Seamless Roaming or Always On: The Remote Access VPN Feature Digital Nomads May Be Missing

In remote working environments, the Digital Nomad isn’t tied to a desk or cubicle, but he has close relationships with his coworkers. The Digital Nomad works exclusively from mobile devices that connect wirelessly to the Internet, and she’s still able to finish all her tasks on time. For now, these workers are generally the exception to the rule, but that may not be the case for much longer. One-third of business leaders anticipate that by 2020, more than half of their full-time workforce will be working remotely. It’s not difficult to see why remote work is so popular. Today, Digital Nomads can be more nomadic than ever, setting up new mobile “offices” wherever there’s a network connection. They don’t even need a hard surface to put their device on or an outlet to plug into. But, what they do need for security purposes is a remote access VPN to enable a secure connection back to the corporate network. VPNs are reliable, but the problem is, network interruptions have long seemed inevitable. They get in the way and disrupt the user’s computing session. That’s when a VPN feature known as seamless roaming or always on comes into play, allowing a user to move between different networks without losing the connection. The Value of Seamless Roaming Whether you’re a finance executive fighting dead zones as you work on your laptop from a train, or a sales professional working from an airport across a spotty Wi-Fi connection, each time there’s a network disruption, the user has to manually restart the VPN connection to continue working. This is why seamless roaming is no...

OPM Breach Shows Need for ‘Nimble’ Government Network Security

No matter how you look at it, the Office of Personnel Management (OPM) is on the hook for revealing the records of millions of Americans. The only question is how many millions. If you believe the agency’s own report, then it’s 4 million. Four million current, former and prospective government employees whose personal information became public following a cyberattack conducted throughout the early part of this year. The numbers are even worse if the reports from the Associated Press, Bloomberg and other prominent news sources are accurate. They claim the number of victims is closer to 14 million. Although the OPM investigation is still ongoing, the federal government has already begun the task of investigating and explaining the attack. As White House Press Secretary Josh Earnest told reporters last week: “Protecting the computer networks of the federal government is a daunting challenge. It does require the federal government to be nimble, something that’s difficult when you’re talking about an organization that’s this large.” Earnest is right. When you’re talking about the federal government as one body, it’s difficult to imagine it being fleet-of-foot and responding effectively to new and emerging cyberthreats. On a smaller scale, though, there are plenty of government agencies, at all levels, that are getting the job done locally, and taking proactive steps that should prevent them from becoming the next OPM. Let’s look at one government agency in Iowa that’s upgraded its remote access and, in the process, is protecting its network. Read Case Study Lessons from the Heartland Iowa Vocational Rehabilitation Services (IVRS) is a state agency, headquartered in Des Moines, that partners with...

Q&A on Employee Provisioning with Joerg Hirschmann: Part 2

This is part two in a series of questions related to employee provisioning and VPNs. Earlier this week, we addressed how enterprises can ensure that their provisioning processes benefit their overall security postures.  Question: Provisioning’s security holes become particularly apparent when remote mobile access users leave a company and enterprises try to apply a one-size-fits-all de-provisioning approach. In today’s mobile, global, 24-hour business world, what de-provisioning tactics are necessary to mitigate security risks during employee transitions? Joerg Hirschmann: The best de-provisioning approach will be one that does not rely on a singular component to keep up with an organization’s changing needs. For instance, a provisioning process should go beyond the ordinary capability of disabling an account; instead, an organization should use the scalable method of PKI (certificate based authentication), which offers an additional option to withdraw remote access permission by revoking the user’s certificate. Similar offerings are available through One-Time-Password tools, which can also disable specific tokens, for example. At the end of the day, the quality of the automated process will dictate how effective provisioning and de-provisioning will be. Stay tuned for more on employee provisioning and VPNs next week. If you have any questions that you would like answered, as related to VPNs, remote access, network security and the like, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...

Q&A on Employee Provisioning with Joerg Hirschmann: Part 1

Today’s post kicks off a Q&A series with Joerg Hirschmann, CTO at NCP engineering GmbH. These questions and answers, which we will post over the next few weeks, are related to employee provisioning and VPNs. Question: While user provisioning can enable efficient employee on-boarding, poor provisioning can result in expensive and irrevocable data leaks. How can enterprises make sure their provisioning is a benefit, not a detriment, to their overall security postures?  Joerg Hirschmann: VPN user provisioning should be as automated as much as possible to rule out manual flaws, which are often caused by workload, unplanned absences, etc.  However, if not designed properly, even the best automated processes can allow security leaks to disrupt the corporate networks. Normally, the provisioning process does not originate from the IT department; rather, it is initiated by HR once the decision is made to sign on/off staff or to provide access for external partners (temporary or permanent). Processes will have to be defined accordingly so that these kinds of personnel decisions will find their way into relative data records, which are then processed by IT. Therefore, a remote access solution must provide relevant interfaces to get synchronized with the appropriate databases. The more time this information needs to be delivered to the relevant system, the bigger the security risks are going to be. It goes without saying that the processes defined need to be thoroughly tested and approved. Stay tuned for more on employee provisioning and VPNs this week. If you have any questions that you would like answered, send them to editor@vpnhaus.com.  Joerg Hirschmann is CTO at NCP...

What We're Reading, Week of 11/19

Dark Reading – Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities Midsize Insider  – IT Security Threats: The Predictive Problem  SearchCloudApplications – Mobile cloud trends: Apps let enterprises handle the risks of cloud computing TabTimes – Study: Forget corporate deployments, BYOD will drive business adoption of Windows 8...