessions, giving hackers access to the network. network, slowing network traffi c 19
To avoid a network breach, the employee s device and the VPN gateway to which the employee connects must be secured properly as part of the VPN deployment. Employee devices should have endpoint security, such as data security, antispyware, antivirus and a personal firewall. market continues to grow at double-digit rates indicates that this form of remote access technology continues to thrive. The high-security, flexibility to meet the needs of different network environments, and ease to use for IT teams and employees alike allows VPN to thrive. The fact that the worldwide VPN technology 20
About HOB mid-sized and large enterprises. In the HOB headquarters in Cadolzburg and in locations throughout the world, HOB has approximately 120 employees, half of which in the development departments. HOB has branch offices in Malta, the USA and a partner company in Mexico. HOB GmbH & Co. KG is a mid-sized German software enterprise that develops and markets innovative and multiply awarded remote access solutions worldwide. The core competencies of this successful company, founded in 1964, comprise server-based computing, secure remote access, VoIP and virtualization. HOB products are deployed in small, 21
Interested? Would you like to check out the numerous benefits of HOB Software? Just call us or send us a quick mail! You are welcome to contact us: Inside US HOB Inc. Headquarters NY 245 Saw Mill River Road Suite # 106 Hawthrone, NY 10532 Outside US HOB GmbH & Co. KG Schwadermuehlstraße 3 90556 Cadolzburg Germany Tel: +49 9103 715 0 Tel: (866) 914-9970 (toll free) (646) 465-7650 E-Mail: marketing@hob.de E-Mail: marketing@hobsoft.com Website: www.hob.de Website: www.hobsoft.com 22
Legal Notice HOB GmbH & CO. KG. KG Schwadermuehlstr. 3 90556 Cadolzburg Represented by: Klaus Brandstätter, Zoran Adamovic Contact: Phone: 0049-91037150 Fax: 0049-9103715271 E-mail: marketing@hob.de Register of Companies: Entered in the Registry of Companies, Registry Court: Amtsgericht Fürth, Registration Number: HRA 5180 Tax ID: Sales Tax Identification Number according to Section 27a Sales Tax Act: DE 132 747 002 Responsible for content according to Section 55 Paragraph 2 Interstate Broadcasting Agreement: Klaus Brandstätter, Zoran Adamovic, Schwadermuehlstr. 3, 90556 Cadolzburg References for all images and graphics used: See Picture Sources 23
Disclaimer: Liability for content The contents of this publication were created with great care and diligence. While we keep it as up-to-date as practicable, we cannot take any responsibility for the accuracy and completeness of the contents of this publication. As a service provider we are responsible for our own content in this publication under the general laws according to Section 7 paragraph 1 of the TMG. According to Chapters 8 to 10 of the TMG we are not obliged as a service provider to monitor transmitted or stored information not created by us, or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected. Liability is only possible however from the date of a specific infringement being made known to us. Upon notification of such violations, the content will be removed immediately. Liability for links This publication may contain links to external websites over which we have no control. Therefore we can not accept any responsibility for their content. The respective provider or operator of the website pages to which there are links is always responsible for the content of the linked pages. The linked sites were checked at the time of linking for possible violations of the law. At the time the link was created in this publication, no illegal or harmful contents had been identified. A continuous and on-going examination of the linked pages is unreasonable without concrete evidence of a violation. Upon notification of any violations, such links will be removed immediately. Copyright The contents and works on these pages created by the author are subject to German copyright law. Reproducing, copying, modifying, adapting, distributing or any kind of exploiting of this material outside the realms of copyright require the prior written consent of the respective author or creator. The downloading of, and making copies of, these materials is only permitted for private, non-commercial use. Where contents of this publication have not been created by the author, the copyright of the third parties responsible for these contents shall be upheld. In particular any contents created by a third party are marked as such. If you become aware of any copyright infringement within this publication, we kindly ask to be provided with this information. Upon notification of any such violation, the concerned content will be removed immediately. 24
Picture Sources S.1 - Philip Date (Thinkstock) S.4 - Fotolia S.5 - Roberto Rizzo (Thinkstock) S.7 - Roz Woodward (Thinkstock) S.8 - Brand X Pictures (Thinkstock) S.10 - Jupiterimages (Thinkstock) S.11 - Zeffss1 (Thinkstock) S.13 - Elena Schweitzer (Thinkstock) S.16 - Spectral-Design (Thinkstock) S.17 - RTimages (Thinkstock) S.19 - almagami (Thinkstock) S.20 - Andrea Danti (Thinkstock) S.21 - Thinkstock S.22 - Creatas (Thinkstock) S.24 - Spectral-Design S.25/26 - Fotolia S.15 - Thinkstock 25